Remote Host Port Number
eaglezinc.com 4723
join #EaGLeZ
NICK n{USA|XP}fopvzai
USER n{USA|XP}fopvzai 0 0 :n{USA|XP}fopvzai
* To mark the presence in the system, the following Mutex object was created:
o DirectSound Administrator shared thread array (lock)
* The following Host Name was requested from a host database:
o eaglezinc.com
Registry Modifications
* The following Registry Key was created:
o HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionApp
* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Electronic Arrangement Graphical Lemur Error System = “%System%eaglez.exe”
+ UserFaultCheck = “%System%dumprep 0 -u”
so that eaglez.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionApp]
+ new = “yes”
Memory Modifications
* There were new processes created in the system:
Process Name Process Filename Main Module Size
eaglez.exe %System%eaglez.exe 344 064 bytes
[filename of the sample #1] [file and pathname of the sample #1] 344 064 bytes
File System Modifications
* The following file was created in the system:
# Filename(s) File Size File Hash
1 %System%eaglez.exe
[file and pathname of the sample #1] 315 392 bytes MD5: 0x23872855C211750322DB09BB9008ED27
SHA-1: 0x36661AE5F7EF4255293EBF7A0D19B6BC24B75C18