by ?
Written in Delphi, compressed with UPX
Made in Russia
Server: dropped file: c:\WINDOWS\system\winsock.exe size: 214.528 bytes port: 34031, 34033 TCP added to registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "winreg" data: C:\WINDOWS\system\winsock.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "internat" data: c:\windows\system32\internat.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "winsock" data: C:\WINDOWS\system\winsock.exe tested on Windows XPMegaSecurity