Cluster P
93 samples (WinXP (100%))
Ports
Infection
Listen
Egg-download
445 (60%)
1033 (38%)
1028 (100%)
445 (98%)
1033 (39%)
Filenames
Processes
Executables
MSMSGS.EXE (100%)
index.dat (100%)
seegcom.exe (45%)
ForBot-NoSSL_out.pr (42%)
o (41%)
Snort IDs
1:1390 (100%)
1:99998 (100%)
1:2001944 (98%)
1:3000006 (98%)
1:3003 (89%)
1:2001683 (46%)
full list
Network chatter
FTP
pass=a (74%)
user=a (74%)
exec=seegcom.exe (69%)
user=1 (26%)
Static analysis
MD5
Antivirus labels
b018b9... (37%)
diversity: 7.7%
full list
ircbot (100%)
sdbot (100%)
vipre (100%)
wootbot (100%)
agobot (90%)
rbot (90%)
full list