by TecnoHack
Written in Delphi 6.0, compressed with UPX
Released in June 2004
Made in Venezuela
Server: dropped files: c:\WINDOWS\system32\XANDER.EXE Size: 430,592 bytes c:\WINDOWS\system32\xbll.exe Size: 430,592 bytes c:\WINDOWS\system32\kor.exe Size: 430,592 bytes port: 2528, 2529, 2555, 2558 TCP startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\kor "StubPath" data: C:\WINDOWS\System32\kor.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\xbll "StubPath" data: C:\WINDOWS\System32\xbll.exe tested on Windows XP April 02, 2005MegaSecurity