Looking up your hostname
Server:Found your hostname
Server Statistics:
Server : [Crew]
Created :
UserModes :
ChanModes :
Protocols :
Protocols :
Protocols :
MOTD File is missing
UserMode: set mode +G, modes are now [+G]
* Pdcc is on
* IAL is on

possible chanels:
#!help! and #jakarta with pass test
DescriptionSuspicious Actions Detected
Copies self to other locations
Creates files in windows system directory
Disables windows firewall
Injects code into other processes

• Mutexes Created or OpenedPId Image Name Address Mutex Name
0x208 C:WINDOWSsecfil.exe 0x4024ef jkfldP
0x208 C:WINDOWSsecfil.exe 0x7c859add DBWinMutex
0x368 C:TESTsample.exe 0x4024ef jkfldP
0x368 C:TESTsample.exe 0x7c859add DBWinMutex
0x370 C:TESTsample.exe 0x401d90 SN8JSN868L
0x41c C:WINDOWSsecfil.exe 0x401d90 SN8JSN868L

Windows Api CallsPId Image Name Address Function ( Parameters ) | Return Value
0x370 C:TESTsample.exe 0x401eb3 CopyFileA(lpExistingFileName: “C:TESTsample.exe”, lpNewFileName: “C:WINDOWSsecfil.exe”, bFailIfExists: 0x0)|0x1

Threads CreatedPId Process Name TId Start Start Mem Win32 Start Win32 Start Mem
0x344 svchost.exe 0x170 0x7c810856 MEM_IMAGE 0x7c910760 MEM_IMAGE
0x370 sample.exe 0x374 0x7c810867 MEM_IMAGE 0x404387 MEM_PRIVATE

Processes CreatedPId Process Name Image Name
0x370 sample.exe C:TESTsample.exe

Resolved : [] To []
Resolved : [] To []

NICK [USA|XP]8106732
USER 3546 “” “lol” :3546
JOIN #dl#
NICK n[USA|XP]1527664
USER 6178 “” “lol” :6178

Categories: Uncategorized
Previous post

1 Comment

Anonymous - May 13, 2010 at 7:10 am


Comments are closed