Written in Microsoft Visual C++, compressed with FSG

Dropped file:
c:\WINDOWS\system32\winload.exe
size: 21,152 bytes 
	
added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Subsys"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "Windows Subsys" 	



tested on Windows XP
August 22, 2005