MEHRDAD MPS 1.5
(Trojan.PSW.Sagic.15)

by MEHRDAD

Written in Delphi

Released in January 2004

Made in Iran

more versions 





Server:
dropped files:
c:\WINNT\regsvr.exe             size: 11.372 bytes 
c:\WINNT\system32\mshost32.exe  size: 11.372 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5M8A6G00-3I18-11C0-821H-444200140M0R} "StubPath"
data: C:\WINNT\system32\mshost32.exe
 
tested on Win2000
MegaSecurity