by NinjaSpy
Written in Delphi
Released in October 2004
Made in Brazil
Server: dropped files: c:\WINDOWS\cmd.dll Size: 823,296 bytes c:\WINDOWS\foto.jpg Size: 11,968 bytes c:\WINDOWS\Regedit.ocx Size: 823,296 bytes c:\WINDOWS\system32\Explorer.dll Size: 823,296 bytes c:\WINDOWS\system32\Kernel32.ocx Size: 823,296 bytes port: 2003, 2004 TCP added to registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" old data: Explorer.exe new data: explorer.exe C:\WINDOWS\System32\Explorer.dll HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" data: C:\WINDOWS\Regedit.ocx HKEY_CLASSES_ROOT\dllfile\shell\open\command "(Default)" data: %1 HKEY_CLASSES_ROOT\ocxfile\shell\open\command "(Default)" data: %1 HKEY_CLASSES_ROOT\sysfile\shell\open\command "(Default)" data: %1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Microsoft Windows" data: C:\WINDOWS\cmd.dll tested on Windows XP February 15, 2005MegaSecurity