Sacapass
(Backdoor.Win32.VB.hc for Client)
(Trojan-PSW.Perder)

by MalHack

Written in Visual Basic

Released in September 2002

Made in Mexico

more versions 




Client:
added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MSMSGS"
data: "C:\Program Files\Messenger\msmsgs.exe" /background


 
msn sacapass.exe:
dropped file:
c:\WINDOWS\AD-PI.exe
size: 49.152 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "LoadPowerASPI"
data: c:\winnt\system32\ad-pi.exe

tested on Windows XP
November 10, 2004
MegaSecurity