DarkShadow

DarkShadow
(Trojan-Dropper.Win32.Joiner.c)

by ?

Written in Pascal

Released in March 2000





Server:
dropped file:
c:\WINDOWS\SYSTEM\winfunctions.exe 

size: 123 

port: 911 TCP

startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices "winfunctions" 


Added:
c:\WINDOWS\SYSTEM\windll.dll

MegaSecurity