Backdoor.Win32.Delf.aam
(Backdoor.Win32.Delf.aam)

by ?

Original name is unknown

Written in Delphi, compressed with UPX

more in this category


dropped files:
c:\WINDOWS\system32\explorer.exe    Size: 205,312 bytes 
c:\WINDOWS\system32\KRYLG.DLL       Size: 185 bytes 
c:\WINDOWS\system32\SCRPTS.DLL      Size: 153 bytes 

port: 45098 TCP

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Explorer"
data: C:\WINDOWS\System32\explorer.exe 
	
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "run"
data: C:\WINDOWS\System32\explorer.exe 	

attempts to connect to an IRC Server

tested on Windows XP
November 25, 2005	

MegaSecurity