Wind & Snow 3.8

Wind & Snow 3.8
(Backdoor.Win32.Snowdoor.e for Client)
(Backdoor.Win32.Snowdoor.35 for Server)
(VBS.Redlof.a for help.htm)

by ?

Written in Delphi

Released in April 2004

Made in China

more versions




Server:

port: 5328 TCP

dropped files:
c:\WINDOWS\SYSTEM\iplog.dll    size: 657.408 bytes 
c:\WINDOWS\SYSTEM\ipsnow.exe   size: 331.328 bytes 
c:\WINDOWS\SYSTEM\Tsnow.dll    size: 657.408 bytes

registry added:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WinOlaApp "Disable" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Network\LanMan\C$ "Flags" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Network\LanMan\C$ "Path" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Network\LanMan\C$ "Type" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "ipsnow"

MegaSecurity