Pattern JUL-AUGQ

37 samples (WinXP (57%)
Win2K-f (43%))


Ports
InfectionListenEgg-downloadUpload
445 (92%)135 (52%)
500 (52%)
1026 (52%)
44445 (31%)
69 (28%)
445 (70%)
1028 (35%)
44445 (27%)
Filenames
ProcessesExecutables
MSMSGS.EXE (60%)

random 6/8/9
character filename
index.dat (50%)
ftpupd.exe (40%)
o (40%)
Registry keys
...Microsoft\Wireless (62%)
...CurrentVersion\RunServices (38%)

full list

Snort IDs
1:5001684 (76%)
1:2001683 (62%)
1:2000032 (49%)
1:2466 (49%)
555:5555005 (49%)
1:1390 (46%)

full list

Network chatter
FTP
server=- (78%)
pass=1 (63%)
user=1 (44%)
exec=resource32w.exe (37%)
pass=a (37%)
user=a (33%)
Static analysis
MD5Antivirus labelsDomain
2aa59b... (14%)
7d99b0... (14%)
04af72... (8%)
0a0261... (8%)
97ac56... (8%)
6f4858... (5%)

full list

sdbot (67%)
linkbot (56%)
rbot (47%)
poebot (42%)
ircbot (36%)
possiblethreat (31%)

full list

SOFTWARE\Classes\Applicat... (100%)
paypal.com (100%)
..έ..Π..Z..\ΠΡΡΡΡ..ΠΡΡX... (43%)

full list