nexus.webchat.org

NICK [00|USA|587663]
USER XP-3162 * 0 :COMPUTERNAME
MODE [00|USA|587663] -ix
JOIN #test.b
MODE #test.b -ix

Other details

* To mark the presence in the system, the following Mutex object was created:
o aS3V6Nu

* The following port was open in the system:

Port Protocol Process
1036 TCP service.exe (%Windir%service.exe)

* The following Host Name was requested from a host database:
o nexus.webchat.org

Registry Modifications

* The newly created Registry Value is:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Windows Services = “service.exe”

so that service.exe runs every time Windows starts

Memory Modifications

* There were new processes created in the system:

Process Name Process Filename Main Module Size
service.exe %Windir%service.exe 344 064 bytes
[filename of the sample #1] [file and pathname of the sample #1] 344 064 bytes

Resolved : [nexus.webchat.org] To [216.152.78.165]
Resolved : [nexus.webchat.org] To [216.152.78.166]
Resolved : [nexus.webchat.org] To [216.152.78.164]
Resolved : [nexus.webchat.org] To [216.152.78.163]
Resolved : [nexus.webchat.org] To [216.152.78.167]

Categories: Uncategorized