IrPars-Ps 1.0

IrPars-Ps 1.0
(Trojan-Spy.Win32.VB.lj)

by IrPars

Written in Visual Basic

Released in November 2005

Made in Iran




Server:
Dropped File:
c:\WINDOWS\system32\vga64k.exe
size: 28,147 bytes 

Startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Resolution Graphic Card"
data: C:\WINDOWS\System32\vga64k.exe 




Tested on Windows XP
August 14, 2006

MegaSecurity