Pattern JULYK

60 samples (WinXP (100%))

Ports
Infection Listen Upload
445 (95%) 1032 (97%)
1033 (97%)
44445 (88%) 44445 (90%)

Filenames
Processes Executables
MSMSGS.EXE (100%)
ftp.exe (97%) index.dat (100%)
o (95%)

Snort IDs
1:3000004 (92%)
1:2000032 (90%)
1:2000033 (90%)
1:2466 (90%)
1:99913 (90%)

Network chatter
FTP
destport=1033 (95%)
pass=a (88%)
user=a (88%)
exec=resource32w.exe (87%)
server=WinFtpd 1.2 (85%)
destIP=10.2.32.214 (35%)
full list

Static analysis
MD5
None (100%)