Remote Host Port Number 1234

NICK n[USA|XP]7557631
USER 3542 “” “lol” :3542
JOIN #bb#
NICK [USA|XP]5386840
USER 3879 “” “lol” :3879

* To mark the presence in the system, the following Mutex object was created:
o SN5JSN868L

* The following ports were open in the system:

Port Protocol Process
1034 TCP msnmgr.exe (%Windir%msnmgr.exe)
1035 TCP msnmgr.exe (%Windir%msnmgr.exe)

Registry Modifications

* The following Registry Value was modified:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
+ Userinit =

Memory Modifications

* There were new processes created in the system:

Process Name Process Filename Main Module Size
msnmgr.exe %Windir%msnmgr.exe 65 536 bytes
[filename of the sample #1] [file and pathname of the sample #1] 106 496 bytes

File System Modifications

* The following files were created in the system:

# Filename(s) File Size File Hash
1 c:a.txt 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
2 %Windir%msnmgr.exe
[file and pathname of the sample #1] 102 400 bytes MD5: 0x791989B9853326864009B13C07667191
SHA-1: 0x43F5FA9DE789FE557D32424E85380E9C063DFD6A

Categories: Uncategorized
Previous post
Next post