irc.wilddk.com

By Pig, November 8, 2010

irc.wilddk.com:6667

PASS (SelamS234)
NICK raGe|ruHzKJcnEU
USER dcwirte “fo7.net” “rage” :dcwirte
NICK raGe|siNiTqFcCe
USER hmfdcgnfu “fo3.net” “rage” :hmfdcgnfu
NICK raGe|TpAcLwoTJl
USER itfhmhw “fo2.net” “rage” :itfhmhw

Registry Modifications

* The newly created Registry Value is:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Windows Update = “%ProgramFiles%Common FilesSystemexplorerz.exe”

so that explorerz.exe runs every time Windows starts

Memory Modifications

* There were new processes created in the system:

Process Name Process Filename Main Module Size
explorerz.exe %ProgramFiles%Common FilesSystemexplorerz.exe 147 456 bytes
[filename of the sample #1] [file and pathname of the sample #1] 147 456 bytes

File System Modifications

* The following file was created in the system:

# Filename(s) File Size File Hash Alias
1 %ProgramFiles%Common FilesSystemexplorerz.exe
[file and pathname of the sample #1] 143 360 bytes MD5: 0x3B23B5A77CA8E1B546A087D5139AEA4E
SHA-1: 0x8446040A848BA507709DBB1A97CDD82E9A10327D HeurEngine.MaliciousPacker [PCTools]
Packed.Generic.307 [Symantec]
Trojan.Win32.VBKrypt.ggm [Kaspersky Lab]
Generic.dx!twb [McAfee]
Troj/Spyeye-I [Sophos]
Trojan:Win32/Ircbrute [Microsoft]

Categories: Uncategorized