Pattern JULYM

22 samples (WinXP (100%))


Ports
InfectionEgg-downloadUpload
445 (100%)1031 (100%)
445 (82%)		1031 (100%)
1058 (27%)
Filenames
ProcessesExecutables
MSMSGS.EXE (100%)

random 5/6/7
character filename		ftpupd.exe (100%)

random 4/5/6/7
character filename
Registry keys
...Microsoft\Wireless (100%)

full list

Snort IDs
1:2000032 (100%)
1:2000033 (100%)
1:2001683 (100%)
1:2466 (100%)
1:3000000 (100%)
1:3000003 (100%)

full list

Static analysis
MD5Antivirus labels
736531... (50%)
86d186... (18%)
199fd8... (9%)

full list

korgo (100%)
parite (100%)
pinfi (100%)
lsabot (91%)
padobot (77%)
win32_parite_b (68%)

full list