Troya 1.32
(Backdoor.Win32.Masot.a)

by Mohammad

Written in Delphi, compressed with PECompact

Released in December 2005

Made in Iran

more versions


Troya is a WebRAT (Web Remote Access Tool)    
It uses Internet Explorer to connect to Remote PC.
For Example: http://217.218.10.16/		    
Coded by: Borland Delphi 6.0		    
Released in: Dec. 2005		
	
Mohammad


Server:
dropped files:
c:\WINDOWS\WinLoaderXP.exe            Size: 275,456 bytes 
c:\WINDOWS\system32\explorer64.exe    Size: 11,264 bytes 

port: 800 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "GenericHostXP"
data: C:\WINDOWS\WinLoaderXP.exe 
	
	

tested on Windows XP
March 04, 2006

MegaSecurity