by ?
The name is derived from text string "TMSSYS_TRXAPP", found in the code
Written in Delphi
Server: dropped files: c:\WINDOWS\SYSTEM\mssys32.exe Size: 119.040 bytes c:\WINDOWS\SYSTEM\outexp.386 port: 1200 UDP startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "mssys32" c:\windows\win.ini, [windows] "run" registry added: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\NetworkMegaSecurity