Pattern AUG-SEP-F

119 samples (WinXP (98%))

Ports
Infection Listen Egg-download Upload
445 (94%) 44445 (93%) 74 (42%) 44445 (86%)

Filenames
Processes Executables
MSMSGS.EXE (98%) index.dat (100%)
resource32w.exe (69%)

Snort IDs
1:99913 (95%)
1:2000032 (93%)
1:2000033 (93%)
1:2466 (93%)
1:3000004 (88%)
1:5001684 (64%)
full list

Network chatter
FTP
user=a (95%)
pass=a (93%)
exec=resource32w.exe (89%)
server=WinFtpd 1.2 (78%)
destport=1025 (32%)

Static analysis
MD5 Antivirus labels
None (97%) ircbot (100%)
ircbrute (100%)
linkbot (100%)
rbot (100%)
sdbot (100%)