http://h4ck3d.forumotion.net/post-suspicious-exe-links-f11/-t1.htm Tue, 01 Sep 2009 00:13:58 GMT 10 http://illiweb.com/fa/prosilver_grey/site_logo.gif http://h4ck3d.forumotion.net/post-suspicious-exe-links-f11/-t1.htm http://h4ck3d.forumotion.net/post-suspicious-exe-links-f11/winagentexe-t140.htm JeSTeR * Submission details: o Submission received: 31 August 2009, 18:26:26 o Processing time: 8 min 38 sec o Submitted sample: + File MD5: 0x5EE26F43139A2CDB3A79A835574285A0 + File SHA-1: 0x43933885866F58D3ABC8147CA79CB8F161957542 + Filesize: 76,288 bytes + Alias: # Trojan Horse [Symantec] # Trojan-Downloader.Win32.Agent.chgu [Kaspersky Lab] ... Post Suspicious .exe Links Tue, 01 Sep 2009 00:13:58 GMT http://h4ck3d.forumotion.net/post-suspicious-exe-links-f11/winagentexe-t140.htm#140 http://h4ck3d.forumotion.net/post-suspicious-exe-links-f11/winagentexe-t140.htm http://h4ck3d.forumotion.net/post-suspicious-exe-links-f11/sissibotexe-t132.htm JeSTeR * To mark the presence in the system, the following Mutex object was created: o [sissi v1.1] * The following ports were open in the system: Port Protocol Process 113 TCP sissiBOT.exe (%System%\sissiBOT.exe) 8080 TCP sissiBOT.exe (%System%\sissiBOT.exe) NICK sissi[ri0t]5895 USER voqt 0 0 :sissi[ri0t]5895 USERHOST sissi[ri0t]5895 MODE sissi[ri0t]5895 -x+i JOIN #sissis MODE #sissis +snt NOTICE sissi[ri0t]5895 :.VERSION mIRC v6.14 Khaled Mardam-Bey. PRIVMSG ... Post Suspicious .exe Links Mon, 31 Aug 2009 23:42:10 GMT http://h4ck3d.forumotion.net/post-suspicious-exe-links-f11/sissibotexe-t132.htm#132 http://h4ck3d.forumotion.net/post-suspicious-exe-links-f11/sissibotexe-t132.htm