by Wspomagacz
Written in Delphi, compressed with UPX
Made in Poland
Server: dropped file: c:\WINDOWS\svchost.exe size: 355,975 bytes port: 60007, 60008 TCP added to registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" old data: C:\WINDOWS\system32\userinit.exe, new data: C:\WINDOWS\svchost.exe,C:\WINDOWS\system32\userinit.exe, tested on Windows XP October 31, 2005