OICQsearch 1.6
(Backdoor.Win32.OICQSearch.16 for Client)
(Trojan-Dropper.Win32.Delf.bh for Server)

by ?

Written in Delphi

Made in China

more versions


client


server 


Server:
dropped files:
c:\WINDOWS\system32\scanregw.exe          Size: 173,568 bytes 
c:\WINDOWS\system32\drivers\notepad.exe   Size: 173,568 bytes 

port: 2001, 2005, 2008, 2009, 2010, 2011, 2012

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "scanregistry"
data: C:\WINDOWS\System32\scanregw.exe 



tested on Windows XP
May 15, 2005
MegaSecurity