SpySender 0.65b
(Backdoor.Win32.SysRoot)

by spysend

Written in Delphi

more versions 


Server:
dropped file:
C:\WINDOWS\rundll95.exe 

size: 498.176 bytes

port: 1807 TCP

startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MegaSecurity