67.210.170.178(linkbot)

Remote Host Port Number
67.210.170.178 4676

USER cuqlkd cuqlkd cuqlkd :ussomchqqwibaimo
NICK d[SchPopm]b

* The following port was open in the system:

Port Protocol Process
1053 TCP algs.exe (%System%algs.exe)

Registry Modifications

* The newly created Registry Value is:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Application Layer Gateway Service = “%System%algs.exe”

so that algs.exe runs every time Windows starts

Memory Modifications

* There was a new process created in the system:

Process Name Process Filename Main Module Size
algs.exe %System%algs.exe 77 824 bytes

File System Modifications

* The following files were created in the system:

# Filename(s) File Size File Hash Alias
1 %System%algs.exe 253 952 bytes MD5: 0x7A401900EDF5592CED5C193ACEA63D10
SHA-1: 0xCFCFD6F987C55E5CC1FA277AF1FE3B4AC2339B08 Malware.Linkbot [PCTools]
W32.Linkbot [Symantec]
Backdoor.Win32.EggDrop.amy [Kaspersky Lab]
Mal/VBInject-D [Sophos]
Trojan:Win32/Provis!rts [Microsoft]
Win-Trojan/Eggdrop.253952.B [AhnLab]
2 %System%hulj.bat 114 bytes MD5: 0xDC24848BD18BE087606D875F2895FD7F
SHA-1: 0xDA39FCA04787595E2EF6D2935F775C55588D867B (not available)
3 %System%wyzjhty.bat 117 bytes MD5: 0x2477D6055813EC7D7DC6FF64A20994A8
SHA-1: 0x33DCBAEDC0C23168BB5E65EDB9E52662B51182FB (not available)