GwBoy 0.92 Alpha

GwBoy 0.92 Alpha
(Backdoor.Win32.GWBoy)

by GDUFS

Compressed with ASPack

Released in April 2003

Made in Taiwan


Client:
port: 90 TCP


Server:
c:\WINDOWS\SYSTEM\gwboy.exe 

size: 118.272 bytes

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run 

added:
c:\WINDOWS\SYSTEM\gwboydll.dll 

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{EC367DD0-91E6-11D2-6A06-000000000007} 
HKEY_CLASSES_ROOT\CLSID\{EC367DD0-91E6-11D2-6A06-000000000007}\InprocServer32 
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{EC367DD0-91E6-11D2-6A06-000000000007}

MegaSecurity