0delphi1.no-ip.info

Remote Host Port Number
82.146.48.13 6668
85.214.132.85 80

* The data identified by the following URL was then requested from the remote web server:
o http://www.fahrschule-abrolath.de/Project2.exe

NICK [UNI][XP]-55691
USER NetBot “” no-ip.info :v1.2 by deLphi
JOIN #back2roots luvya
JOIN #UseNeXT
PONG :irc.priv8net.com

Registry Modifications

* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Microsoft Spooler = “”%AppData%lspool.exe””

so that lspool.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ Microsoft Spooler = “”%AppData%lspool.exe””

so that lspool.exe runs every time Windows starts

Memory Modifications

* There were new processes created in the system:

Process Name Process Filename Main Module Size
[filename of the sample #1] [file and pathname of the sample #1] 155 648 bytes
lspool.exe %AppData%lspool.exe 249 856 bytes

File System Modifications

* The following files were created in the system:

# Filename(s) File Size File Hash
1 %AppData%boot.dat 26 bytes MD5: 0x973249068EE26D80D0079A8F693CBC72
SHA-1: 0x2BF1C3C33228F868E77D841732DC58F1F8EFB9C7
2 %AppData%lspool.exe
%AppData%te.exe 203 264 bytes MD5: 0x2F8EFF283948B7CDADB80505AB5CC87E
SHA-1: 0x906B3F5F581BC79E35A78F006D7855C50469E174
3 [file and pathname of the sample #1] 205 312 bytes MD5: 0x0F73B068625C45F671B0EF175842D0EF
SHA-1: 0xF8BAF38559DB0BCCE33F2B4E56C5DBF7F4333FDA

Categories: Uncategorized

1 Comment

Anonymous - July 15, 2010 at 10:02 am

Comments are closed