Backdoor.Win32.Delf.yn
(Backdoor.Win32.Delf.yn)

by ?

Written in Delphi


more in this category


message box displayed by backdoor

dropped files:
c:\WINDOWS\0.0           Size: 25 bytes 
c:\WINDOWS\br.dll        Size: 10,656 bytes 
c:\WINDOWS\cftmon.exe    Size: 244,485 bytes 
c:\WINDOWS\mirc.dll      Size: 244,485 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ctfmon"
data: C:\WINDOWS\cftmon.exe 

attempts to connect to an IRC Server

tested on Windows XP
January 09, 2006

MegaSecurity