Cluster J
190 samples (WinXP (100%))
Ports
Infection
Listen
Egg-download
445 (58%)
1028 (78%)
445 (97%)
73 (48%)
Filenames
Processes
Executables
MSMSGS.EXE (100%)
index.dat (100%)
o (100%)
Snort IDs
1:1390 (100%)
1:99998 (100%)
1:2001944 (97%)
1:3000006 (97%)
1:3003 (87%)
1:5001684 (74%)
full list
Network chatter
FTP
user=1 (100%)
pass=1 (99%)
server=StnyFtpd 0wns j0 (97%)
Static analysis
MD5
Antivirus labels
diversity: 55.6%
sdbot (100%)
vipre (100%)
rbot (78%)
sheur (56%)
spybot (44%)
ircbot (22%)
full list