Remote Host Port Number
bb.milan-fans.com 1234
NICK n[USA|XP]6675103
USER 3281 “” “lol” :3281
JOIN #cc#
NICK [USA|XP]6816119
USER 7658 “” “lol” :7658
To mark the presence in the system, the following Mutex object was created:
SLKJSN848L
The following ports were open in the system:
Port Protocol Process
1034 TCP msnmgr.exe (%Windir%msnmgr.exe)
1036 TCP msnmgr.exe (%Windir%msnmgr.exe)
The following Host Name was requested from a host database:
bb.milan-fans.com
Registry Modifications
The following Registry Value was modified:
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
Userinit =
Memory Modifications
There were new processes created in the system:
Process Name Process Filename Main Module Size
msnmgr.exe %Windir%msnmgr.exe 65.536 bytes
[filename of the sample #1] [file and pathname of the sample #1] 118.784 bytes
File System Modifications
The following files were created in the system:
# Filename(s) File Size File Hash Alias
1 c:a.txt 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709 (not available)
2 %Windir%msnmgr.exe
[file and pathname of the sample #1] 114.688 bytes MD5: 0x5F7A1AC5DB5A37CC65FCAF2B52C8C3B2
SHA-1: 0x22927307F66FB95D7B36DE8929C407EDB0A85350 Backdoor.Trojan [Symantec]
Backdoor.Win32.LolBot.s [Kaspersky Lab]
Mal/VBDrop-I, Mal/VBInject-D [Sophos]
Trojan:Win32/Ircbrute [Microsoft]