by ?
Written in Delphi, compressed with UPX
dropped files:
c:\WINDOWS\dd.dll Size: 47,310 bytes (Trojan.Win32.Agent.cl)
c:\WINDOWS\dd.exe Size: 51,421 bytes (Trojan.Win32.Agent.cl)
c:\WINDOWS\msexploren.exe Size: 17,408 bytes
added to registry:
HKEY_CLASSES_ROOT\AppID\dll.DLL
HKEY_CLASSES_ROOT\CLSID\{5A5B6916-ED71-4531-8018-E792DD44156E}
HKEY_CLASSES_ROOT\dll.DllBho
HKEY_CLASSES_ROOT\Interface\{6A7807F7-1D10-42DD-ABA1-450AB9380E8E}
HKEY_CLASSES_ROOT\TypeLib\{4145C395-632A-4025-88EA-F1AA0479746E}
HKEY_LOCAL_MACHINE\SOFTWARE\Catal
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
HKEY_LOCAL_MACHINE\SOFTWARE\sr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RASMAN\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TAPISRV\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\�
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RASMAN\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TAPISRV\0000\Control
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WinAmpAgent"
data: C:\WINDOWS\msexploren.exe /i
tested on Windows XP
August 15, 2005
MegaSecurity