Trojan.Win32.Jorik.IRCbot.ijq (Kaspersky), Trojan.Generic.7418640 (B) (Emsisoft), Trojan.Generic.7418640 (AdAware), GenericAutorunWorm.YR, GenericInjector.YR, GenericIRCBot.YR (Lavasoft MAS)Behaviour: Trojan, Worm, WormAutorun, IRCBot
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 1b7327ede5738d7ccb3bb119c042e52c
SHA1: 4e100c964a85c886211c45ef6cc27a62386f3599
SHA256: 8e19ad951ffaf0cdffee3bb9510fba2803a52f9693240969b5d136a6a55cab13
SSDeep: 768:wmGGQbq4uKeykRx0dHjlniEFCGPcrpk5aSW6W2jGkeo0BhDe:wb9q49k7UniECicdMaf6W2jDeV
Size: 43520 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: BorlandDelphi30, UPolyXv05_v6
Company: no certificate found
Created at: 2011-07-01 14:06:56
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
| Behaviour | Description |
|---|---|
| WormAutorun | A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer. |
| IRCBot | A bot can communicate with command and control servers via IRC channel. |
Process activity
The Trojan creates the following process(es):
%original file name%.exe:452
The Trojan injects its code into the following process(es):
Explorer.EXE:1684
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
No files have been created.
Registry activity
The process %original file name%.exe:452 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "66 3F C9 95 BC 6C 37 37 2C 4D 06 38 7E F8 3E 5B"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"svmhost.exe" = "%Documents and Settings%\%current user%\Application Data\svmhost.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"svmhost.exe" = "%Documents and Settings%\%current user%\Application Data\svmhost.exe"
Dropped PE files
There are no dropped PE files.
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer.
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:452
- Delete the original Trojan file.
- Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"svmhost.exe" = "%Documents and Settings%\%current user%\Application Data\svmhost.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"svmhost.exe" = "%Documents and Settings%\%current user%\Application Data\svmhost.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 12288 | 12288 | 3.2632 | 97aced61d02cbaaf6101ac753674aedb |
| .data | 16384 | 29533 | 29696 | 3.83593 | 77d9114a0b098c98deaf120bfc5de70d |
| .rsrc | 49152 | 1000 | 1024 | 0 | 0f343b0931126a20f133d67c2b018a3b |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://api.wipmania.com/ | 212.83.168.196 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET / HTTP/1.1
User-Agent: Mozilla/5.0 (compatible)
Host: api.wipmania.com
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Apr 2015 04:57:31 GMT
Content-Type: text/html
Content-Length: 20
Connection: keep-alive
Keep-Alive: timeout=20
91.200.159.131<br>UA..
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
Explorer.EXE_1684_rwx_00EE0000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe
Explorer.EXE_1684_rwx_00FF0000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe
Explorer.EXE_1684_rwx_01590000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe
Explorer.EXE_1684_rwx_017F0000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe
Explorer.EXE_1684_rwx_01A10000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe
Explorer.EXE_1684_rwx_01FF0000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe
Explorer.EXE_1684_rwx_02060000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe
Explorer.EXE_1684_rwx_02070000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe
Explorer.EXE_1684_rwx_02080000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe
Explorer.EXE_1684_rwx_02220000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe
Explorer.EXE_1684_rwx_02230000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe
Explorer.EXE_1684_rwx_02240000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe
Explorer.EXE_1684_rwx_023A0000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe
Explorer.EXE_1684_rwx_023B0000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe
Explorer.EXE_1684_rwx_023C0000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe
Explorer.EXE_1684_rwx_023E0000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe
Explorer.EXE_1684_rwx_028B0000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe
