Sun Shadow 1.7.2

Released 18 years, 11 months ago. December 2005

By yzkzero

Informations

Author	yzkzero
Family	Sun Shadow
Category	Remote Access
Version	Sun Shadow 1.7.2
Released Date	Dec 2005, 18 years, 11 months ago.

Additional Information

Server:
dropped files:
c:\WINDOWS\MoonShadowHook.dat             Size: 60 bytes 
c:\WINDOWS\system32\MoonShadow.dll        Size: 274,120 bytes 
c:\WINDOWS\system32\MoonShadow.exe        Size: 380,928 bytes 
c:\WINDOWS\system32\MoonShadowHook.dll    Size: 57,344 bytes 

added to registry:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "2046:TCP"
data: 2046:TCP:*:Enabled 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "2046:TCP"
data: 2046:TCP:*:Enabled 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
old data: Explorer.exe 
new data: Explorer.exe MoonShadow.exe 



tested on Windows XP
May 30, 2006