193.107.16.29

Remote Host Port Number
193.107.16.29 8888

NICK [Fresh|6673|USA|XP]
USER 6673 “” “lol” :6673
JOIN #Cybernet 200500

* The following ports were open in the system:

Port Protocol Process
1051 TCP [file and pathname of the sample #1]
1054 TCP [file and pathname of the sample #1]

Registry Modifications

* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ MS BitDefender = “%Temp%msdefender.exe”

so that msdefender.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ MS BitDefender = “%Temp%msdefender.exe”

so that msdefender.exe runs every time Windows starts

Memory Modifications

* There were new processes created in the system:

Process Name Process Filename Main Module Size
[filename of the sample #1] [file and pathname of the sample #1] 155 648 bytes
msdefender.exe %Temp%msdefender.exe 57 344 bytes

File System Modifications

* The following file was created in the system:

# Filename(s) File Size File Hash Alias
1 %Temp%msdefender.exe
[file and pathname of the sample #1] 253 952 bytes MD5: 0xAABA70A573AD0B3E1FAB332AF78335DD
SHA-1: 0xE2BD65C404E99446E41618CBD6E63363D559D374 Trojan.IRCBot [PCTools]
W32.IRCBot [Symantec]
Worm.Win32.VBNA.b [Kaspersky Lab]
Mal/Koobface-G [Sophos]
Trojan:Win32/Ircbrute [Microsoft]
Win32/Vbna.worm.253952.C [AhnLab]

Categories: Uncategorized
Previous post