hosted in United Kingdom Burnley Bolton Residential Dynamic)

Remote Host Port Number 4562 PASS zeroblinder

NICK [NWO]_91339
USER utwalu 0 0 :[NWO]_91339
MODE [NWO]_91339 -x+B
JOIN #skyv-network zeroblinder
PRIVMSG #skyv-network :[SCAN]: Failed to start scan, port is invalid.

Other details

* The following ports were open in the system:

Port Protocol Process
113 TCP nyjxif.exe (%System%nyjxif.exe)
1052 TCP nyjxif.exe (%System%nyjxif.exe)

Memory Modifications

* There was a new process created in the system:

Process Name Process Filename Main Module Size
nyjxif.exe %System%nyjxif.exe 520,192 bytes

File System Modifications

* The following file was created in the system:

# Filename(s) File Size File Hash Alias
1 %System%nyjxif.exe
[file and pathname of the sample #1] 327,259 bytes MD5: 0x9170F2BEDC8225BBDA77585EC89B2F7B
SHA-1: 0x2C78E301D8AA0D0985EF31987D31C0BE07B910DE Net-Worm.Spybot.C!rem [PCTools]
W32.Spybot.Worm [Symantec]
Backdoor.Win32.Rbot.aea [Kaspersky Lab]
W32/Sdbot.worm.gen.g [McAfee]
W32/Rbot-Gen [Sophos]
Backdoor:Win32/Rbot.gen [Microsoft]
Backdoor.Rbot [Ikarus]
Win32/IRCBot.worm.Gen [AhnLab]

infos about hosting:

Categories: Uncategorized