Remote Host Port Number
62.193.242.95 8080
NICK [New|OutBreak|USA|XP|026717]
PONG 22 MOTD
USER [New|OutBreak|USA|XP|026717] * 0 :(null)
MODE [New|OutBreak|USA|XP|026717] +iR
JOIN #out
PRIVMSG #out :[OutBreak]:
08New
* The following port was open in the system:
Port Protocol Process
1056 TCP iexplore.exe (%Windir%iexplore.exe)
Registry Modifications
* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ iexplore.exe = “%Windir%iexplore.exe”
so that iexplore.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ iexplore.exe = “%Windir%iexplore.exe”
+ 0x017 = “0x017”
so that iexplore.exe runs every time Windows starts
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
iexplore.exe %Windir%iexplore.exe 311 296 bytes
* The following system services were modified:
Service Name Display Name New Status Service Filename
ALG Application Layer Gateway Service “Stopped” %System%alg.exe
SharedAccess Windows Firewall/Internet Connection Sharing (ICS) “Stopped” %System%svchost.exe -k netsvcs
File System Modifications
* The following file was created in the system:
# Filename(s) File Size File Hash Alias
1 %Windir%iexplore.exe
[file and pathname of the sample #1] 26 624 bytes MD5: 0xC5765D68D56CD1D5542F91979DA6B303
SHA-1: 0x70FE8887B9982D9E2CF74A831BB535C1B4F1D2C9 Net-Worm.Spybot [PCTools]
W32.Spybot.Worm [Symantec]
W32/Generic.b.worm [McAfee]
* Note: