Remote Host Port Number 80 2882

* The data identified by the following URL was then requested from the remote web server:
o http://api.hostip.info/get_html.php

PING :igotyour.info
USER MartyBot 1 * :MartyBot
JOIN #pirates#
PONG #pirates#

Registry Modifications

* The newly created Registry Value is:
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ Windows Generic Host = “%AppData%Microsoftsvchost.exe”

so that svchost.exe runs every time Windows starts

Memory Modifications

* There was a new process created in the system:

Process Name Process Filename Main Module Size
[filename of the sample #1] [file and pathname of the sample #1] N/A

File System Modifications

* The following files were created in the system:

# Filename(s) File Size File Hash
1 c:autorun.exe
[file and pathname of the sample #1] 20 992 bytes MD5: 0xA93476A203A7905CCFA87F71EB7B8C4E
SHA-1: 0x0016DACA323BA3BB672CB45088C9DF8CDD3F0AF6
2 c:autorun.inf 29 bytes MD5: 0xF3C6F70DAD2C7A91120529E701283F53
SHA-1: 0xD597D1FDCF3FF458946F85D47E2F6FA02A4C6C6C

Categories: Uncategorized
Previous post
Next post