Shadow Phyre 2.12.42
(Backdoor.Win32.ShadowPhyre.a)

by Cheitan, Mayhem and Phr33k

more versions


Server:
dropped files:
C:\WINDOWS\SYSTEM\WinZipp.exe 
C:\WINDOWS\SYSTEM\inet.exe 

size: 200 KB

port: random

startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run 
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices 

MegaSecurity