by ?
Original name is unknown
Written in Delphi, compressed with UPX
dropped files: c:\WINDOWS\system32\explorer.exe Size: 205,312 bytes c:\WINDOWS\system32\KRYLG.DLL Size: 185 bytes c:\WINDOWS\system32\SCRPTS.DLL Size: 153 bytes port: 45098 TCP startup: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Explorer" data: C:\WINDOWS\System32\explorer.exe HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" data: C:\WINDOWS\System32\explorer.exe attempts to connect to an IRC Server tested on Windows XP November 25, 2005MegaSecurity