by The Neptic
Written in Delphi, compressed with UPX
Released in May 2004
Made in Russia
Server: dropped files: c:\WINNT\lass.exe size: 247 296 bytes c:\WINNT\system32\msone.pif size: 247 296 bytes c:\WINNT\system32\svchost.pif size: 247 296 bytes port: 57 TCP startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" old data: Explorer.exe new data: Explorer.exe svchost.pif HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "run" data: C:\WINNT\system32\msone.pif HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Laas" data: C:\WINNT\lass.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "M$One" data: C:\WINNT\system32\msone.pif tested on Win2000 February 13, 2005MegaSecurity