Pattern AUGUST-F

37 samples (WinXP (100%))

Ports
Infection Listen Egg-download Upload
445 (97%) 44445 (97%) 74 (57%) 44445 (95%)

Filenames
Processes Executables
MSMSGS.EXE (100%) index.dat (100%)
resource32w.exe (73%)

Snort IDs
1:99913 (100%)
1:2000032 (97%)
1:2000033 (97%)
1:2466 (97%)
1:3000004 (95%)
1:5001684 (70%)
full list

Network chatter
FTP
user=a (100%)
pass=a (97%)
exec=resource32w.exe (93%)
server=WinFtpd 1.2 (83%)
destport=1025 (40%)

Static analysis
MD5
None (100%)