Near Mohists 1.81

Near Mohists 1.81
(Backdoor.Win32.Jinmoze.181 for Client)
(Backdoor.Win32.VB.ex for Server)

by Near Mohists

Written in Visual Basic

Released in January 2003

Made in China


Server:
dropped file:
C:\WINDOWS\SYSTEM\SYSRATY.EXE 

size: 131.072 bytes

port: 7253 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Systemty" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "Systemty"

MegaSecurity