By H.B.U
Written in Visual Basic, compressed with PECompact
Made China
Server: dropped files: C:\WINDOWS\SYSTEM\SRVSUPP.EXE C:\WINDOWS\SYSTEM\wupdmgr32.exe size 102.912 bytes port: 8535, 8536 TCP startup: HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Service Support" HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices "Microsoft Windows Update Service" HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices "Service Support" HKCR\batfile\shell\open\command "(Default)" HKCR\comfile\shell\open\command "(Default)" HKCR\exefile\shell\open\command "(Default)" HKCR\scrfile\shell\open\command "(Default)" added: registry: HKLM\System\CurrentControlSet\Services\MSUpdate\Enum files: c:\WINDOWS\vbevents.log c:\WINDOWS\SYSTEM\autocrat_log.log c:\WINDOWS\SYSTEM\wsock32l.dll c:\WINDOWS\SYSTEM\wsock32p.dll c:\WINDOWS\SYSTEM\wsock32s.dllMegaSecurity