MoonPie

Name:	MoonPie
Aliases:	Backdoor.MoonPie,
Ports:	25685, 25686, 25982, 27160 (ports can not be changed)
Files:	Moonpiebeta3.zip - Moonpie0.10b.zip - 313,661 bytes Moonpie10.zip - 482,228 bytes Moonpie1.1.zip - 504,391 bytes Moonpie1.2.zip - 510,346 bytes Moonpie1.3b2.zip - 1,257,828 bytes Moonpie1.3.zip - Moonpie1.35b1.zip - Moonpie1.35b2.zip - Moonpie1.35b3.zip - Moonpie1.35b3a.zip - Moonpie.exe - 187,904 bytes Moonpie.exe - 273,408 bytes Moonpie.exe - 283,136 bytes Moonpie.exe - 289,280 bytes Moonpie.exe - 955,392 bytes* Moonpie.exe - 1,055,232 bytes Server.exe - 142,336 bytes Server.exe - 224,408 bytes Server.exe - 237,208 bytes Server.exe - 238,232 bytes Server.exe - 263,167 bytes Winsys.exe - Editserver.exe - 416,768 bytes Msgserver.exe - 422,400 bytes Writetag.exe - 342,528 bytes * = uncompressed file
Created:	Oct 2000
Requires:
Actions:	Remote Access / Keylogger / Steals passwords
	Telnet can be used as client to port 25982 and record anythingtyped on the infetced computer. The hacker may be notified via mail whenan infected computer comes online.
Versions:	beta3, 0.10 beta 1, 1.0, 1.1, 1.2, 1.3 b, 1.3 b2, 1.3, 1.35beta 1, 1.35 beta 2, 1.35 beta 3, 2.0,
Registers:	HKEY_LOCAL_MACHINE\Software\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\
Notes:	Works on Windows 95, 98 and ME. Telnet can be used as client.
Country:	written in Germany
Program:

© Copyright von Braun Consultants. This information may include technical inaccuracies or typographical errors. If you have any questions or further information about the actual trojan above, please contact Joakim von Braun at <joakim.von.braun@risab.se>