by ?
Written in Delphi, compressed with UPX
Made in China
dropped files: c:\WINDOWS\system32\iisinfo.exe size: 49.352 bytes c:\WINDOWS\system32\smtp.dll size: 37.376 bytes c:\WINDOWS\system32\wupdata.exe size: 49.352 bytes startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run "UpData" data: C:\WINDOWS\System32\wupdata.exe HKEY_CLASSES_ROOT\chm.file\shell\open\command "(Default)" old data: "C:\WINDOWS\hh.exe" %1 new data: C:\WINDOWS\System32\iisinfo.exe "%1"MegaSecurity