93.174.93.232

By Pig, August 2, 2010

Remote Host Port Number
93.174.93.232 6669

NICK {NOVA}[KURVA][USA][XP-SP2]324244
USER OgarD “” “lol” :6629
JOIN #labrazilXXX# OgarD
PONG :irc.picka-tvoje-mame.ba

Registry Modifications

* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Driver Control Manager v2.8 = “%Temp%brpet.exe”

so that brpet.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ Driver Control Manager v2.8 = “%Temp%brpet.exe”

so that brpet.exe runs every time Windows starts

Memory Modifications

* There was a new process created in the system:

Process Name Process Filename Main Module Size
brpet.exe %Temp%brpet.exe 57 344 bytes

File System Modifications

* The following files were created in the system:

# Filename(s) File Size File Hash Alias
1 %Temp%brpet.exe
[file and pathname of the sample #1] 192 512 bytes MD5: 0x8CE188E0866D8C662AC7BC8DEA869A02
SHA-1: 0x52AE45DE1394B2675A6AA746305C2668F1E9797A Win32.Palevo6.worm.Gen [AhnLab]
2 %Temp%explorer_cache22241.tmp 9 bytes MD5: 0x6C936CB4A4B7F5803BD2E3DEACC3C2FE
SHA-1: 0x561782F6CC10BA3E5AFEAED752F95E589C813891 (not available)

Categories: Uncategorized