Gray Hat Hacking, Second Edition

Prev | Current Page 886 | Next

Shon Harris, Allen Harper, Chris Eagle, and Jonathan Ness

"Gray Hat Hacking, Second Edition"

no:
Your message ID (for later reference): 20070112-3362
Hello,
Gray Hat Hacking: The Ethical Hacker??™s Handbook
518
Chapter 20: Collecting Malware and Initial Analysis
519
PART V
Thanks for taking the time to submit your samples to the Norman Sandbox
Information Center.

nepenthes-7e3b35c870d3bf23a395d72055bbba0f-index.html : W32/Doomjuice.A
(Signature: Doomjuice.A)
[ General information ]
* Decompressing UPX.
* File length: 36864 bytes.
* MD5 hash: 7e3b35c870d3bf23a395d72055bbba0f.
[ Changes to filesystem ]
* Creates file C:\WINDOWS\SYSTEM32\intrenat.exe.
* Deletes file C:\WINDOWS\SYSTEM32\intrenat.exe.
* Creates file C:\sync-src-1.00.tbz.
* Creates file N:\sync-src-1.00.tbz.
* Creates file C:\WINDOWS\sync-src-1.00.tbz.
* Creates file C:\WINDOWS\SYSTEM32\sync-src-1.00.tbz.
* Creates file C:\WINDOWS\TEMP\sync-src-1.00.tbz.
* Creates file C:\DOCUME~1\SANDBOX\sync-src-1.00.tbz.
[ Changes to registry ]
* Creates value "Gremlin"="C:\WINDOWS\SYSTEM32\intrenat.exe" in key
HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
[ Network services ]
* Looks for an Internet connection.
* Connects to "192.168.0.0" on port 3127 (TCP).
* Connects to "CONFIGURED_DNS" on port 3127 (TCP).
* Connects to "192.

Pages:
874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898

The Art of Agile Development (page 61) Absalom's Hair (page 72) Absolute Surrender and Other Addresses (page 15)

Beta Book

Shon Harris, Allen Harper, Chris Eagle, and Jonathan Ness

"Gray Hat Hacking, Second Edition"