Pattern JULYQ

13 samples (WinXP (54%)
Win2K-f (46%))


Ports
InfectionListenEgg-downloadUpload
445 (92%)69 (75%)
135 (75%)
500 (75%)
1026 (75%)
1030 (62%)
1168 (62%)

full list

445 (77%)
1033 (54%)
1028 (46%)
135 (38%)		1030 (38%)
1034 (31%)
Filenames
ProcessesExecutables
MSMSGS.EXE (54%)index.dat (100%)
o (71%)
Snort IDs
1:1390 (85%)
1:99998 (85%)
1:2001944 (77%)
1:3000006 (77%)
1:5001684 (77%)
1:3003 (69%)

full list

Network chatter
FTP
server=- (100%)
pass=1 (85%)
user=1 (46%)
Static analysis
MD5Antivirus labelsDomain
04af72... (23%)
2aa59b... (15%)
6f4858... (15%)
97ac56... (15%)

full list

linkbot (100%)
sdbot (92%)
ircbot (69%)
poebot (69%)
rbot (62%)
ircbrute (46%)

full list

SOFTWARE\Classes\Applicat... (100%)
paypal.com (100%)
..έ..Π..Z..\ΠΡΡΡΡ..ΠΡΡX... (43%)

full list