Spook 5.4
(Backdoor.Win32.Spookdoor.51)
(Backdoor.Win32.Spookdoor.51 for Clear.exe)

by sforever

Written in Delphi

Released in June 2005

Made in China

more versions 




Server:
dropped files:
c:\WINNT\Help\BHY1978.CHI       Size: 252,560 bytes 
c:\WINNT\system32\winexe.exe    Size: 252,560 bytes 

added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\msvideo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SocketService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SocketService\Security




tested on Windows 2000
June 30, 2005
MegaSecurity