Pattern JUL-AUGU

11 samples (WinXP (55%)
Win2K-f (45%))


Ports
InfectionEgg-downloadUpload
445 (100%)445 (45%)
1028 (45%)
80 (27%)
1031 (27%)
1032 (27%)
44445 (45%)
80 (27%)
1031 (27%)
1032 (27%)
Filenames
ProcessesExecutables
MSMSGS.EXE (100%)ftpupd.exe (100%)
Registry keys
...Microsoft\Wireless (100%)

full list

Snort IDs
1:2000032 (100%)
1:2001683 (100%)
1:2466 (100%)
1:5001684 (100%)
1:3000003 (82%)
555:5555005 (82%)

full list

Network chatter
FTP
exec=resource32w.exe (100%)
pass=a (100%)
server=- (100%)
user=a (60%)
Static analysis
MD5Antivirus labelsDomain
7c0547... (18%)

full list

bobax (100%)
bobic (80%)
vipre (60%)
korgo (50%)
lsabot (50%)
padobot (50%)

full list

SOFTWARE\Classes\Applicat... (100%)
paypal.com (100%)

full list