Remote Host Port Number
94.194.248.17 4562 PASS zeroblinder
NICK [NWO]_91339
USER utwalu 0 0 :[NWO]_91339
USERHOST [NWO]_91339
MODE [NWO]_91339 -x+B
JOIN #skyv-network zeroblinder
PRIVMSG #skyv-network :[SCAN]: Failed to start scan, port is invalid.
Other details
* The following ports were open in the system:
Port Protocol Process
113 TCP nyjxif.exe (%System%nyjxif.exe)
1052 TCP nyjxif.exe (%System%nyjxif.exe)
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
nyjxif.exe %System%nyjxif.exe 520,192 bytes
File System Modifications
* The following file was created in the system:
# Filename(s) File Size File Hash Alias
1 %System%nyjxif.exe
[file and pathname of the sample #1] 327,259 bytes MD5: 0x9170F2BEDC8225BBDA77585EC89B2F7B
SHA-1: 0x2C78E301D8AA0D0985EF31987D31C0BE07B910DE Net-Worm.Spybot.C!rem [PCTools]
W32.Spybot.Worm [Symantec]
Backdoor.Win32.Rbot.aea [Kaspersky Lab]
W32/Sdbot.worm.gen.g [McAfee]
WORM_SPYBOT.GEN [Trend Micro]
W32/Rbot-Gen [Sophos]
Backdoor:Win32/Rbot.gen [Microsoft]
Backdoor.Rbot [Ikarus]
Win32/IRCBot.worm.Gen [AhnLab]
infos about hosting:
http://whois.domaintools.com/94.194.248.17