by ?
Written in Microsoft Visual C++, compressed with UPX
size: 117,249 bytes port: 16475, 21816, 21813 TCP added to registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies "DisableRegistryTools" data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit" old data: C:\WINDOWS\system32\userinit.exe, new data: C:\WINDOWS\System32\userinit.exe,c:\windows\dx32cxlp.exe, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies "DisableRegistryTools" data: 00, 00, 00, 00 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "dx32serv" data: dx32cxlp.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DX32CXEL\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dx32cxel HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DX32CXEL\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dx32cxel attempts to connect to an IRC Server tested on Windows XP February 27, 2006MegaSecurity