Remote Host Port Number
123.242.226.29 14032
NICK latest_|USA||XP-SP2|631276
USER 6476 “” “lol” :6476
JOIN #.x.# %3%#%!%#^#%@^
PONG :irc.ThunderNet.gr
Registry Modifications
* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Java updater2 = “%Temp%jusched2.exe”
so that jusched2.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ Java updater2 = “%Temp%jusched2.exe”
so that jusched2.exe runs every time Windows starts
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
jusched2.exe %Temp%jusched2.exe 57 344 bytes
File System Modifications
* The following files were created in the system:
# Filename(s) File Size File Hash
1 %Temp%google_cache121.tmp 9 bytes MD5: 0x6C936CB4A4B7F5803BD2E3DEACC3C2FE
SHA-1: 0x561782F6CC10BA3E5AFEAED752F95E589C813891
2 %Temp%jusched2.exe
[file and pathname of the sample #1] 747 067 bytes MD5: 0x415F485F04C91EC1B1840A826C5D9010
SHA-1: 0x9A6514DA0F305056BD242F30D11CC3D50110E56E
Anonymous - May 23, 2010 at 10:53 pm
今天是人生唯一生存的時間。......................................................