MoonPie

Name:	MoonPie
Aliases:	Backdoor.MoonPie,
Ports:	16057, 25685, 25686, 25982, 27160
Files:	Moonpie.zip - Moonpiebeta3.zip - Moonpie0.10b.zip - 313,661 bytes Moonpie0.12b.zip - Moonpie10.zip - 482,228 bytes Moonpie1.1.zip - 504,391 bytes Moonpie1.2.zip - 510,346 bytes Moonpie1.3b.zip - Moonpie1.3b1.zip - Moonpie1.3b2.zip - 1,257,828 bytes Moonpie1.3.zip - Moonpie1.35b1.zip - Moonpie1.35b2.zip - Moonpie1.35b3.zip - Moonpie1.35b3a.zip - Moonpie2.2.zip - Moonpie2.4b.zip - Moonpie2.5b.zip - Moonpie4.0b.zip - Moonpie.exe - 187,904 bytes Moonpie.exe - 273,408 bytes Moonpie.exe - 283,136 bytes Moonpie.exe - 289,280 bytes Moonpie.exe - 955,392 bytes Moonpie.exe - 1,055,232 bytes Server.exe - 142,336 bytes Server.exe - 224,408 bytes Server.exe - 237,208 bytes Server.exe - 238,232 bytes Server.exe - 263,167 bytes Winsys.exe - Editserver.exe - 416,768 bytes Msgserver.exe - 422,400 bytes Writetag.exe - 342,528 bytes Systray.exe.jkl -
Created:	Oct 2000
Requires:
Actions:	Remote Access / Keylogger / Steals passwords
Registers:	HKEY_LOCAL_MACHINE\Software
	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\
	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\
	HKEY_CLASSES_ROOT\jklfile\shell\open\command
Notes:	Works on Windows 95, 98 and ME. Telnet can be used as client.
Country:	written in Germany
Program:	Written in Delphi.

© Copyright von Braun Consultants. This information may include technical inaccuracies or typographical errors. If you have any questions or further information about the actual trojan above, please contact Joakim von Braun at <joakim.von.braun@risab.se>