d14-69-123-212.try.wideopenwest.com(botnet hosted with WIDEOPENWEST.COM Michigan)

By Pig, December 7, 2010

Remote Host Port Number
69.14.212.123 65267 PASS daloot

JOIN #NzM# screwu
USERHOST USA|00|XP|SP2|3342046
MODE USA|00|XP|SP2|3342046 -x+i
PRIVMSG #NzM# :
(patcher.p
fixed, version 1.
NICK USA|00|XP|SP2|3342046
USER pnlzszqe 0 0 :USA|00|XP|SP2|3342046
PONG :A2E3B7DC

Now talking in #NzM#
Topic On: [ #NzM# ] [ .root.start dcom135 200 0 0 109.x.x.x -a -b -r -s ]
Topic By: [ weeble ]
Modes On: [ #NzM# ] [ +smntu ]

Other details

* The following ports were open in the system:

Port Protocol Process
69 UDP nod64.exe (%System%nod64.exe)
1053 TCP nod64.exe (%System%nod64.exe)
1400 TCP nod64.exe (%System%nod64.exe)
3872 TCP nod64.exe (%System%nod64.exe)
3873 TCP nod64.exe (%System%nod64.exe)
3874 TCP nod64.exe (%System%nod64.exe)
3875 TCP nod64.exe (%System%nod64.exe)
3876 TCP nod64.exe (%System%nod64.exe)
3877 TCP nod64.exe (%System%nod64.exe)
3878 TCP nod64.exe (%System%nod64.exe)
3879 TCP nod64.exe (%System%nod64.exe)
3880 TCP nod64.exe (%System%nod64.exe)
3881 TCP nod64.exe (%System%nod64.exe)
3882 TCP nod64.exe (%System%nod64.exe)
3883 TCP nod64.exe (%System%nod64.exe)
3884 TCP nod64.exe (%System%nod64.exe)
3885 TCP nod64.exe (%System%nod64.exe)
3886 TCP nod64.exe (%System%nod64.exe)
3887 TCP nod64.exe (%System%nod64.exe)
3888 TCP nod64.exe (%System%nod64.exe)
3889 TCP nod64.exe (%System%nod64.exe)
3890 TCP nod64.exe (%System%nod64.exe)
3891 TCP nod64.exe (%System%nod64.exe)
3892 TCP nod64.exe (%System%nod64.exe)
3893 TCP nod64.exe (%System%nod64.exe)
3894 TCP nod64.exe (%System%nod64.exe)
3895 TCP nod64.exe (%System%nod64.exe)
3896 TCP nod64.exe (%System%nod64.exe)
3897 TCP nod64.exe (%System%nod64.exe)
3898 TCP nod64.exe (%System%nod64.exe)
3899 TCP nod64.exe (%System%nod64.exe)
3900 TCP nod64.exe (%System%nod64.exe)
3901 TCP nod64.exe (%System%nod64.exe)
3902 TCP nod64.exe (%System%nod64.exe)
3903 TCP nod64.exe (%System%nod64.exe)
3904 TCP nod64.exe (%System%nod64.exe)
3905 TCP nod64.exe (%System%nod64.exe)
3906 TCP nod64.exe (%System%nod64.exe)
3907 TCP nod64.exe (%System%nod64.exe)
3908 TCP nod64.exe (%System%nod64.exe)
3909 TCP nod64.exe (%System%nod64.exe)
3910 TCP nod64.exe (%System%nod64.exe)
3911 TCP nod64.exe (%System%nod64.exe)
3912 TCP nod64.exe (%System%nod64.exe)
3913 TCP nod64.exe (%System%nod64.exe)
3914 TCP nod64.exe (%System%nod64.exe)
3915 TCP nod64.exe (%System%nod64.exe)
3916 TCP nod64.exe (%System%nod64.exe)
3917 TCP nod64.exe (%System%nod64.exe)
3918 TCP nod64.exe (%System%nod64.exe)
3919 TCP nod64.exe (%System%nod64.exe)
3920 TCP nod64.exe (%System%nod64.exe)
