Remote Host Port Number
64.32.13.143 6667
MODE {XPUSA550829} -ix
JOIN #imagesnice
PONG irc.priv8net.com
Registry Modifications
* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Windows Services = “service.exe”
so that service.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ Windows Update = “%Temp%service.exe”
so that service.exe runs every time Windows starts
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
service.exe %Temp%service.exe 331 776 bytes
File System Modifications
* The following file was created in the system:
# Filename(s) File Size File Hash Alias
1 %Temp%service.exe
[file and pathname of the sample #1] 104 567 bytes MD5: 0x1DA1319A582641CB2434557D8DED4D4F
SHA-1: 0x08C94CC741EFE0143DD981CFFAB9CAE7CE04EABB packed with PE_Patch [Kaspersky Lab]
Anonymous - June 5, 2010 at 7:05 am
你不能決定生命的長度,但你可以控制它的寬度..................................................