Backdoor.Win32.Delf.si
(Backdoor.Win32.Delf.si)

by ?


Written in Delphi, compressed with UPX


more in this category


dropped files:
c:\WINDOWS\dd.dll            Size: 47,310 bytes  (Trojan.Win32.Agent.cl)
c:\WINDOWS\dd.exe            Size: 51,421 bytes  (Trojan.Win32.Agent.cl)
c:\WINDOWS\msexploren.exe    Size: 17,408 bytes 

added to registry:
HKEY_CLASSES_ROOT\AppID\dll.DLL
HKEY_CLASSES_ROOT\CLSID\{5A5B6916-ED71-4531-8018-E792DD44156E}
HKEY_CLASSES_ROOT\dll.DllBho
HKEY_CLASSES_ROOT\Interface\{6A7807F7-1D10-42DD-ABA1-450AB9380E8E}
HKEY_CLASSES_ROOT\TypeLib\{4145C395-632A-4025-88EA-F1AA0479746E}
HKEY_LOCAL_MACHINE\SOFTWARE\Catal
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
HKEY_LOCAL_MACHINE\SOFTWARE\sr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RASMAN\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TAPISRV\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\�
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RASMAN\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TAPISRV\0000\Control

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WinAmpAgent"
data: C:\WINDOWS\msexploren.exe /i 


tested on Windows XP
August 15, 2005

MegaSecurity