by System33r
Written in C, compressed with UPX
Released in september 2003
dropped file: c:\WINNT\system32\tftp32.exe size: 22.560 bytes port: 113 TCP added to registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Wininit Command" data: wininit.exe W HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "Windows Wininit Command" data: wininit.exe W HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" old data: Explorer.exe new data: explorer.exe wininit.exe KEY_CURRENT_USER\Software\VB and VBA Program Settings\BlastIT16\Settings Tries to connect to specified IRC server tested on win2000MegaSecurity