Sun Shadow 1.3 (Stable)

Sun Shadow 1.3 (Stable)
(Backdoor.Win32.Shadow.a for Server)

by yzkzero

Released in August 2005





Server:
dropped files:
c:\WINDOWS\system32\MoonShadow.dll    Size: 48,796 bytes 
c:\WINDOWS\system32\MoonShadow.exe    Size: 68,608 bytes 

added to registry:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "2046:TCP"
data: 2046:TCP:*:Enabled 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "2046:TCP"
data: 2046:TCP:*:Enabled 
	
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
old data: Explorer.exe 
new data: Explorer.exe MoonShadow.exe 		



tested on Windows XP
September 11, 2005

MegaSecurity