Remote Host Port Number
206.123.89.191 6567 PASS s1m0n3t4
MODE [SI|USA|00|P|61978] -ix
JOIN #iausto# c1rc0dus0leil
PONG Coupe2.Network
NICK [SI|USA|00|P|61978]
USER XP-6042 * 0 :COMPUTERNAME
* The following port was open in the system:
Port Protocol Process
1053 TCP tanga.exe (%Windir%tanga.exe)
Registry Modifications
* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Service ares = “tanga.exe”
so that tanga.exe runs every time Windows starts
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun]
+ Service ares = “tanga.exe”
so that tanga.exe runs every time Windows starts
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
tanga.exe %Windir%tanga.exe 335,872 bytes
File System Modifications
* The following file was created in the system:
# Filename(s) File Size File Hash
1 [file and pathname of the sample #1]
%Windir%tanga.exe 106,496 bytes MD5: 0x8477BDC25C1D7CB74B423791CEFD8FE5
SHA-1: 0xA95A1F8DFC77D4C64136D0B57FD216B9209524C8
infos about hosting:
http://whois.domaintools.com/206.123.89.191