SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  IrcBot.A_75
IrcBot.A_75 is a Virus. Virus is a type of malware that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive

Mutexes created
  • sIRC4
  • WinRAR_Busy


Directory level activity
  • create - dir - C:\WINDOWS\system32\xdccPrograms
  • create - dir - C:\WINDOWS\system32\DC++ Share


File level activity
  • write - file - C:\marijuana.txt
  • write - file - C:\WINDOWS\system32\xdccPrograms\Wireless Network Setup Wizard.exe
  • write - file - C:\WINDOWS\system32\xdccPrograms\PIL-1.1.7.win32-py2.7.exe
  • write - file - C:\rar.bat
  • write - file - C:\WINDOWS\system32\xdccPrograms\execsc.exe
  • write - file - C:\WINDOWS\system32\xdccPrograms\pin.exe
  • write - file - C:\WINDOWS\system32\xdccPrograms\pindb.exe
  • write - file - C:\WINDOWS\system32\xdccPrograms\msinfo32.exe
  • write - file - C:\WINDOWS\system32\DC++ Share\sapisvr.exe
  • write - file - C:\WINDOWS\system32\DC++ Share\icwconn1.exe
  • write - file - C:\WINDOWS\system32\DC++ Share\icwrmind.exe
  • write - file - C:\WINDOWS\system32\DC++ Share\icwtutor.exe
  • write - file - C:\WINDOWS\system32\DC++ Share\inetwiz.exe
  • write - file - C:\WINDOWS\system32\DC++ Share\isignup.exe
  • write - file - C:\WINDOWS\system32\DC++ Share\moviemk.exe
  • write - file - C:\WINDOWS\system32\DC++ Share\crashreporter.exe
  • delete - file - C:\rar.bat
  • write - file - C:\WINDOWS\system32\xdccPrograms\msinfo32.rar
  • write - file - C:\WINDOWS\system32\DC++ Share\inetwiz.rar
  • write - file - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\__rar_0.116
  • delete - file - C:\WINDOWS\system32\DC++ Share\inetwiz.rar


Registry level activity
  • write - registry - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell FoldersAppData
  • write - registry - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0932c062-299c-11e2-afd8-806d6172696f}\BaseClass
  • write - registry - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0932c060-299c-11e2-afd8-806d6172696f}\BaseClass
  • write - registry - HKEY_CURRENT_USER\Software\WinRAR\Interface\ThemesShellExtBMP
  • write - registry - HKEY_CURRENT_USER\Software\WinRAR\Interface\ThemesShellExtIcon
  • write - registry - HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidthsname
  • write - registry - HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidthssize
  • write - registry - HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidthstype
  • write - registry - HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidthsmtime
  • write - registry - HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidthsmtime


Library level activity
  • load - library - C:\WINDOWS\system32\uxtheme.dll
  • load - library - uxtheme.dll
  • load - library - KERNEL32.DLL
  • load - library - ADVAPI32.dll
  • load - library - advapi32
  • load - library - mscoree.dll
  • load - library - kernel32
  • load - library - OLE32.DLL
  • load - library - ole32.dll
  • load - library - C:\WINDOWS\system32\rpcss.dll
  • load - library - C:\WINDOWS\system32\SHELL32.dll
  • load - library - SETUPAPI.dll
  • load - library - SHELL32.dll
  • load - library - C:\Program Files\WinRAR\rarlng.dll
  • load - library - riched32.dll
  • load - library - riched20.dll
  • load - library - C:\Program Files\WinRAR\WinRAR.exe
  • load - library - UxTheme.dll
  • load - library - mscoree.dll


Process API calls used
  • NtFreeVirtualMemory
  • CreateProcessInternalW
  • ZwMapViewOfSection


Registry API calls used
  • NtCreateKey
  • NtQueryValueKey
  • NtSetValueKey
  • RegOpenKeyExA
  • RegQueryValueExA
  • RegCloseKey
  • RegCloseKey


System API calls used
  • LdrLoadDll
  • IsDebuggerPresent
  • LdrLoadDll


Filesystem API calls used
  • CopyFileA
  • NtCreateFile
  • NtWriteFile
  • FindFirstFileExW
  • NtQueryDirectoryFile
  • CreateDirectoryW
  • NtQueryInformationFile
  • NtSetInformationFile
  • NtReadFile
  • NtCreateFile

Network

UDP source >> destination
  • 192.168.30.254 >> 192.168.30.6
  • 192.168.30.6 >> 192.168.30.255


TCP source >> destination
  • 192.168.30.6 >> 192.168.30.254



Domains:
  • NA

DNS Request:
  • NA

HTTP Request:
  • NA

DLL related data
Number of DLL's imported = 9
  • kernel32.dll
  • user32.dll
  • advapi32.dll
  • oleaut32.dll
  • kernel32.dll
  • advapi32.dll
  • kernel32.dll
  • user32.dll
  • wsock32.dll

Relevant Information


© SonicWall 2020 | Privacy Policy | Conditions for use Version: 10.0