by BBOYMARIO
Written in Delphi, Server compressed with ASPack
Released in May 2005
Made in Poland
Client: port: 3554 TCPP Server: dropped files: c:\Documents and Settings\%user%\Local Settings\Temp\HkLib.dll size: 18,944 bytes c:\Documents and Settings\%user%\Local Settings\Temp\wygaszacz.exe size: 263,168 bytes startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Win32Mgr" data: C:\DOCUME~1\KOBAYA~1\LOCALS~1\Temp\wygaszacz.exe tested on Windows XP May 20, 2005MegaSecurity