Ducktoy 1.3
(Backdoor.Win32.Ducktoy.13)
(Backdoor.Win32.Antilam.g1 for Server)

by Ycm & Gumi

Based on source of  Latinus

Written in Delphi

Released in September 2002

Made in Spain

more versions 


Client:
port: 40071 TCP


Server:
dropped file:
C:\WINDOWS\system36.exe 
 
size: 678 KB

port: 29559, 59211, 62011 TCP

startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "MS HTML"
MegaSecurity