Magic PS 1.5 Dropper

Magic PS 1.5 Dropper
(Trojan-Dropper.Win32.Hirhir.20)

created by magic_h2001 (modified by ?)

Written in Delphi

Released in January 2004

Made in Iran




Client:
size: 62,355 bytes

dropped files:
c:\WINDOWS\svchost .exe            Size: 12,668 bytes    (Trojan-PSW.Win32.Sagic.15)
c:\WINDOWS\system32\mmtask1.exe    Size: 12,668 bytes    (Trojan-PSW.Win32.Sagic.15)
c:\WINDOWS\system32\MsAgent32.exe  Size: 12,668 bytes    (Trojan-PSW.Win32.Sagic.15)

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5M8A6G00-3I18-11C0-821H-444200140P0S} "StubPath"
data: C:\WINDOWS\System32\MsAgent32.exe 


tested on Windows XP
May 04, 2005

MegaSecurity