Performer 1.0

Performer 1.0
(Trojan.Win32.Delf.ayq)
(Trojan.Win32.Delf.anh)

by ?

Released in November 2007

Made in Russia


Server
Dropped File:
c:\WINDOWS\system\SysService.exe
Size: 271,872 bytes 

Startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SystemService"
Data: C:\WINDOWS\system\SysService.exe 
	
Port: 9999 TCP



Tested on Windows XP
March 12, 2008

MegaSecurity