w32_backdoor1.ex_                 : W32/Backdoor
====> Sandbox output:

 [ DetectionInfo ]
    * Sandbox name: W32/Backdoor
    * Signature name: NO_VIRUS

 [ General information ]

    * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.

    * Display message box (sample) : sample, te amo!.

    * File length:        58368 bytes.

    * MD5 hash: 60a8d2e41147f48364e1eb3729ac53fb.

 [ Changes to filesystem ]

    * Deletes file C:WINDOWSSYSTEM32kern32.exe.

    * Creates file C:WINDOWSSYSTEM32kern32.exe.

 [ Changes to registry ]

    * Creates key "HKLMSoftwareMicrosoftWindowsCurrentVersionRunOnce".

    * Sets value "kernel32"="C:WINDOWSSYSTEM32kern32.exe -sys" in key "HKLMSoftwareMicrosoftWindowsCurrentVersionRunOnce".

 [ Changes to system settings ]

    * Creates WindowsHook monitoring keyboard activity.

 [ Network services ]

    * Connects to "200.223.3.130" on port 6667 (TCP).

    * Connects to IRC server.

    * IRC: Uses nickname CurrentUser[FRK][74].

    * IRC: Uses username SErVERINO.

    * IRC: Joins channel #Sl4cK_r0oT.

 [ Process/window information ]

    * Creates a mutex ZZM9H9YY.

    * Creates a mutex SrVFrK.

 [ Signature Scanning ]

    * C:WINDOWSSYSTEM32kern32.exe (58368 bytes) : W32/Ircbot.AWL.