184.106.215.31

Remote Host Port Number
184.106.215.31 6667

NICK {XPUSA874460}
JOIN ##spam##
PRIVMSG ##spam## :.::[MSN]::. Enviando Mensaje.
PONG irc.priv8net.com
USER COMPUTERNAME * 0 :COMPUTERNAME
MODE {XPUSA874460} -ix

Registry Modifications

* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Windows Services = “service.exe”

so that service.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ Windows Update = “%Temp%service.exe”

so that service.exe runs every time Windows starts

Memory Modifications

* There was a new process created in the system:

Process Name Process Filename Main Module Size
service.exe %Temp%service.exe 331 776 bytes

File System Modifications

* The following file was created in the system:

# Filename(s) File Size File Hash
1 %Temp%service.exe
[file and pathname of the sample #1] 366 651 bytes MD5: 0x138E25E74FF710D8F3C8E8D4F7BBC4C2
SHA-1: 0xC85E9B975E8BF5585BB00BB000C7BED517E065F1

Categories: Uncategorized
Previous post
Next post