Surila (h)
(Backdoor.Win32.Surila.h)

by ?

Written in Microsoft Visual C++, compressed with UPX

Origin: China

more versions 


dropped files:
c:\WINDOWS\scm32hs.exe                                           Size: 66.560 bytes 
c:\WINDOWS\All Users\Start Menu\Programs\StartUp\scm32hlp.exe    Size: 66.560 bytes 
c:\WINDOWS\SYSTEM\scm32hflt.dll                                  Size: 66.560 bytes 
c:\WINDOWS\SYSTEM\scm32hlp.exe                                   Size: 66.560 bytes 

port: 40643 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "devsec"
data: C:\WINDOWS\scm32hs.exe 



tested on Windows 98
November 23, 2005
MegaSecurity