Cluster F
324 samples (WinXP (100%))
Ports
Infection
Listen
Egg-download
Upload
445 (81%)
44445 (93%)
445 (50%)
1033 (40%)
44445 (50%)
Filenames
Processes
Executables
MSMSGS.EXE (100%)
index.dat (100%)
resource32w.exe (56%)
f0dns.exe (43%)
Snort IDs
1:2001683 (84%)
1:1390 (50%)
1:2000032 (50%)
1:2000033 (50%)
1:2001944 (50%)
1:2466 (50%)
full list
Network chatter
FTP
user=a (100%)
pass=a (100%)
exec=resource32w.exe (53%)
server=WinFtpd 1.2 (51%)
exec=f0dns.exe (41%)
Static analysis
MD5
Antivirus labels
840993... (33%)
diversity: 15.6%
full list
behav (98%)
dnascan (98%)
maximus (98%)
nspack (98%)
sdbot (97%)
klone (96%)
full list