Starline Beta2.0
(Backdoor.Win32.Starline)

by PP

Released in April 2001

Made in China 


Server:
dropped files:
C:\WINDOWS\SYSTEM\Rundll64.exe
C:\WINDOWS\HELP\winhlp.exe
C:\WINDOWS\COMMAND\Sysoper.exe 
C:\WINDOWS\SYSTEM\rasints.dll   

port: 50000 TCP
      50000 UDP
	  
startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run 
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices 	 
c:\windows\win.ini "run"
MegaSecurity