Backdoor.Win32.Delf.aay
(Backdoor.Win32.Delf.aay)

by ?

Original name is unknown

Written in Delphi, compressed with UPX

more in this category


dropped files:
%local dir%\winpass.exe
size: 224,768 bytes 

%local dir%\winpass.sys
size: 425 bytes 

c:\WINDOWS\uninstallall.sys
size: 414 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Runner"
data: C:\Documents and Settings\Kobayashi\Desktop\winpass.exe 



tested on Windows XP
December 21, 2005	

MegaSecurity