Spirit 3:b2
(Trojan-Downloader.Win32.Iciko.d for Server)

by iciko

Written in Delphi

Released in July 2005

more versions 





Server:
dropped file:
c:\WINDOWS\system32\msvrhost32.exe
size: 1,588 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2A202488-F02D-11cf-64CD-1123AFEECF20} "StubPath"
data: C:\WINDOWS\System32\msvrhost32.exe




tested on Windows XP
July 14, 2005
MegaSecurity