by yzkzero
Released in July 2006
Server: dropped files: c:\WINDOWS\MoonShadowHook.dat Size: 60 bytes c:\WINDOWS\system32\MoonShadow.dll Size: 274,120 bytes c:\WINDOWS\system32\MoonShadow.exe Size: 380,928 bytes c:\WINDOWS\system32\MoonShadowHook.dll Size: 57,344 bytes added to registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" old data: Explorer.exe new data: Explorer.exe MoonShadow.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "2046:TCP" data: 2046:TCP:*:Enabled HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "2046:TCP" data: 2046:TCP:*:Enabled tested on Windows XP July 06, 2006MegaSecurity