NICK [00|USA|587663]
USER XP-3162 * 0 :COMPUTERNAME
MODE [00|USA|587663] -ix
JOIN #test.b
MODE #test.b -ix
Other details
* To mark the presence in the system, the following Mutex object was created:
o aS3V6Nu
* The following port was open in the system:
Port Protocol Process
1036 TCP service.exe (%Windir%service.exe)
* The following Host Name was requested from a host database:
o nexus.webchat.org
Registry Modifications
* The newly created Registry Value is:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Windows Services = “service.exe”
so that service.exe runs every time Windows starts
Memory Modifications
* There were new processes created in the system:
Process Name Process Filename Main Module Size
service.exe %Windir%service.exe 344 064 bytes
[filename of the sample #1] [file and pathname of the sample #1] 344 064 bytes
Resolved : [nexus.webchat.org] To [216.152.78.165]
Resolved : [nexus.webchat.org] To [216.152.78.166]
Resolved : [nexus.webchat.org] To [216.152.78.164]
Resolved : [nexus.webchat.org] To [216.152.78.163]
Resolved : [nexus.webchat.org] To [216.152.78.167]