DarkSky 2.4
(Backdoor.Win32.DarkSky.25)

by Darksky

Written in Visual C++

Released in July 2002

Made in China

more versions 


Server
Dropped Files:
c:\WINDOWS\SYSTEM\KNREL32.exe 
c:\WINDOWS\SYSTEM\notepade.exe 
c:\WINDOWS\SYSTEM\SysArchive.exe 

size: 20.480 bytes

port: 5418, 5419 TCP

startup:
HKCR\.txt\shell\open\command "(Default)" 
HKCR\exefile\shell\open\command "(Default)" 
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices "SysArchive"
MegaSecurity