G.R.O.B. 1.0
(Backdoor.Win32.Delf.ui)
(Backdoor.Win32.Delf.sk)
(Trojan-Dropper.Win32.Delf.al)

by BuG

Written in Delphi, compressed with ASPack

Released in January 2002

Made in Russia

more versions 


Server:
dropped file:
c:\WINDOWS\sysutil.exe 

size: 249.344 bytes

port: 22222, 33545, 57785 TCP

startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce "sysutilit" 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "sysutil"
MegaSecurity