Backdoor.Win32.Delf.ado
(Backdoor.Win32.Delf.ado)

by ?

Original name is unknown

Written in Delphi

more in this category


dropped file:
c:\WINDOWS\system32\systemram.exe
size: 193,696 bytes 

port: 12241 TCP

added to registry:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_R_SERVER
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\r_server
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\C
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_R_SERVER
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\r_server
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters



tested on Windows 2000
November 03, 2005	

MegaSecurity