Winker (g)
(Backdoor.Win32.Winker.g)

by ?

The given name "winker" is derived from "WinKernal"

Written in Visual C++, compressed with UPX

Made in China

more versions 


added to registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "systhread"
data: C:\WINDOWS\SYSTEM\winkernal.exe

HKEY_LOCAL_MACHINE\Software\WinKernal
MegaSecurity