by Wspomagacz
Written in Delphi, compressed with UPX
Made in Poland
dropped files: c:\WINDOWS\svchost32.exe Size: 383,652 bytes c:\WINDOWS\svchost32.exe.wsu Size: 576 bytes port: 60007, 60008 TCP startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" old data: C:\WINDOWS\system32\userinit.exe, new data: C:\WINDOWS\svchost32.exe,C:\WINDOWS\system32\userinit.exe, tested on Windows XP March 10, 2006