Dalya

Dalya
(Backdoor.Win32.Dalya)

by ?

Encrypted with Yoda's Cryptor


dropped file:
c:\WINDOWS\winlogon.exe
size: 10,310 bytes 

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "winlogon"
data: C:\WINDOWS\winlogon.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "winlogon"
data: C:\WINDOWS\winlogon.exe 

tested on Windows XP
November 15, 2005

MegaSecurity