Author: Pig

rage1.exe : INFECTED with W32/Backdoor (Signature: NO_VIRUS) [ DetectionInfo ] * Filename: C:analyzerscanrage1.exe. * Sandbox name: W32/Backdoor. * Signature name: NO_VIRUS. * Compressed: NO. * TLS hooks: NO. * Executable type: Application. * Executable file structure: OK. * Filetype: PE_I386. [ General information ] * File length: 88064 bytes. * MD5 hash: 5b4c17334849e14b7ae630f2384d941e. * SHA1Read more...

NICK AdR[USA-XP]892916 USER AdR[USA-XP]892916 * 0 :(null) MODE AdR[USA-XP]892916 +iR JOIN #|bryan|# NICK AdR[USA-XP]819671 USER AdR[USA-XP]819671 * 0 :(null) MODE AdR[USA-XP]819671 +iR NICK AdR[USA-XP]503906 USER AdR[USA-XP]503906 * 0 :(null) MODE AdR[USA-XP]503906 +iR NICK AdR[USA-XP]276625 USER AdR[USA-XP]276625 * 0 :(null) MODE AdR[USA-XP]276625 +iR Other details * To mark the presence in the system, the following MutexRead more...

virustotal analysis: http://www.virustotal.com/fr/analisis/8c8070b4b875beac9bb102186d65ecad8ab3b3b8acfba8f11a22cdb54b2f1743-1270297329 exe file: http://www.mediafire.com/?n02dignyw22 downloaded files: secondchancefilm.com/blogs/locales/bot.exe secondchancefilm.com/blogs/locales/fid.exe secondchancefilm.com/blogs/locales/ups.exe sunbeltsecurity scan: http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=12058252&cs=490E17ECA39C7DF8220185434967A0FF 195.78.108.201=wapdodoit.ru

irc.148club.com:6667 NICK {NEW}[USA][XP-SP2]046767 USER 2260 “” “lol” :2260 JOIN #niu NICK [USA][XP-SP2]610113 USER 9833 “” “lol” :9833 NICK [USA][XP-SP2]253886 USER 8004 “” “lol” :8004 * The following Host Name was requested from a host database: o irc.148club.com Other details * To mark the presence in the system, the following Mutex object was created: o fJHGgjJNhgKRead more...

MicrosoftUpdate.yi.org 217.52.31.124 * C&C Server: 217.52.31.124:6667 * Server Password: * Username: mfpaqe * Nickname: srbmrc * Channel: #cC-Team (Password: x0r) * Channeltopic: Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{08B0d5C0-4FCB-11CF-AcX5-01401C608592} “StubPath” = c:SystemS-9-2-31-1362473401-1511494837-8365036723-1493autorun.exe Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS” HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey” HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext” HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File” HKEY_CURRENT_USERSoftwareMicrosoftCTFRead more...

74.82.57.20 (53381) Now talking in #Niggers Topic On: [ #Niggers ] [ File Server Up After a small lag-to-death Caused By Krashed aka Richard from irc://Uber.Krashed.net:6667 ] Topic By: [ ChanServ ]

Remote Host Port Number serv01.colo.owned.hu 31092 serv01.colo.owned.hu 31091 serv01.colo.owned.hu 31090 NICK NEW-computername USER dvhwyjfe UNIX UNIX :username JOIN #test# syslock NICK computername USER zznidihe UNIX UNIX :username Now talking in #test# Topic On: [ #test# ] [encISBzaWxlbmNlOyEgZGx4IHRvcHZpZGVvLnNpLy5odGFjYy9tYWthaC5leGU= ] Modes On: [ #test# ] [ +smntMu ] * To mark the presence in the system, theRead more...

winupdservice.net 205.234.232.216 C&C Server: 205.234.232.216:81 Server Password: Username: s Nickname: n[DEU|XP]7063463 Channel: #start# (Password: ) Channeltopic: :, Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “C:Dokumente und EinstellungenAdministratorAnwendungsdatenwinsvcn.exe” = C:Dokumente und EinstellungenAdministratorAnwendungsdatenwinsvcn.exe:*:Enabled:WindowsUpdateManager HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “WindowsUpdateManager” = C:Dokumente und EinstellungenAdministratorAnwendungsdatenwinsvcn.exe Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS” HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey” HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext” HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSession ManagerAppCompatibilityRead more...

# Remote Address: 70.39.83.130 # Host Name: test.panjsheri.com * IRC Data o User Name: s o Host Name: “” o Server Name: o Real Name: s o Nick Name: n[USA|XP]1031764 o Non RFC Conform: 1 + Channel # Name: #start# # Transport Protocol: TCP # Remote Address: 70.39.83.130 # Remote Port: 81 # Protocol: IRCRead more...

Remote Host Port Number bul.panjsheri.com 1234 NICK n[USA|XP]0002913 USER 4625 “” “lol” :4625 JOIN #po# NICK [USA|XP]9349820 USER 4548 “” “lol” :4548 ther details * To mark the presence in the system, the following Mutex object was created: o SN6JSN868L * The following ports were open in the system: Port Protocol Process 1034 TCP aiambc.exeRead more...