DarkLabel 1.0 B4

DarkLabel 1.0 B4
(Backdoor.Win32.VB.aya)
(not-a-virus:PSWTool.Win32.MailPassView.130)
(not-a-virus:PSWTool.Win32.Messen.a)
(not-a-virus:PSWTool.Win32.PassView.b)

by dLinSide

Written in Visual Basic

Released in December 2007

more versions





Server:
Dropped File:
c:\WINDOWS\system32\DL.exe
Size: 99,531 bytes 

Startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B1199098-3672-764A-9178-782DC496511C} "StubPath"
Data: C:\WINDOWS\system32\DL.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "DL"
Data: C:\WINDOWS\system32\DL.exe 



Tested on Windows XP
December 12, 2007

MegaSecurity