188.72.205.89

By Pig, November 1, 2010

Remote Host Port Number
188.72.205.89 6567

NICK {XPUSA843752}
PONG irc.priv8net.com
USER COMPUTERNAME * 0 :COMPUTERNAME
MODE {XPUSA843752} -ix
JOIN #putocm
MODE #putocm -ix

Registry Modifications

* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Windows Services = “service.exe”

so that service.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ Windows Update = “%Temp%service.exe”

so that service.exe runs every time Windows starts

Memory Modifications

* There was a new process created in the system:

Process Name Process Filename Main Module Size
service.exe %Temp%service.exe 331 776 bytes

File System Modifications

* The following file was created in the system:

# Filename(s) File Size File Hash Alias
1 %Temp%service.exe
[file and pathname of the sample #1] 93 200 bytes MD5: 0x01710846EAAF924A5F752536191042D3
SHA-1: 0xAF4F253870FA2EFDC3E13C3A1FC2C798DEACB8A5 Net-Worm.SillyFDC!rem [PCTools]
W32.SillyFDC [Symantec]
Trojan.Win32.Jorik.SdBot.gt [Kaspersky Lab]
W32/Rimecud-AC [Sophos]

Categories: Uncategorized
Previous post
Next post