Dark Moon 2.0

Dark Moon 2.0
(Backdoor.Win32.DarkMoon.p)

by Shukisnike

Written in Delphi

Released in February 2005




Server:
dropped files:
c:\WINDOWS\system32\EXPL0RER.EXE
size: 61,952 bytes 

port: 800, 2600, 25555 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WINLOGON"
data: WINL0G0N.EXE 



tested on Windows XP
March 04, 2005

MegaSecurity