by ?
Written in Delphi, compressed with UPX
Probably made in Rumania
dropped file: c:\WINDOWS\njupdate.dll Size: 199 bytes c:\WINDOWS\rundII32.exe Size: 45,568 bytes c:\WINDOWS\system32\rundII32.exe Size: 45,568 bytes port: 5879 TCP added to registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LoadPowerProfile "(Default)" data: RundII32.exe powerprof.dll,LoadCurrentPwrScheme attempts to connect to an IRC Server tested on Windows XP July 11, 2005MegaSecurity