by SIC
Original name unknown
Written in Delphi, compressed with UPX
Probably made in Sweden
dropped file: c:\WINDOWS\system32\FF.EXE size: 17,408 bytes port: 1732 TCP startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" old data: Explorer.exe new data: Explorer.exe C:\WINDOWS\System32\FF.EXE attempts to connect to an IRC Server tested on Windows XP September 05, 2005MegaSecurity