by ?
Written in Delphi
Released in October 2004
Made in China
Server: dropped files: c:\WINNT\system32\iplog.dll size: 660.480 bytes (Backdoor.Win32.Snowdoor.37) c:\WINNT\system32\ipsnow.exe size: 331.843 bytes (Backdoor.Snowdoor.35) c:\WINNT\system32\Tsnow.dll size: 660.480 bytes (Backdoor.Win32.Snowdoor.37) port: 5328 TCP added to registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ipsnow" data: C:\WINNT\system32\ipsnow.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WinOlaApp "Disable" tested on Windows 2000MegaSecurity