Pattern JUL-AUGL

41 samples (WinXP (95%))


Ports
InfectionListenEgg-downloadUpload
445 (71%)
1033 (17%)
1034 (12%)		9996 (92%)
1032 (54%)
1033 (54%)
5554 (28%)		9996 (88%)
445 (32%)		9996 (73%)
Filenames
ProcessesExecutables
MSMSGS.EXE (98%)
ftp.exe (52%)

random 7/8
character filename		index.dat (97%)
cmd.ftp (58%)
avserve2.exe (29%)

random 8
character filename
Registry keys
...Reliability\UserDefined (50%)

full list

Snort IDs
1:2466 (98%)
1:99913 (93%)
1:2000047 (88%)
1:3000004 (78%)
555:5555005 (32%)
1:2001056 (29%)

full list

Network chatter
FTP
user=anonymous (95%)
pass=bin (89%)
server=OK (87%)
destport=1033 (55%)
Static analysis
MD5Antivirus labels
None (63%)
1a2c0e... (20%)
831f4e... (7%)

full list

jobaka (85%)