Remote Host Port Number 8080

NICK [New|OutBreak|USA|XP|026717]
USER [New|OutBreak|USA|XP|026717] * 0 :(null)
MODE [New|OutBreak|USA|XP|026717] +iR
JOIN #out
PRIVMSG #out :[OutBreak]:

* The following port was open in the system:

Port Protocol Process
1056 TCP iexplore.exe (%Windir%iexplore.exe)

Registry Modifications

* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ iexplore.exe = “%Windir%iexplore.exe”

so that iexplore.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ iexplore.exe = “%Windir%iexplore.exe”
+ 0x017 = “0x017”

so that iexplore.exe runs every time Windows starts

Memory Modifications

* There was a new process created in the system:

Process Name Process Filename Main Module Size
iexplore.exe %Windir%iexplore.exe 311 296 bytes

* The following system services were modified:

Service Name Display Name New Status Service Filename
ALG Application Layer Gateway Service “Stopped” %System%alg.exe
SharedAccess Windows Firewall/Internet Connection Sharing (ICS) “Stopped” %System%svchost.exe -k netsvcs

File System Modifications

* The following file was created in the system:

# Filename(s) File Size File Hash Alias
1 %Windir%iexplore.exe
[file and pathname of the sample #1] 26 624 bytes MD5: 0xC5765D68D56CD1D5542F91979DA6B303
SHA-1: 0x70FE8887B9982D9E2CF74A831BB535C1B4F1D2C9 Net-Worm.Spybot [PCTools]
W32.Spybot.Worm [Symantec]
W32/Generic.b.worm [McAfee]

* Note:

Categories: Uncategorized
Previous post
Next post