Remote Host Port Number
178.18.113.122 6667
Other details
* The following port was open in the system:
Port Protocol Process
1051 TCP [file and pathname of the sample #1]
Registry Modifications
* The following Registry Keys were created:
o HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{AAECD99A-AAA4-CD63-DDDF-5CF8BAD8D2F2
o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer
o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerrun
o HKEY_CURRENT_USERSoftwareMicrosoftActive SetupInstalled Components{AAECD99A-AAA4-CD63-DDDF-5CF8BAD8D2F2
* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{AAECD99A-AAA4-CD63-DDDF-5CF8BAD8D2F2]
+ StubPath = “%AppData%service.exe”
so that service.exe runs every time Windows starts
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerrun]
+ service = “%AppData%service.exe”
so that service.exe runs every time Windows starts
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ service = “%AppData%service.exe”
so that service.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftActive SetupInstalled Components{AAECD99A-AAA4-CD63-DDDF-5CF8BAD8D2F2]
+ StubPath = “%AppData%service.exe”
so that service.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ service = “%AppData%service.exe”
so that service.exe runs every time Windows starts
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
[filename of the sample #1] [file and pathname of the sample #1] 118 784 bytes
File System Modifications
* The following file was created in the system:
# Filename(s) File Size File Hash
1 %AppData%service.exe
[file and pathname of the sample #1] 174 080 bytes MD5: 0xB756E987F24F9099B6C49A57B146D18B
SHA-1: 0xAEAC4A465944475C77FD5A9BEAD63645C7151E78