MagicLink 2004 4.1
(Backdoor.Win32.CmjSpy.530)
(Backdoor.Win32.CmjSpy.ah for server)

by cmjsoft

Written in Delphi, compressed with UPX

Released in July 2004

Made in China

more versions




Server:
port: 1982 TCP

dropped files:
c:\WINNT\system32\hlicense.vxd     size: 52 bytes 
c:\WINNT\system32\m2syadll.dll     size: 63.180 bytes 
c:\WINNT\system32\magic.exe        size: 74.064 bytes 
c:\WINNT\system32\sssdda334342.vxd size: 0 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "MagicLinkServer"
data: magic.exe 

tested on win2000

MegaSecurity