Remote Host Port Number
82.94.222.186 6667
NICK X847980769125781
USER zbvjjxjehjhqgvp 0 0 :X847980769125781
USERHOST X847980769125781
MODE X847980769125781 -x
JOIN ##help.## z00mz00m
MODE ##help.## +n+t
* The following ports were open in the system:
Port Protocol Process
113 TCP mediaplayer.exe (%System%mediaplayer.exe)
1051 TCP mediaplayer.exe (%System%mediaplayer.exe)
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
mediaplayer.exe %System%mediaplayer.exe 421 888 bytes
File System Modifications
* The following file was created in the system:
# Filename(s) File Size File Hash Alias
1 %System%mediaplayer.exe
[file and pathname of the sample #1] 223 744 bytes MD5: 0x4552F79D8C91CA0720EA326BF7B289E7
SHA-1: 0x025C068972A4E1FBF943B478DCAE3A4C1CD24076 Worm.RBot.Gen.10 [PCTools]
W32.Spybot.Worm [Symantec]
Backdoor.Win32.Rbot.gen [Kaspersky Lab]
W32/Sdbot.worm.gen.g [McAfee]
WORM_RBOT.GEN [Trend Micro]
W32/Rbot-Fam, W32/Rbot-Gen [Sophos]
Backdoor:Win32/Rbot [Microsoft]
Win32/IRCBot.worm.Gen [AhnLab]