Backdoor.Win32.Delf.fg
(Backdoor.Win32.Delf.fg)

by ?

Original Filename: SUDTEEN3.exe

Written in Delphi

more in this category


dropped file:
c:\WINDOWS\system32\ command.com
size: 572,416 bytes 

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Rundll32"
data:  command.com 

attempts to connect to an IRC Server


tested on Windows XP
June 14, 2005

MegaSecurity