NetDevil 1.1 (a)

Net-Devil 1.1 (a) server
(Backdoor.Win32.NetDevil.11.a)

by Nilez

Written in Delphi


Server:
dropped file:
c:\WINDOWS\SYSTEM\SHELLAPI32.EXE
size: 234.496 bytes
 
port: 6667 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "ShellApi32"
data: C:\WINDOWS\SYSTEM\SHELLAPI32.EXE 

tested on Windows 98
November 18, 2004

MegaSecurity