Marmoolak 1.17

Marmoolak 1.17
(HackTool.Win32.VB.er)
(Not detected by KAV for Server on September 07, 2006)

by Red Move

Written in Visual Basic

Released in July 2006

Made in Iran


Server:
dropped file:
c:\WINDOWS\system32\Mcsng.exe
size: 17,726 bytes 

startup:
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)"
old data: "%1" %* 
new data: Mcsng.exe opext "%1" %* 



tested on Windows XP
July 28, 2006

MegaSecurity