Original Filename: wartools.exe

Written in Visual Basic

dropped file:
c:\WINNT\system32\Explorer.exe 

size: 529.920 bytes
 
port: 1473, 1475 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Explorer"
data: C:\WINNT\system32\Explorer.exe