Remote Host Port Number 8080

USER USA “” “lol” :USA
JOIN #!Rape

Other details

* The following port was open in the system:

Port Protocol Process
1052 TCP File.exe (%UserProfile%File.exe)

Registry Modifications

* The newly created Registry Value is:
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ Microsoft Drive Guard32 = “%UserProfile%File.exe”

so that File.exe runs every time Windows starts

File System Modifications

* The following files were created in the system:

# Filename(s) File Size File Hash
1 %UserProfile%File.exe
%Temp%CryptedFile.exe 17 408 bytes MD5: 0x3EC8E47A22DE3BAECF5BBD97BDA4746A
SHA-1: 0x88E11E2F7CDE42C1D71DA30A6745CF177BF62761
2 %System%NewAge.txt 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
3 [file and pathname of the sample #1] 746 008 bytes MD5: 0x93C80462173571D403E1B538C9036105
SHA-1: 0x0B3A62FBF6721ED49FCC971E2DE13FE9DA59DAB6

Message of the day:
26/11/2009 1:55
Ohi there. You stumbled across another c&c server. Congrats.
I hope you feel accomplished about your amazing discovery and whatnot. I mean shittt, you must be like the next marco polo right?
But anyways, ill let you go so you can try to steal thoseconnected to this server or whatever. Adios.

Categories: Uncategorized