Remote Host Port Number
46.4.229.246 51987
USER rA rA rA rA
NICK [rA|USA|XP|22289]
JOIN #testtorrent nokey
PRIVMSG #testtorrent :
4New Torrent Infection
PING :IRC.Secret.GoV
Other details
* The following port was open in the system:
Port Protocol Process
1051 TCP taskhost.exe (%AppData%taskhost.exe)
Registry Modifications
* The newly created Registry Value is:
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ Internet = “1”
+ Windows Task Manager = “%AppData%taskhost.exe”
so that taskhost.exe runs every time Windows starts
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
taskhost.exe %AppData%taskhost.exe 81 920 bytes
File System Modifications
* The following file was created in the system:
# Filename(s) File Size File Hash Alias
1 %AppData%taskhost.exe
[file and pathname of the sample #1] 200 704 bytes MD5: 0x19FC08C5A02892154CFF418B06C9EBD1
SHA-1: 0x32AF9A7ADECCB91BFD60719349A7E046D1EB601F Trojan.Win32.Ircbrute [Ikarus]