Pattern K
53 samples (always WinXP)
Ports
Infection
Listen
Egg-download
Upload
always 445
1031 (87%)
1031 (53%)
1031 (92%)
Filenames
Processes
MSMSGS.EXE (100%)
Snort IDs
1:2000032 (100%)
1:2000033 (100%)
1:2466 (100%)
1:99913 (100%)
1:3000003 (92%)
1:3000000 (53%)
1:2001683 (42%)
Static analysis
MD5
usually None