Written in Delphi, compressed with UPX

Made in France

dropped files: c:\WINDOWS\Mdm.exe size: 363,481 bytes c:\WINDOWS\scpt.sys size: 0 bytes c:\WINDOWS\winfat32.exe size: 363,481 bytes c:\WINDOWS\system\ActiveDesktop.exe size: 363,481 bytes startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" old data: Explorer.exe new data: Explorer.exe winfat32.exe c:\windows\win.ini, [windows] "run" value: SYSTEM\ActiveDesktop.exe attempts to connect to an IRC Server tested on Windows XP January 22, 2005