Pattern J
80 samples (always Win2K-f)
Ports
Infection
Listen
Upload
mostly 445
135 (100%)
500 (100%)
1026 (100%)
44445 (98%)
44445 (98%)
Snort IDs
1:2000032 (99%)
1:2000046 (99%)
1:2466 (99%)
1:3000004 (99%)
1:99906 (99%)
Network chatter
FTP
pass=a (59%)
user=a (58%)
exec=resource32w.exe (54%)
server=WinFtpd 1.2 (38%)
Static analysis
MD5
always None