by HGZ
Written in Delphi, compressed with ASPack
Released in February 2003
Made in China
Client: port: 8001, 8002, 8003, 8004, 8005 TCP Server: dropped file: c:\WINNT\system32\HgzServer.exe size: 356.024 bytes port: 1506, 52013 TCP startup: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "huigezi" data: C:\WINNT\system32\HgzServer.exe HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" data: C:\WINNT\system32\HgzServer.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "huigezi" data: C:\WINNT\system32\HgzServer.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "huigezi" data: C:\WINNT\system32\HgzServer.exe tested on Windows 2000MegaSecurity