Remote Host Port Number
74.3.255.162 81
NICK n[USA|XP]7375347
USER s “” “lol” :s
JOIN #newbin#
PONG 422
JOIN #USA (null)
* The following port was open in the system:
Port Protocol Process
1055 TCP lmsn.exe (%AppData%lmsn.exe)
Registry Modifications
* The newly created Registry Value is:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Windows System Guard = “%AppData%lmsn.exe”
so that lmsn.exe runs every time Windows starts
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
lmsn.exe %AppData%lmsn.exe 65 536 bytes
File System Modifications
* The following files were created in the system:
# Filename(s) File Size File Hash
1 %AppData%lmsn.exe
[file and pathname of the sample #1] 188 416 bytes MD5: 0xCE6F97E341DB7ABFC34B66D4CD928D8B
SHA-1: 0x3F89CB28721C33AC2A8C5747A0355A22D6D11C9D
2 %System%winsvncs.txt 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709