67.159.63.120

Remote Host Port Number
67.159.63.120 6667

NICK {New}[USA-1244024-XP]
USER 3465765 “” “lol” :3465765
JOIN #vanadium

Registry Modifications

* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Sp Services = “%Temp%spsrvs.exe”

so that spsrvs.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ Sp Services = “%Temp%spsrvs.exe”

so that spsrvs.exe runs every time Windows starts

Memory Modifications

* There was a new process created in the system:

Process Name Process Filename Main Module Size
spsrvs.exe %Temp%spsrvs.exe 49 152 bytes

File System Modifications

* The following files were created in the system:

# Filename(s) File Size File Hash Alias
1 %Temp%spsrvs.exe
[file and pathname of the sample #1] 35 328 bytes MD5: 0x85FE99C54882DE6AC452015FDE8B7881
SHA-1: 0x61C19B55787692CB8FC2BF71A01FC22D410493DC Virus.Win32.BeeInject [Ikarus]
2 %System%import53an35ygsfsgftdoc.tmp 11 bytes MD5: 0x104EF340476E58E072D5788178ECB2B4
SHA-1: 0x3F487D02B9FFFB5F763A7B0C9860390CFF17416E (not available)

Categories: Uncategorized