by Wspomagacz
Written in Delphi, compressed with UPX
Released in July 2005
Made in Poland
Server: dropped files: c:\WINDOWS\svchost32.exe Size: 368,244 bytes c:\WINDOWS\svchost32.exe.wsu Size: 528 bytes port: 27608, 27609 TCP startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" old data: C:\WINDOWS\system32\userinit.exe, new data: C:\WINDOWS\svchost32.exe,C:\WINDOWS\system32\userinit.exe tested on Windows XP July 24, 2005