Backdoor.Win32.Delf.ej
(Backdoor.Win32.Delf.ej)

by ?

Written in Delphi, compressed with PECompact

more in this category


dropped file:
c:\WINDOWS\java\apps\wsock32.exe
size: 35,840 bytes 

port: 1063 TCP

added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "InetServices"
data: C:\WINDOWS\System32\wsock32.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EC0745F-CAD3-628A-48E9-02B9AFEC8E74} "StubPath"
data: C:\WINDOWS\System32\wsock32.exe ���� 

HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings "EnableAutodial"



tested on Windows XP
May 28, 2005

MegaSecurity