Original Filename: mpsmv.exe

Written in Visual Basic, compressed with UPX

more in this category

Backdoor.Win32.VB.hb:
size: 42.496 bytes

port: 113, 16026 TCP

dropped files:
sh.bat   size: 1.334 bytes (Trojan.BAT.Passer.a)
sh2.bat  size: 558 bytes   (Trojan.BAT.Passer.a)
sh3.bat  size: 548 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Technical Device Control"

does (try to) connect to a specified IRC server

tested on Windows XP