Backdoor.Win32.Delf.je

Backdoor.Win32.Delf.je
(Backdoor.Win32.Delf.je)

by ?

Original Filename unknown

Written in Delphi, compressed with UPX

Icon in taskbar


dropped file:
c:\WINDOWS\system32\Backdoor.Win32.Delf.je.EXE
size: 90,644 byte

added to registry:
HKEY_CLASSES_ROOT\.cxq
HKEY_CLASSES_ROOT\.mxq
HKEY_CLASSES_ROOT\cxqfile
HKEY_CLASSES_ROOT\cxqfile\shell
HKEY_CLASSES_ROOT\cxqfile\shell\open
HKEY_CLASSES_ROOT\cxqfile\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5CBF8C22-E9A6-11D7-90FE-000AE4012DB4}
HKEY_LOCAL_MACHINE\SOFTWARE\Startportal
HKEY_LOCAL_MACHINE\SOFTWARE\SwitchDialer

HKEY_CLASSES_ROOT\cxqfile\shell\open\command "(Default)"
data: "C:\WINDOWS\System32\Backdoor.Win32.Delf.je.EXE" "%1" 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Diskstart"
data: C:\WINDOWS\System32\Backdoor.Win32.Delf.je.EXE 

tested on Windows XP 
August 11, 2005

MegaSecurity