It is encrypted with a packer based in delphi, this is why a few anti virus detect it is tr/delphi.gen. It includes multiple antis and jumps that will make it nearly imposable to decrypt unless you have code for the software used to encrypt it.
This specific executable is nonfunctional, if you use an app such as lordpe you will notice it has an very odd imagebase that renders it useless on most windows platforms (even if you arent in vm and you open it, it will not work!).
If you want to properly debug this type of worm you need to get a different sample that functions ie: will install/not crash on a non vm pc. As to the string, that is correct, and this is a special variant of slenfbot/(nytemare as the authors have coined it.)
This specific executable is nonfunctional, if you use an app such as lordpe you will notice it has an very odd imagebase that renders it useless on most windows platforms (even if you arent in vm and you open it, it will not work!).
If you want to properly debug this type of worm you need to get a different sample that functions ie: will install/not crash on a non vm pc. As to the string, that is correct, and this is a special variant of slenfbot/(nytemare as the authors have coined it.)