Levelone (d)
(Backdoor.Win32.Levelone.d)

by ?

aka Level l IRCBOT

Written in C, compressed with UPX

Made in Italy

more versions 


Backdoor.Levelone.d:
dropped file:
c:\WINDOWS\system32\Vec.exe
size: 11.559 bytes 

port: 10000 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "SysVector"
data: C:\WINDOWS\System32\Vec.exe AvRun 


tested on Windows XP
December 20, 2004
MegaSecurity