by ?
Written in Delphi, compressed with PECompact
dropped file:
c:\WINDOWS\java\apps\wsock32.exe
size: 35,840 bytes
port: 1063 TCP
added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "InetServices"
data: C:\WINDOWS\System32\wsock32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EC0745F-CAD3-628A-48E9-02B9AFEC8E74} "StubPath"
data: C:\WINDOWS\System32\wsock32.exe ����
HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings "EnableAutodial"
tested on Windows XP
May 28, 2005
MegaSecurity