Written in Delphi

Released in September 2000

Made in Poland

Client:
port: 32000, 1025 TCP


Server:
dropped file:
C:\WINDOWS\SYSTEM\JOJO.EXE
C:\WINDOWS\SYSTEM\MSRUN.EXE

port:
1026, 10887, 10889 TCP

startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices