by Destructive Labs.
Written in Delphi, compressed with ASPack
Made in Russia
Dropped files: c:\WINDOWS\syswin.exe size: 191.186 bytes c:\WINDOWS\winoldap.exe size: 224.982 bytes c:\WINDOWS\SYSTEM\gdi32.exe size: 301.249 bytes c:\WINDOWS\SYSTEM\rundll.exe startup: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "(Default)" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "(Default)" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "(Default)" c:\windows\win.ini, [windows] "run"MegaSecurity