| | Infection | Listen | Egg-download | Upload |
|---|
| 445 (99%) | 44445 (99%)
135 (59%)
500 (59%)
1026 (59%) | 68 (57%) | 44445 (98%) |
|
| | Processes | Executables |
|---|
MSMSGS.EXE (44%)
random 9
character filename | index.dat (64%)
resource32w.exe (62%)
Abort (26%)
random 17
character filename |
|
| ...CurrentVersion\RunServices (99%)
...Microsoft\OLE (98%)
...InternetSettings\5.0 (65%)
...InternetSettings\Connections (65%)full list |
|
| 1:2000032 (99%)
1:2466 (99%)
1:3000004 (99%)
1:5001684 (97%)
1:2001683 (96%)
555:5555005 (77%)full list |
|
| | FTP |
|---|
exec=resource32w.exe (99%)
pass=a (98%)
user=a (98%)
server=WinFtpd 1.2 (95%) |
|
| | MD5 | Antivirus labels | Domain |
|---|
7fdfe3... (69%)
None (21%)full list | sdbot (99%)
spybot (97%)
rbot (97%)
mybot (92%)
sdbo (90%) | *@celestial.org (100%) |
|