JoinMe 1.3.1.37

JoinMe 1.3.1.37
(Backdoor.Win32.Delf.fw)

by Elias Konstadinidis

Written in Delphi, compressed with UPX


dropped files:
%local dir%\JoinMe.conf     size: 316 bytes 
%local dir%\Operators.conf  size: 0 bytes 

added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "directx.exe"
%local dir%\%trojan.EXE% 

HKEY_LOCAL_MACHINE\SOFTWARE\ColdVision "update"	
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ras\Tapi Devices	
	
tested on Windows XP
March 13, 2005

MegaSecurity