Sun Shadow 1.7.2

Released 18 years, 9 months ago. December 2005

By yzkzero

Informations

Author	yzkzero
Family	Sun Shadow
Category	Remote Access
Version	Sun Shadow 1.7.2
Released Date	Dec 2005, 18 years, 9 months ago.

Additional Information

Server:
dropped files:
c:\WINDOWS\MoonShadowHook.dat             Size: 60 bytes 
c:\WINDOWS\system32\MoonShadow.dll        Size: 274,120 bytes 
c:\WINDOWS\system32\MoonShadow.exe        Size: 380,928 bytes 
c:\WINDOWS\system32\MoonShadowHook.dll    Size: 57,344 bytes 

added to registry:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "2046:TCP"
data: 2046:TCP:*:Enabled 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "2046:TCP"
data: 2046:TCP:*:Enabled 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
old data: Explorer.exe 
new data: Explorer.exe MoonShadow.exe 



tested on Windows XP
May 30, 2006