by ?
Written in Delphi, compressed with ASPack
Probably made in China
Backdoor.Win32.Delf.hk: size: 223.430 bytes port: 2004, 2005, 2007, 2008, 2009, 2010, 2011, 2012 TCP startup: HKEY_CLASSES_ROOT\txtfile\shell\open\command "(Default)" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "ScanRegistry" old data: C:\WINDOWS\scanregw.exe /autorun new data: C:\WINDOWS\SYSTEM\scanregw.exe dropped file: c:\WINDOWS\use32.dat registry added: HKEY_CURRENT_USER\Software\Microsoft\Keyboard\user HKEY_LOCAL_MACHINE\Software\��ѶQQMegaSecurity