ReaperYahoo Pass Sender

ReaperYahoo Pass Sender
(Trojan-Dropper.Win32.VB.mvg)
(Trojan-PSW.Win32.VB.ayk)

by K3ylogger

Released in May 2008


Server
Dropped File:
c:\WINDOWS\system32\cdm.exe 
Size: 63,403 bytes 

Added to Registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" 
Old data: Explorer.exe 
New data: explorer.exe C:\Documents and Settings\Kobayashi\Desktop\reaper www.dl4hack.com\reaper www.dl4hack.com\reaper www.dl4hack.com\server.exe 



Tested on Windows XP
March 22, 2009

MegaSecurity