Smart-Hack Uploader 1.1

Smart-Hack Uploader 1.1
(Trojan-Notifier.Win32.Delf.n)
(Backdoor.Win32.Stark.a)

by Neil & ZeroCool

Written in Delphi, compressed with ASPack

Released in September 2004


Server:
dropped file:
c:\WINNT\Kernel32.dlI

size: 214.080 bytes
 
port: 4648, 6543, 45645 TCP

added to registry:
HKEY_CLASSES_ROOT\.dli "(Default)"
data: dlifile 

HKEY_CLASSES_ROOT\dlifile\shell\open\command "(Default)"
data: %1 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Kernel32"
data: Kernel32.dlI 

tested on Win2000

MegaSecurity