Remote Host Port Number
184.106.215.31 6667
NICK {XPUSA874460}
JOIN ##spam##
PRIVMSG ##spam## :.::[MSN]::. Enviando Mensaje.
PONG irc.priv8net.com
USER COMPUTERNAME * 0 :COMPUTERNAME
MODE {XPUSA874460} -ix
Registry Modifications
* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Windows Services = “service.exe”
so that service.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ Windows Update = “%Temp%service.exe”
so that service.exe runs every time Windows starts
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
service.exe %Temp%service.exe 331 776 bytes
File System Modifications
* The following file was created in the system:
# Filename(s) File Size File Hash
1 %Temp%service.exe
[file and pathname of the sample #1] 366 651 bytes MD5: 0x138E25E74FF710D8F3C8E8D4F7BBC4C2
SHA-1: 0xC85E9B975E8BF5585BB00BB000C7BED517E065F1