Pattern AUG-SEP-J

31 samples (WinXP (100%))


Ports
InfectionEgg-downloadUpload
445 (100%)445 (87%)
1032 (71%)
1031 (26%)		1032 (71%)
1031 (26%)
Filenames
ProcessesExecutables
MSMSGS.EXE (100%)

random 6/7/8
character filename		ftpupd.exe (96%)

random 4/6
character filename
Registry keys
...Microsoft\Wireless (96%)

full list

Snort IDs
1:2000032 (100%)
1:2000033 (100%)
1:2001683 (100%)
1:2466 (100%)
1:5001684 (100%)
1:99913 (100%)

full list

Static analysis
MD5Antivirus labels
736531... (48%)
0a944c... (6%)
528766... (6%)
651382... (6%)
95b642... (6%)

full list

korgo (97%)
lsabot (97%)
padobot (94%)
parite (90%)
pinfi (90%)
win32_parite_b (87%)

full list