Pattern JULYH

89 samples (Win2K-f (100%))

Ports
Infection Listen Upload
445 (100%) 135 (100%)
500 (100%)
1026 (100%)
44445 (99%)
1027 (79%)
1028 (79%) 44445 (99%)

Filenames
Processes
ftp.exe (100%)

Snort IDs
1:2000032 (100%)
1:2000046 (100%)
1:2466 (100%)
1:3000004 (100%)
1:99906 (100%)

Network chatter
FTP
exec=resource32w.exe (99%)
user=a (99%)
pass=a (97%)
destport=1028 (91%)
server=WinFtpd 1.2 (91%)
destIP=10.2.32.203 (35%)
full list

Static analysis
MD5
None (100%)