Pattern JULYF

128 samples (WinXP (100%))

Ports
Infection Listen Egg-download
445 (78%)
139 (21%) 1032 (99%)
1033 (99%) 445 (78%)

Filenames
Processes Executables
MSMSGS.EXE (100%)
ftp.exe (92%) index.dat (100%)
o (88%)

Snort IDs
1:1390 (99%)
1:99998 (99%)
1:2001944 (78%)
1:3000006 (78%)
1:3003 (78%)

Network chatter
FTP
pass=1 (100%)
user=1 (100%)
destport=1033 (90%)
server=StnyFtpd 0wns j0 (73%)
exec=Windows (39%)
destIP=10.2.32.214 (33%)

Static analysis
MD5 Antivirus labels
None (98%) sdbot (100%)