Remote Host Port Number 1234

NICK n[USA|XP]6675103
USER 3281 “” “lol” :3281
JOIN #cc#
NICK [USA|XP]6816119
USER 7658 “” “lol” :7658

To mark the presence in the system, the following Mutex object was created:
The following ports were open in the system:
Port Protocol Process
1034 TCP msnmgr.exe (%Windir%msnmgr.exe)
1036 TCP msnmgr.exe (%Windir%msnmgr.exe)

The following Host Name was requested from a host database:

Registry Modifications

The following Registry Value was modified:
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
Userinit =

Memory Modifications

There were new processes created in the system:
Process Name Process Filename Main Module Size
msnmgr.exe %Windir%msnmgr.exe 65.536 bytes
[filename of the sample #1] [file and pathname of the sample #1] 118.784 bytes

File System Modifications

The following files were created in the system:
# Filename(s) File Size File Hash Alias
1 c:a.txt 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709 (not available)
2 %Windir%msnmgr.exe
[file and pathname of the sample #1] 114.688 bytes MD5: 0x5F7A1AC5DB5A37CC65FCAF2B52C8C3B2
SHA-1: 0x22927307F66FB95D7B36DE8929C407EDB0A85350 Backdoor.Trojan [Symantec]
Backdoor.Win32.LolBot.s [Kaspersky Lab]
Mal/VBDrop-I, Mal/VBInject-D [Sophos]
Trojan:Win32/Ircbrute [Microsoft]

Categories: Uncategorized
Previous post
Next post