by ?
Original name unknown
Written in Delphi, compressed with UPX
Backdoor.Win32.Delf.as: dropped file: c:\WINDOWS\kernel32.exe size: 235,520 bytes startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" old data: Explorer.exe new data: explorer.exe C:\WINDOWS\kernel32.exe HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "load" old data: new data: C:\WINDOWS\kernel32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows" data: C:\WINDOWS\kernel32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "Windows" data: C:\WINDOWS\kernel32.exe port: 113 TCP attempts to connect to an IRC Server tested on Windows XP April 01, 2005MegaSecurity