Marmoolak 1.171
(HackTool.Win32.VB.er for SETUP.EXE)
(Backdoor.Win32.VB.blf for Server)

by Red Move

Written in Visual Basic

Released in August 2006

Made in Iran

more versions


Server:
dropped file:
c:\WINDOWS\system32\Mcsng.exe
size: 17,220 bytes 

startup:
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)"
old data: "%1" %* 
new data: Mcsng.exe opext "%1" %* 



tested on Windows XP
September 07, 2006

MegaSecurity