Remote Host Port Number
82.146.51.22 1338
PONG :BEBD508C
NICK qvdzl
JOIN #foxes
USER oivWsEmBCEZmpoAn0d2mosEhevNqtbdYEaV7QsQFjlGN8ZB * * :Q5RyK
NICK GUqSpR66
PONG :7B532196
USER pyN4tVLUw705CTxc2BAJuV * * :d3WvenjZK9mrMR1P
Registry Modifications
* The newly created Registry Value is:
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ System = “C:Ppbn.exe”
so that pbn.exe runs every time Windows starts
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
pbn.exe C:Ppbn.exe 1,089,536 bytes
File System Modifications
* The following file was created in the system:
# Filename(s) File Size File Hash Alias
1 c:Ppbn.exe
[file and pathname of the sample #1] 336,864 bytes MD5: 0xDD551B963202A88DCE63DADB27618B1E
SHA-1: 0x9B202CDA94D5BB3780603130ACFA91CADA755083 packed with UPX [Kaspersky Lab]
* The following directories were created:
o c:Downloads
o c:P
infos about hosting:
http://whois.domaintools.com/82.146.51.22