Pattern JUL-AUGK

75 samples (WinXP (100%))


Ports
InfectionListenUpload
445 (96%)44445 (90%)
1032 (82%)
1033 (82%)		44445 (88%)
Filenames
ProcessesExecutables
MSMSGS.EXE (100%)
ftp.exe (79%)		index.dat (99%)
o (80%)
Snort IDs
1:2000032 (91%)
1:2000033 (91%)
1:2466 (91%)
1:99913 (91%)
1:3000004 (89%)
Network chatter
FTP
user=a (87%)
destport=1033 (85%)
pass=a (85%)
server=WinFtpd 1.2 (84%)
exec=resource32w.exe (82%)
destIP=10.2.32.214 (31%)
Static analysis
MD5
None (99%)