Backdoor.Win32.Delf.py
(Backdoor.Win32.Delf.py)

by ?

Original name unknown

Written in Delphi

more in this category


dropped files:
c:\WINDOWS\ÿ.exe                  size: 542.720 bytes 
c:\WINDOWS\system32\WINNT386.EXE  size: 542.720 bytes 

port: 1980 TCP 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ÿ"
data: ÿ 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "ÿ"
data: ÿ 

HKEY_CLASSES_ROOT\txtfile\shell\open\command "(Default)"
old data: %SystemRoot%\system32\NOTEPAD.EXE %1 
new data: C:\WINDOWS\System32\WINNT386.EXE "%1" 


tested on Windows XP
December 27, 2004

MegaSecurity