Backdoor.Win32.Delf.gt

Backdoor.Win32.Delf.gt
(Backdoor.Win32.Delf.gt)

by ?

Original Filename unknown

Written in Delphi, compressed with UPX

Message Box by Backdoor.Win32.Delf.gt


dropped files:
c:\WINDOWS\system\saw.exe
size: 192,512 bytes 

added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\NevAdmin "Key"
data: JOJWfs>1 HfuVSM>iuuq;00ofwfsmboe:/bui/dy0 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "saw"
data: C:\WINDOWS\System\saw.exe -i 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_STISVC\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_STISVC\0000\Control	
	
	
	
tested on Windows XP
June 19, 2005

MegaSecurity