Remote Host Port Number
91.211.117.33 6667
NICK {XPUSA933915}
JOIN ##spam##
PONG irc.priv8net.com
USER COMPUTERNAME * 0 :COMPUTERNAME
MODE {XPUSA933915} -ix
Registry Modifications
* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Windows Services = “service.exe”
so that service.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ Windows Update = “%Temp%service.exe”
so that service.exe runs every time Windows starts
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
service.exe %Temp%service.exe 331 776 bytes
ile System Modifications
* The following file was created in the system:
# Filename(s) File Size File Hash
1 %Temp%service.exe
[file and pathname of the sample #1] 366 651 bytes MD5: 0x2213D4AAC30B1466927A5558D7F5D919
SHA-1: 0x49477C7ED7BDC6B5FEF96D90F4C1AF1C724D3E0D
Now talking in ##security-check##
Topic On: [ ##security-check##]
Topic By: [ Z ]