Nishica 1.1
(Trojan.Win32.Agent.gy)
(Backdoor.Win32.Delf.aez for Server)

by DarkShadow

Written in Delphi, source included

Released in June 2005

Made in Poland

more versions


Server 


Server:
dropped file:
c:\WINDOWS\sysdat.dll.exe
size: 896,000 bytes 

port: 53184, 53186, 53187, 53188, 53194 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "sysdat.dll"
data: C:\WINDOWS\sysdat.dll.exe 




tested on Windows XP
June 27, 2005
MegaSecurity