Explorer.EXE_1684_rwx_028C0000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe
Explorer.EXE_1684_rwx_028D0000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe
Explorer.EXE_1684_rwx_028F0000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe
Explorer.EXE_1684_rwx_02900000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe
Explorer.EXE_1684_rwx_02910000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe
Explorer.EXE_1684_rwx_02930000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe
Explorer.EXE_1684_rwx_029A0000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe
Explorer.EXE_1684_rwx_029C0000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe
Explorer.EXE_1684_rwx_02B80000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
y0SSSh
y0SSSh
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe
Explorer.EXE_1684_rwx_02B90000_0000E000:
.data
.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
Successfully Killed And Removed Malicious File: "%s"
Successfully Killed And Removed Malicious File: "%s"
Usage: %s IP PORT DELAY LENGTH
Usage: %s IP PORT DELAY LENGTH
Failed To Start Thread: "%d"
Failed To Start Thread: "%d"
Failed: "%d"
Failed: "%d"
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Failed: Mis Parameter, Usage: %s [SHOW/HIDE] [URL]
Filed To Visit: "%s"
Filed To Visit: "%s"
Successfully Visited: "%s"
Successfully Visited: "%s"
%s #%s
%s #%s
%s %s
%s %s
Running From: "%s"
Running From: "%s"
[%s][%s] - "%s"
[%s][%s] - "%s"
{%s}: %s
{%s}: %s
Successfully Executed Process: "%s"
Successfully Executed Process: "%s"
Failed To Create Process: "%s", Reason: "%d"
Failed To Create Process: "%s", Reason: "%d"
Successfully Downloaded File To: "%s"
Successfully Downloaded File To: "%s"
Downloading File: "%s"
Downloading File: "%s"
hXXp://api.wipmania.com/
hXXp://api.wipmania.com/
JOIN
JOIN
NICK
NICK
PRIVMSG
PRIVMSG
AryaN{%s-%s-x%d}%s
AryaN{%s-%s-x%d}%s
New{%s-%s-x%d}%s
New{%s-%s-x%d}%s
%s "" "%s" :%s
%s "" "%s" :%s
%s %s :[AryaN]: %s
%s %s :[AryaN]: %s
%s %s %s
%s %s %s
Finished Flooding "%s:%d"
Finished Flooding "%s:%d"
Terminated UDP Flood Thread
Terminated UDP Flood Thread
%d%d%d%d%d%d%d%d
%d%d%d%d%d%d%d%d
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
Flooding: "%s:%d", Delay: "%d(ms)", For "%d" Seconds
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
LNK Infected Removable Device: "%s\", Created: "%d" Lnk Files
AutoRun Infected Removable Device: "%s\"
AutoRun Infected Removable Device: "%s\"
j[YPSSh
j[YPSSh
SSSSh
SSSSh
VSSSh
VSSSh
1018420
1018420
udp.stop
udp.stop
dload.stop
dload.stop
join
join
yaboyyoshi.info
yaboyyoshi.info
MSVCRT.dll
MSVCRT.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
WS2_32.dll
WS2_32.dll
SHLWAPI.dll
SHLWAPI.dll
InternetOpenUrlA
InternetOpenUrlA
WININET.dll
WININET.dll
ole32.dll
ole32.dll
PSAPI.DLL
PSAPI.DLL
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
svmhost.exe
svmhost.exe
7$7*70767
7$7*70767
%userprofile%
%userprofile%
%s\removethis_%d%d%d.exe
%s\removethis_%d%d%d.exe
%temp%\oldfile.exe
%temp%\oldfile.exe
Mozilla/5.0 (compatible)
Mozilla/5.0 (compatible)
%s\%d%d%d.exe
%s\%d%d%d.exe
explorer.exe
explorer.exe
Kernel32.dll
Kernel32.dll
%s-deadlock
%s-deadlock
%s\SysWOW64
%s\SysWOW64
advapi32.dll
advapi32.dll
comsupp.dll
comsupp.dll
shell32.dll
shell32.dll
wininet.dll
wininet.dll
shlwapi.dll
shlwapi.dll
dnsapi.dll
dnsapi.dll
user32.dll
user32.dll
ws2_32.dll
ws2_32.dll
psapi.dll
psapi.dll
Ole32.dll
Ole32.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
dwm.exe
dwm.exe
alg.exe
alg.exe
csrss.exe
csrss.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%s-readfile
%s-readfile
cmd.exe
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
%temp%\deletethis.exe
%temp%\deletethis.exe
Removable_Drive.exe
Removable_Drive.exe
%s\{%s-%s}
%s\{%s-%s}
/k "%s" Open %s
/k "%s" Open %s
%windir%\System32\cmd.exe
%windir%\System32\cmd.exe
%s\Removable_Drive.exe
%s\Removable_Drive.exe
%s\%s
%s\%s
%s\%s.lnk
%s\%s.lnk
icon=Shell32.dll,7
icon=Shell32.dll,7
shell\open\Command=%s
shell\open\Command=%s
open=%s
open=%s
shell\explore\Command=%s
shell\explore\Command=%s
%s\autorun.inf
%s\autorun.inf
%Documents and Settings%\%current user%\Application Data\svmhost.exe
%Documents and Settings%\%current user%\Application Data\svmhost.exe
c:\%original file name%.exe
c:\%original file name%.exe