| Infection | Listen | Egg-download | Upload |
---|
445 (50%)
135 (32%)
139 (12%) | 500 (49%)
1026 (49%) | 1032 (47%)
445 (42%)
1027 (29%) | 1032 (45%) |
|
| Processes | Executables |
---|
MSMSGS.EXE (52%)
ntvdm.exe (45%)
random 5/6/7/8 character filename | ftpupd.exe (89%)
random 5/6/8 character filename |
|
| ...InternetSettings\5.0 (50%)
...InternetSettings\Connections (50%)
...Microsoft\Wireless (44%)
...Microsoft\SecurityCenter (31%)
...Microsoft\WindowsFirewall (31%)
...Software\Symantec (31%)full list |
|
| 1:99913 (100%)
1:5001684 (79%)
1:3000003 (63%)
1:2001683 (53%)
1:2466 (53%)
1:2000032 (47%)full list |
|
| HTTP |
---|
UA=Mozilla/4.0 (compatibl... (100%)
filename=/zmon.exe (100%)
version=1.0 (100%)
sourceIP=194.204.177.59 (29%)full list |
|
| MD5 | Antivirus labels | Domain |
---|
7d99b0... (22%)
None (22%)
5ddac0... (15%)
259613... (10%)
d6df39... (5%)full list | korgo (52%)
padobot (52%)
lsabot (48%)
sdbot (35%)
spybot (35%)
ircbot (32%)full list | .com (100%)
.net (100%)
.org (100%)
.ru (100%)
http://tn0828-web.hp.info... (100%)
http://www.anonymitytest.... (100%)full list |
|