Remote Host Port Number
88.208.209.166 81
NICK n|USA|XP|COMPUTERNAME|fusjplw
USER n “” “lol” :n
JOIN #new#
PONG 422
PONG :request.not.found
Registry Modifications
* The newly created Registry Value is:
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ MSNUpdateServices = “%AppData%S-3685-5437-5687minsfot.exe”
so that minsfot.exe runs every time Windows starts
File System Modifications
* The following files were created in the system:
# Filename(s) File Size File Hash
1 %AppData%S-3685-5437-5687minsfot.exe
[file and pathname of the sample #1] 184 320 bytes MD5: 0x6EBF4B2E2F5EE2F321929B6BC102F7A0
SHA-1: 0x9C0CD51757D64B23CA8701CC528DAD2E9C8E00F6
2 %AppData%wimknrncds.txt 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709