ogard2.priv8net.com

Remote Host Port Number
173.234.65.32 33333

NICK {NOVA}[KURVA][USA][XP-SP2]868411
USER OgarD “” “lol” :5057
JOIN ##Turb0-4## OgarD
JOIN ##darkpizza,##clean (null)
PRIVMSG ##darkpizza :Download failed!
PRIVMSG ##clean :Registry/Processes cleaned.

Now talking in ##Turb0-4##
Topic On: [ ##Turb0-4## ] [ !j ##darkpizza,##clean ]
Topic By: [ ZauzetSam ]

Registry Modifications

* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Driver Control Manager v3.4 = “%Temp%jedanaest.exe”

so that jedanaest.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ Driver Control Manager v3.4 = “%Temp%jedanaest.exe”

so that jedanaest.exe runs every time Windows starts

* The following Registry Values were deleted:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ VMware Tools = “%ProgramFiles%VMwareVMware ToolsVMwareTray.exe”
+ VMware User Process = “%ProgramFiles%VMwareVMware ToolsVMwareUser.exe”
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ MSMSGS = “”%ProgramFiles%Messengermsmsgs.exe” /background”

Memory Modifications

* There were new processes created in the system:

Process Name Process Filename Main Module Size
jedanaest.exe %Temp%jedanaest.exe 53 248 bytes
[filename of the sample #1] [file and pathname of the sample #1] 380 928 bytes

File System Modifications

* The following files were created in the system:

# Filename(s) File Size File Hash
1 %Temp%explorer_cache22247.tmp 9 bytes MD5: 0x6C936CB4A4B7F5803BD2E3DEACC3C2FE
SHA-1: 0x561782F6CC10BA3E5AFEAED752F95E589C813891
2 %Temp%jedanaest.exe
[file and pathname of the sample #1] 348 160 bytes MD5: 0x0BD5E98F1E06DEA117FFF1CDCB3D25EC
SHA-1: 0xD6991BC262273869B1D78923ADEB99B690F505F4

Categories: Uncategorized