Remote Host Port Number
216.246.99.115 1234
NICK n[USA|XP]8338762
USER 9111 “” “lol” :9111
JOIN #dl#
PONG 422
* The following port was open in the system:
Port Protocol Process
1053 TCP secfil.exe (%Windir%secfil.exe)
Registry Modifications
* The following Registry Value was modified:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
+ Userinit =
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
secfil.exe %Windir%secfil.exe 65 536 bytes
File System Modifications
* The following files were created in the system:
# Filename(s) File Size File Hash Alias
1 c:a.txt 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709 (not available)
2 %Windir%secfil.exe
[file and pathname of the sample #1] 79 448 bytes MD5: 0xD50F6B9E579FDF557C92CB80E9588853
SHA-1: 0xC338EDC6629A32B76445E6A2B28CAFAC394A7235 packed with PE_Patch [Kaspersky Lab]
Anonymous - April 26, 2010 at 7:10 pm
初次造訪~安安^^ .........................................