Resolved : [ogard.shannen.cc] To [95.142.163.184]
Resolved : [ogard.shannen.cc] To [92.243.28.194]
* The following Host Names were requested from a host database:
o ogard.shannen.cc
o Ogard.helldark.biz
o ogard.ircdevils.net
PASS Virus
NICK VirUs-vxbscaka
USER VirUs “” “xdm” : .8,1..8Coded .4By .8VirUs..
Registry Modifications
* The following Registry Key was created:
o HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{67KLN5J0-4OPM-00WE-AAX5-74CC2A322142}
* The newly created Registry Value is:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{67KLN5J0-4OPM-00WE-AAX5-74CC2A322142}]
+ StubPath = “c:DriverFilesDrago.exe”
so that Drago.exe runs every time Windows starts
Memory Modifications
* There were new processes created in the system:
Process Name Process Filename Main Module Size
[filename of the sample #1] [file and pathname of the sample #1] 180 224 bytes
drago.exe c:driverfilesdrago.exe 180 224 bytes
File System Modifications
* The following files were created in the system:
# Filename(s) File Size File Hash Alias
1 c:DriverFilesDesktop.ini 62 bytes MD5: 0x7457A5DF1FF47C957ACF1FA000D7D9AD
SHA-1: 0x69D2BBA827FD4DE0169419A0FDA280252B348514 (not available)
2 c:DriverFilesDrago.exe
[file and pathname of the sample #1] 150 016 bytes MD5: 0xD704F3ADD1BAAEFBA189D9A0115E5910
SHA-1: 0x5604AE747B08BD8FFF64FBA0EABD3D164FFCBDFD Net-Worm.SillyFDC!rem [PCTools]
W32.SillyFDC [Symantec]
Worm.Win32.AutoRun.gap [Kaspersky Lab]
Generic.dx!uha [McAfee]
Worm:Win32/Hamweq.A [Microsoft]
Trojan.Win32.Buzus [Ikarus]
Win-Trojan/Buzus.106496.C [AhnLab]
just scan these ipe to find ircd port from that lamer
95.142.163.184
92.243.28.194