Cluster AT

12 samples (WinXP (100%))

Ports
Infection Egg-download Upload
445 (75%) 1032 (89%) 1032 (89%)

Filenames
Processes Executables
MSMSGS.EXE (100%) ftpupd.exe (100%)

Registry keys
...Microsoft\Wireless (100%)
full list

Snort IDs
1:2000032 (100%)
1:2000033 (100%)
1:2001683 (100%)
1:2466 (100%)
1:3000000 (100%)
1:3000003 (100%)
full list

Static analysis
MD5 Antivirus labels
bc7925... (17%)
diversity: 91.7%
full list
korgo (100%)
hckpk (92%)
vipre (83%)
padobot (75%)
dabber (33%)
paradrop (25%)