dq.javagames7.com(malware hosted in United States Dallas Theplanet.com Internet Services Inc)

DNS Lookup
Host Name IP Address
dq.javagames7.com 174.121.62.122
Outgoing connection to remote server: dq.javagames7.com TCP port 8800
Outgoing connection to remote server: dq.javagames7.com TCP port 8800
Outgoing connection to remote server: dq.javagames7.com TCP port 8800

Registry Changes by all processes
Create or Open
Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon “Taskman” = C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1413syitm.exe
HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWinlogon “Shell” = explorer.exe,C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1413syitm.exe
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Tnaww” = C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1413syitm.exe
Reads “”
HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWinlogon “Shell”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”

File Changes by all processes
New Files C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1413syitm.exe
C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1413Desktop.ini
DeviceRasAcd
Opened Files
Deleted Files C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1413syitm.exe
Chronological Order Get File Attributes: Flags: (SECURITY_ANONYMOUS)
Set File Attributes: C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1413syitm.exe Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1413syitm.exe
Set File Attributes: C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1413 Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Copy File: c:dq.exe to C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1413syitm.exe
Create File: C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1413Desktop.ini
Set File Attributes: C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1413syitm.exe Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)

infos about hosting:
http://whois.domaintools.com/174.121.62.122

Categories: Uncategorized