Blackhole 2004 Build 20041105

Blackhole 2004 Build 20041105
(Backdoor.Win32.Singu.n for Client)
(Backdoor.Win32.Singu.m for Server)
(Trojan-Spy.Win32.Spybox for NetBox.exe)

by lovejingtao

Written in Delphi, compressed with UPX

Released in November 2004

Made in China

more versions


Client:
port: 2004 TCP



Server:
dropped files:
c:\WINNT\server.exe            size: 198.312 bytes 
c:\WINNT\system32\FinDriv.dll  size: 25.600 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "server"
data: C:\WINNT\server.exe 

tested on win2000
December 16, 2004

MegaSecurity