| | Infection | Listen | Egg-download | Upload |
|---|
445 (56%)
135 (29%)
139 (10%) | 500 (42%)
1026 (42%) | 1032 (57%)
445 (48%) | 1032 (52%) |
|
| | Processes | Executables |
|---|
MSMSGS.EXE (60%)
ntvdm.exe (38%)
random 5/6/7/8
character filename | ftpupd.exe (88%)
random 5/6/8
character filename |
|
| ...Microsoft\Wireless (52%)
...InternetSettings\5.0 (43%)
...InternetSettings\Connections (43%)
...Microsoft\SecurityCenter (26%)
...Microsoft\WindowsFirewall (26%)
...Software\Symantec (26%)full list |
|
| 1:99913 (100%)
1:5001684 (83%)
1:3000003 (67%)
1:2001683 (59%)
1:2466 (59%)
1:2000032 (54%)full list |
|
| | HTTP |
|---|
UA=Mozilla/4.0 (compatibl... (100%)
filename=/zmon.exe (100%)
version=1.0 (100%)
sourceIP=194.204.177.59 (29%)full list |
|
| | MD5 | Antivirus labels | Domain |
|---|
7d99b0... (23%)
None (21%)
5ddac0... (12%)
259613... (8%)full list | korgo (58%)
padobot (58%)
lsabot (56%)
sdbot (33%)
ircbot (31%)
spybot (31%)full list | .com (100%)
.net (100%)
.org (100%)
.ru (100%)
http://tn0828-web.hp.info... (100%)
http://www.anonymitytest.... (100%)full list |
|