XHX 1.60
(Backdoor.Win32.XHX.160)

by Mines the Sun

aka Black Star

Made in China

Released in January 2000

more versions 



Client:
port: 10000, 20000 TCP
      10000  UDP
	   
Server:
dropped files:
C:\WINDOWS\SYSTEM\Internet.exe 
C:\WINDOWS\SYSTEM\uaiia.exe 
C:\WINDOWS\Explore.exe 
C:\WINDOWS\RegEdit.exe  (only with 141 KB server)
original C:\WINDOWS\RegEdit.exe is replaced 
C:\WINDOWS\WINHLP32.EXE 
original C:\WINDOWS\WINHLP32.EXE is replaced

size: 121 KB
   or 141 KB 

port: 7648, 3215 TCP
            3215 UDP      

startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run  
HKCR\txtfile\shell\open\command  
c:\windows\win.ini "run"
MegaSecurity