Shadow Phyre 2.12.54
(Backdoor.Win32.ShadowPhyre.c)

by Cheitan, Mayhem and Phr33k

more versions 


Server:
dropped file:
C:\WINDOWS\SYSTEM\WinZip.exe 

size: 222 KB

port:  55555 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
MegaSecurity