by NinjaSpy
Written in Delphi
Released in October 2004
Made in Brazil
Server: dropped files: c:\WINDOWS\cmd.dll size: 823.296 bytes c:\WINDOWS\Regedit.ocx size: 823.296 bytes c:\WINDOWS\system32\Explorer.dll size: 823.296 bytes c:\WINDOWS\system32\Kernel32.ocx size: 823.296 bytes port: 1032, 1036 TCP added to registry: HKEY_CLASSES_ROOT\dllfile\shell\open\command HKEY_CLASSES_ROOT\ocxfile\shell\open\command HKEY_CLASSES_ROOT\sysfile\shell\open\command HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" data: C:\WINDOWS\Regedit.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Microsoft Windows" data: C:\WINDOWS\cmd.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" old data: Explorer.exe new data: explorer.exe C:\WINDOWS\System32\Explorer.dllMegaSecurity