Written in C, compressed with UPX

Backdoor.Unwind:

dropped file:
c:\WINDOWS\SYSTEM\RPCX1sq23.exe 
size: 18.976 bytes

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "windowsupdate" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "windowsupdate"