Sun Shadow 1.3a

Released 19 years, 1 month ago. August 2005

By yzkzero

Informations

Author	yzkzero
Family	Sun Shadow
Category	Remote Access
Version	Sun Shadow 1.3a
Released Date	Aug 2005, 19 years, 1 month ago.

Additional Information

Server:
dropped files:
c:\WINDOWS\system32\MoonShadow.dll    Size: 48,796 bytes 
c:\WINDOWS\system32\MoonShadow.exe    Size: 68,608 bytes 

added to registry:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "2046:TCP"
data: 2046:TCP:*:Enabled 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "2046:TCP"
data: 2046:TCP:*:Enabled 
	
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
old data: Explorer.exe 
new data: Explorer.exe MoonShadow.exe 		



tested on Windows XP
September 11, 2005