Sun Shadow 1.6x

Sun Shadow 1.6x
(Backdoor.Win32.Shadow.d)
(Backdoor.Win32.Shadow.a)

by yzkzero

Released in December 2005





Server:
dropped files:

c:\WINDOWS\MoonShadowHook.dat             Size: 60 bytes 
c:\WINDOWS\system32\MoonShadow.dll        Size: 270,024 bytes 
c:\WINDOWS\system32\MoonShadow.exe        Size: 372,736 bytes 
c:\WINDOWS\system32\MoonShadowHook.dll    Size: 57,344 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
old data: Explorer.exe 
new data: Explorer.exe MoonShadow.exe 

tested on Windows XP
January 08, 2005

MegaSecurity