NinjaSpy Trojan 2009 BETA
(Trojan-Downloader.Win32.Banload.aach for Owned.dll)
(not-a-virus:PSWTool.Win32.Messen.aq for jaskel.dll)
(not-a-virus:RemoteAdmin.Win32.WinVNC.j for Unpacked3x3.DLL)
(Trojan.Win32.Swisyn.ayu for Server)
(Trojan.Win32.Swisyn.azo for regedit32.exe)

by KAJU

Written in Delphi

Released in December 2008

Made in Brazil

more versions 


Server:
Dropped Files:
c:\WINDOWS\smlogitech.vbs           Size: 179 bytes 
c:\WINDOWS\inf\services.exe         Size: 368,154 bytes 
c:\WINDOWS\system\cmd.exe           Size: 40,448 bytes 
c:\WINDOWS\system32\explorer.dll    Size: 368,154 bytes 
c:\WINDOWS\system32\ultravnc.ini    Size: 683 bytes 
c:\WINDOWS\system32\wins.dll        Size: 860 bytes 

Added to Registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Network Services"
Data: C:\WINDOWS\inf\services.exe 
	
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "NetWork"
Data: C:\WINDOWS\system\cmd.exe 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "DisableNotifications"
Data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "DoNotAllowExceptions"
Data: 00, 00, 00, 00 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "DisableNotifications"
Data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "DoNotAllowExceptions"
Data: 00, 00, 00, 00 



Tested on Windows XP
December 23, 2008
MegaSecurity