B Xone 1.9
(Backdoor.Win32.Delf.aty)
(Trojan-Downloader.Win32.Delf.bkf)
(Trojan-Dropper.Win32.Joiner.bd)

by opium

Written in Delphi

Released in May 2007

Made in Russia

more versions

 


Server:
dropped file:
c:\WINDOWS\system32\ConSrervA.dat          Size: 23,365 bytes 
c:\WINDOWS\system32\drivers\svchost.exe    Size: 207,685 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run "svchost"
data: C:\WINDOWS\System32\Drivers\svchost.exe 



tested on Windows XP
May 13, 2007
MegaSecurity