ShadowRat 1.0
(Not detected by KAV on January 25, 2008)
(HackTool.Win32.Hidd.b for ntlanman32.dll)

by Bernd

Released on March 2007

Made in Germany

more versions

 


Server:
dropped files:
c:\Documents and Settings\%user%\Application Data\Messenger\ntlanman32.dll
size: 43,008 bytes 

c:\Documents and Settings\%user%\Application Data\Messenger\winserver.exe
size: 224,119 bytes 



tested on Windows XP
March 13, 2007
MegaSecurity