by ?
Written in Microsoft Visual C++, compressed with UPX
Origin: China
The backdoor is installed by the MyDoom worm dropped files: c:\WINDOWS\All Users\Start Menu\Programs\StartUp\dx32hhlp.exe size: 139.776 bytes c:\WINDOWS\SYSTEM\dx32hhlp.exe size: 139.776 bytes startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "devsec" data: C:\WINDOWS\SYSTEM\dx32hhlp.exe c:\WINDOWS\All Users\Start Menu\Programs\StartUp attempts to connect to an IRC server and join #botdhb4ever tested on Windows 98 November 24, 2004MegaSecurity