Backdoor.Win32.Delf.at
(Backdoor.Win32.Delf.at)

by ?

Original name unknown

Written in Delphi, compressed with UPX

more in this category


Backdoor.Win32.Delf.at:

dropped file:
c:\WINDOWS\system32\mswsock.exe
size: 217,088 bytes 

port: 10483 TCP

startup:
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)"
old data: "%1" %* 
new data: mswsock "%1" %* 

tested on Windows XP
April 18, 2005

MegaSecurity