by Heel
Written in Delphi, compressed with UPX
Released in February 2005
Made in Russia
Server: dropped file: c:\WINDOWS\svchost.exe size: 169,472 bytes port: 1764 TCP added to registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" data: 01, 00, 00, 00 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" data: 01, 00, 00, 00 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Svchost" data: C:\WINDOWS\svchost.exe tested on Windows XP April 17, 2006MegaSecurity