Remote Host Port Number
stores.dellhp.net 1234
NICK [USA|XP]8106732
USER 3546 “” “lol” :3546
JOIN #dl#
NICK n[USA|XP]4637818
USER 8703 “” “lol” :8703
Other details
To mark the presence in the system, the following Mutex object was created:
SN8JSN868L
The following ports were open in the system:
Port Protocol Process
1034 TCP secfil.exe (%Windir%secfil.exe)
1035 TCP secfil.exe (%Windir%secfil.exe)
The following Host Name was requested from a host database:
stores.dellhp.net
Registry Modifications
The following Registry Value was modified:
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
Userinit =
Memory Modifications
There were new processes created in the system:
Process Name Process Filename Main Module Size
secfil.exe %Windir%secfil.exe 65.536 bytes
[filename of the sample #1] [file and pathname of the sample #1] 45.056 bytes
File System Modifications
The following files were created in the system:
# Filename(s) File Size File Hash Alias
1 c:a.txt 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709 (not available)
2 %Windir%secfil.exe
[file and pathname of the sample #1] 91.661 bytes MD5: 0x5D63CD5C1879E8DF427E234AC28E7860
SHA-1: 0x1BBE7D405C45A149205B9015BBC1CF96833C059B Mal/VBDrop-G [Sophos]
Trojan-Dropper [Ikarus]