Spirit 4.0
(Backdoor.Win32.Small.md)
(Backdoor.Win32.Small.ly for Server)
(Backdoor.Win32.Agent.aov)

by iciko

Written in Delphi

Released in July 2006

more versions 





Server:
dropped file:
c:\WINDOWS\system32\msvrhost32.exe
size: 1,415 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5FAV68D8-F02D-11cf-64RD-5123AFXXCF20} "StubPath"
data: C:\WINDOWS\System32\msvrhost32.exe




tested on Windows XP
July 14, 2006
MegaSecurity