Shadow Phyre


Name: Shadow Phyre
Aliases: Backdoor.ShadowPhyre,
Ports: 666, 55555 or at random
Files: Sp_.zip - Sp2.zip - Shadowphyre2.12.42.zip - 400,836 bytes Shadowphyre2.12.54.zip - 478,437 bytes Shadow.exe - 784,896 bytes Shadow.exe - 812,544 bytes Shadow.exe - 815,616 bytes Shadowrem.exe - 35,840 bytes Trance.exe - 204,288 bytes Trance.exe - 226,816 bytes Trance.exe - 231,424 bytes Mswinsck.ocx - 106,768 bytes Winsck.ocx - 141,312 bytes Winzip.exe - 204,288 bytes Winzipp.exe - 204,288 bytes Inet.exe -
Created: April 1999
Requires: Mswinsck.ocx and Winsck.ocx - are required to run the trojan.
Actions: Remote Access / IRC trojan / Port scanner / Proxy
Registers: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\
Notes: Works on Windows. The SP Krew: Cheitan, Phr33k, and Mayhem.
Country:
Program: Written in Visual Basic 5.0.

© Copyright von Braun Consultants. This information may include technical inaccuracies or typographical errors. If you have any questions or further information about the actual trojan above, please contact Joakim von Braun at <joakim.von.braun@risab.se>