Cluster S
85 samples (WinXP (100%))
Ports
Infection
Listen
Egg-download
445 (38%)
139 (19%)
1028 (87%)
445 (65%)
73 (45%)
74 (33%)
139 (33%)
Filenames
Processes
Executables
MSMSGS.EXE (100%)
index.dat (100%)
firstswin.exe (47%)
Snort IDs
1:1390 (100%)
1:99998 (100%)
1:5001684 (80%)
1:2001683 (73%)
1:2001944 (67%)
1:3000006 (67%)
full list
Network chatter
FTP
pass=1 (100%)
user=1 (100%)
server=NzmxFtpd 0wns j0 (59%)
exec=firstswin.exe (42%)
server=fuckFtpd 0wns j0 (31%)
Static analysis
MD5
Antivirus labels
51be10... (7%)
diversity: 46.2%
full list
vipre (92%)
ircbot (85%)
sdbot (85%)
behav (54%)
heur (46%)
rbot (38%)
full list