by Y2KZERO
Written in Delphi, compressed with UPX
Made in China
Server: dropped files: c:\WINNT\system32\Exp1orer.EXE size: 338.068 bytes c:\WINNT\system32\EXPL0RER.EXE size: 338.068 bytes port: 7636, 7718 TCP added to registry: HKEY_CLASSES_ROOT\txtfile\shell\open\command "(Default)" old data: %SystemRoot%\system32\NOTEPAD.EXE %1 new data: C:\WINNT\system32\Exp1orer.EXE %1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "(Default)" data: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "EXPL0RER" data: C:\WINNT\system32\EXPL0RER.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "(Default)" data: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "EXPL0RER" data: C:\WINNT\system32\EXPL0RER.EXE HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings "EnableAutodial" HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings "EnableAutodisconnect" tested on Windows XP November 24, 2004MegaSecurity