| | Infection | Listen | Egg-download | Upload |
|---|
| 445 (76%) | 44445 (100%)
135 (63%)
500 (63%)
1026 (63%) | 68 (62%) | 44445 (100%) |
|
| | Processes | Executables |
|---|
MSMSGS.EXE (44%)
random 9
character filename | Abort (89%)
random 4/17
character filename |
|
| ...CurrentVersion\RunServices (99%)
...Microsoft\OLE (99%)
...InternetSettings\5.0 (55%)
...InternetSettings\Connections (55%)full list |
|
| 1:2000032 (100%)
1:2466 (100%)
1:3000004 (100%)
1:5001684 (100%)
1:2001683 (99%)
1:2000046 (64%)full list |
|
| | FTP | C&C |
|---|
exec=resource32w.exe (100%)
server=WinFtpd 1.2 (99%)
pass=a (98%)
user=a (98%) | 217.170.244.2 (8%)
82.114.64.251 (7%) |
|
| | MD5 | Antivirus labels | Domain |
|---|
| 7fdfe3... (76%) diversity: 5.6%
full list | sdbot (100%)
rbot (100%)
spybot (99%)
mybot (97%)
sdbo (94%) | *@celestial.org (96%) |
|
