174.139.92.250(Link Bot)

Remote Host Port Number
174.139.92.250 4466,6764

USER waahud waahud waahud :cuipesjdhissjgkx
NICK d[jLyAxEK]b
MODE d[jLyAxEK]b +xi
JOIN #balengor
USERHOST d[jLyAxEK]b
MODE #balengor +smntu
PONG :binidic.net

Now talking in #balengor
Topic On: [ #balengor ] [ * exe 91.203.146.65 9933 ][ * ipscan s.s.s netapi -s ]
Topic By: [ aessg ]

Other details

* The following port was open in the system:

Port Protocol Process
1053 TCP iexplore.exe (%System%iexplore.exe)

* The following port was open in the system:

Port Protocol Process
1053 TCP algs.exe (%System%algs.exe)

Registry Modifications

* The newly created Registry Value is:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Microsoft Internet Explorer = “%System%iexplore.exe”

so that iexplore.exe runs every time Windows starts

Registry Modifications

* The newly created Registry Value is:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Application Layer Gateway Service = “%System%algs.exe”

so that algs.exe runs every time Windows starts

Memory Modifications

* There was a new process created in the system:

Process Name Process Filename Main Module Size
iexplore.exe %System%iexplore.exe 77 824 bytes

File System Modifications

* The following files were created in the system:

# Filename(s) File Size File Hash Alias
1 %System%iexplore.exe 121 344 bytes MD5: 0xB1327351473E81268BEBF06495CA2AEA
SHA-1: 0x6DD96008DA8AB5D794CDAC02AD40FAB042038F98 Malware.Linkbot [PCTools]
W32.Linkbot [Symantec]
Backdoor.Win32.EggDrop.alr [Kaspersky Lab]
Generic BackDoor!cff [McAfee]
Mal/Resdro-A [Sophos]
Backdoor.Win32.EggDrop [Ikarus]
Win-Trojan/Agent.121344.CF [AhnLab]
2 %System%qgcpkuds.bat 130 bytes MD5: 0x87B43794958CEE6F1B6B7F7E163E7F1D
SHA-1: 0x358FA770FC1DFD2F4D508C1DAEC422374FAC9972 (not available)

Categories: Uncategorized