Backdoor.Win32.Delf.rg
(Backdoor.Win32.Delf.rg)

by ?

Original name unknown

Written in Delphi

Released in September 2004

Made in China

more in this category


client:
port: 800 TCP



server:
dropped file:
c:\WINNT\system32\Isass.exe

size: 237.058 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Isass"
data: C:\WINNT\system32\Isass.exe 

tested on Win2000

MegaSecurity