Skull 1.0 Beta
(Backdoor.Win32.DarkMoon.c)
(Backdoor.Win32.DarkMoon.d for Server)

by SkullBoy & Dark Moon

Written in Delphi, compressed with UPX

Released in August 2004

more versions 


Server:
dropped file:
c:\WINNT\system32\EXPL0RER.EXE

size: 27.648 bytes 

port: 25555, 2600, 1033, 800 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "EXPLORER"
data: EXPL0RER.EXE 

tested on win2000
MegaSecurity