Cluster AB
46 samples (WinXP (100%))
Ports
Infection
Egg-download
Upload
445 (78%)
1032 (86%)
1032 (86%)
Filenames
Processes
Executables
MSMSGS.EXE (100%)
random 5/6/7/8
character filename
ftpupd.exe (100%)
random 4/5/6/8
character filename
Registry keys
...Microsoft\Wireless (100%)
full list
Snort IDs
1:2000032 (100%)
1:2000033 (100%)
1:2001683 (100%)
1:2466 (100%)
1:3000000 (100%)
1:3000003 (100%)
full list
Static analysis
MD5
Antivirus labels
736531... (57%)
744033... (7%)
diversity: 37.0%
full list
korgo (100%)
parite (100%)
perite (100%)
pinfi (100%)
win32_parite_b (98%)
lsabot (96%)
full list