Winker (d)
(Backdoor.Win32.Winker.d)

by ?

The name "winker" is derived from "WinKernal"


Written in Visual C++, compressed with UPX

Made in China

more versions 


dropped files:

added to regitry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "systhread"
data: C:\WINDOWS\System32\winkernal.exe 

text string in binary: "http://www.ewebform.com/winkernal/"


tested on Windows XP
April 18, 2005
MegaSecurity