| | Infection | Listen | Egg-download | Upload |
|---|
| 445 (73%) | 1033 (37%)
1032 (26%) | 1032 (55%)
1031 (33%) | 1032 (55%)
1031 (33%) |
|
| | Processes | Executables |
|---|
MSMSGS.EXE (100%)
random 5/6/7/8
character filename | HelpCtr.exe (100%)
HelpHost.exe (100%)
HelpSvc.exe (100%)
NOTEPAD.EXE (100%)
UploadM.exe (100%)
accwiz.exe (100%)full list |
|
| |
| 1:2001683 (100%)
1:5001684 (100%)
1:2000032 (90%)
1:2000033 (90%)
1:2466 (90%)
1:99913 (90%)full list |
|
| | FTP | C&C |
|---|
pass=1 (90%)
server=StnyFtpd 0wns j0 (90%)
user=1 (90%)
exec=sertys.exe (30%)
exec=windervs.exe (30%) | 81.95.146.251 (5%) |
|
| | MD5 | Antivirus labels | Domain |
|---|
388123... (6%)
b37139... (6%)diversity: 73.0%
full list | virut (100%)
virutas (89%)
vipre (84%)
korgo (82%)
padobot (75%)
horst (74%)full list | broadway.ny.us.dal.net (35%)
brussels.be.eu.undernet.o... (35%)
caen.fr.eu.undernet.org (35%)
ced.dal.net (35%)
coins.dal.net (35%)
diemen.nl.eu.undernet.org (35%)full list |
|
