Msnmsgrs.exe Malware #2 | Joachim De Zutter
URL sent by pointed to (June 3rd, 2011)
Provider: GlobalProof s.a.r.l
Region: Beirut (LB)
Provider: Free SAS
Organisation: Dedibox SAS
Region: Besannçon (FR)

Server sent HTTP 301 Moved Permanently reply to redirect to an *.exe on
Provider: AMAZON.COM
Region: Seattle (US)

Filesize: 68096
MD5: f52fb29e9087e362ad310971a51518e1
SHA1: e181de1d804b2c8807f831916b1af111162b402e
SHA256: 78ade464d5c66764a206d664cd1d2b861a89b4da1455851820b4b889b09cb93d
Copies itself to %APPDATA%\msnmsgrs.exe
Creates a startup key in the registry
Establishes an IRC connection to ( on TCP port 3211
A reverse DNS lookup of gives The.General.Minister.G0v.Me
Region: Owings Mills (US)