3921 TCP nod64.exe (%System%nod64.exe)
3922 TCP nod64.exe (%System%nod64.exe)
3923 TCP nod64.exe (%System%nod64.exe)
3924 TCP nod64.exe (%System%nod64.exe)
3925 TCP nod64.exe (%System%nod64.exe)
3926 TCP nod64.exe (%System%nod64.exe)
3927 TCP nod64.exe (%System%nod64.exe)
3928 TCP nod64.exe (%System%nod64.exe)
3929 TCP nod64.exe (%System%nod64.exe)
3930 TCP nod64.exe (%System%nod64.exe)
3931 TCP nod64.exe (%System%nod64.exe)
3932 TCP nod64.exe (%System%nod64.exe)
3933 TCP nod64.exe (%System%nod64.exe)
3934 TCP nod64.exe (%System%nod64.exe)
3935 TCP nod64.exe (%System%nod64.exe)
3936 TCP nod64.exe (%System%nod64.exe)
3937 TCP nod64.exe (%System%nod64.exe)
3938 TCP nod64.exe (%System%nod64.exe)
3939 TCP nod64.exe (%System%nod64.exe)
3940 TCP nod64.exe (%System%nod64.exe)
3941 TCP nod64.exe (%System%nod64.exe)
3942 TCP nod64.exe (%System%nod64.exe)
3943 TCP nod64.exe (%System%nod64.exe)
3944 TCP nod64.exe (%System%nod64.exe)
3945 TCP nod64.exe (%System%nod64.exe)
3946 TCP nod64.exe (%System%nod64.exe)
3947 TCP nod64.exe (%System%nod64.exe)
3948 TCP nod64.exe (%System%nod64.exe)
3949 TCP nod64.exe (%System%nod64.exe)
3950 TCP nod64.exe (%System%nod64.exe)
3951 TCP nod64.exe (%System%nod64.exe)
3952 TCP nod64.exe (%System%nod64.exe)
3953 TCP nod64.exe (%System%nod64.exe)
3954 TCP nod64.exe (%System%nod64.exe)
3955 TCP nod64.exe (%System%nod64.exe)
3956 TCP nod64.exe (%System%nod64.exe)
3957 TCP nod64.exe (%System%nod64.exe)
3958 TCP nod64.exe (%System%nod64.exe)
3959 TCP nod64.exe (%System%nod64.exe)
3960 TCP nod64.exe (%System%nod64.exe)
3961 TCP nod64.exe (%System%nod64.exe)
3962 TCP nod64.exe (%System%nod64.exe)
3963 TCP nod64.exe (%System%nod64.exe)
3964 TCP nod64.exe (%System%nod64.exe)
3965 TCP nod64.exe (%System%nod64.exe)
3966 TCP nod64.exe (%System%nod64.exe)
3967 TCP nod64.exe (%System%nod64.exe)
3968 TCP nod64.exe (%System%nod64.exe)

Memory Modifications

* There was a new process created in the system:

Process Name Process Filename Main Module Size
nod64.exe %System%nod64.exe 1,159,168 bytes

File System Modifications

* The following file was created in the system:

# Filename(s) File Size File Hash Alias
1 %System%nod64.exe
[file and pathname of the sample #1] 339,968 bytes MD5: 0xDA0E9BF2BD8D2B9125400CA46B9A6DEC
SHA-1: 0x54958B446D676EC6A082E02D89855C3E4EC7B05D Trojan.IRCBot!rem [PCTools]
W32.IRCBot [Symantec]
Trojan.Win32.VB.aeuj [Kaspersky Lab]
W32/Sdbot.worm!je [McAfee]
Mal/Generic-L [Sophos]
VirTool:Win32/VBInject.gen!DP [Microsoft]
Virus.Win32.VBInject [Ikarus]
Win-Trojan/Xema.variant [AhnLab]

infos about hosting:
http://whois.domaintools.com/69.14.212.123

Categories: Uncategorized