Pattern JUL-AUGG

113 samples (WinXP (51%)
Win2K-f (49%))


Ports
InfectionListenEgg-download
445 (100%)135 (86%)
500 (86%)
1026 (86%)
445 (97%)
68 (47%)
73 (44%)
Filenames
ProcessesExecutables
MSMSGS.EXE (68%)

random 10
character filename
o (100%)
index.dat (88%)
windservc.exe (28%)
Registry keys
...CurrentVersion\RunServices (100%)
...CurrentVersion\Run (42%)
...InternetSettings\5.0 (42%)

full list

Snort IDs
1:1390 (100%)
1:2001944 (100%)
1:99998 (100%)
1:3003 (99%)
1:3000006 (97%)
1:2001683 (94%)

full list

Network chatter
FTP
pass=1 (100%)
user=1 (100%)
server=StnyFtpd 0wns j0 (95%)
Static analysis
MD5Antivirus labels
None (54%)
d40063... (9%)
c4709f... (8%)
fc3e35... (7%)

full list

sdbot (94%)
rbot (90%)
vipre (90%)
spybot (71%)
dnascan (69%)
mybot (62%)

full list