Remote Host Port Number
46.4.245.19 6667
NICK n[XP-USA]724493
USER 8653 “” “TsGh” :8653
JOIN #PhobiiA r00t8585
PONG :BoTNeT.GoV
NICK n{USA|XP}045555
USER 9218 “” “TsGh” :9218
JOIN #blazinshotguns badass
PONG :BoTNeT.GoV
* The following port was open in the system:
Port Protocol Process
1055 TCP taskeng.exe (%AppData%taskeng.exe)
Registry Modifications
* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Windows Update System = “%AppData%taskeng.exe”
so that taskeng.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ Windows Update System = “%AppData%taskeng.exe”
so that taskeng.exe runs every time Windows starts
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
taskeng.exe %AppData%taskeng.exe 57 344 bytes
File System Modifications
* The following files were created in the system:
# Filename(s) File Size File Hash Alias
1 %AppData%taskeng.exe
[file and pathname of the sample #1] 49 152 bytes MD5: 0xAAB93CA0FB5E4DF094019C16ED44F23D
SHA-1: 0xDAA10E1D3CC697C2A54B4C5F56BFC50953654D5B Trojan-Downloader.Win32.Genome.bigv [Kaspersky Lab]
2 %Temp%google_cache2.tmp 9 bytes MD5: 0x6C936CB4A4B7F5803BD2E3DEACC3C2FE
SHA-1: 0x561782F6CC10BA3E5AFEAED752F95E589C813891 (not available)