Daodan 1.1
(Backdoor.Win32.Delf.bi)
(Backdoor.Win32.Daodan.123 for iplook.exe)

by ?

Written in Visual C++, compressed with ASPack

Released in May 2000

Made in China

more versions 


Client:
port: 2222, 4444, 6666 TCP



Server:
c:\WINDOWS\Winrundll.exe 

size: 125.440 bytes 

port: 1111, 3333, 5555 TCP
 
startup:
c:\windows\win.ini, [windows] "load" 

added:
c:\WINDOWS\hack.ini 
c:\WINDOWS\Rundll16.exe
MegaSecurity