KGB KeySpy 2.0 private Xmas Edition

KGB KeySpy 2.0 private Xmas Edition
(Trojan-Spy.Win32.KGSpy.d)

by 500mhz

Released in December 2004

Made in Russia


Server:
dropped files:
c:\Documents and Settings\%user%\Local Settings\Temp\black32.dll
size: 6,656 bytes 

c:\Documents and Settings\%user%\Local Settings\Temp\setup_.exe
size: 9,728 bytes 

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "load"
old data: 
new data: C:\DOCUME~1\%user%\LOCALS~1\Temp\setup_.exe 



tested on Windows XP
May 08, 2005

MegaSecurity