**** Malware_Report_-_Results ****
This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
MD5 =058f63ebac376e83f2a9648e427be3f3

**** Malware_Report_-_Results ****
 _____________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|File_MD5Sum_____________________|SHA1SUM_________________________________|SHA256SUM_______________________________________________________|FUZZY_HASH______________________________________________________________________|File_Size|
|058f63ebac376e83f2a9648e427be3f3|460083f4f5802ebb3e829bd842df41a197b7f23c|8f8da3046b054c39ee0154eaba1b76d23e20fefef462ca5ab1d9475bf574fb63|768:5ZLJfaE5A6CO3O1pJiX9iMDwTWGTOcP26PeJLCAnAMiyH39Y3wYo3cfWGwKYf0od:/JfkE3spGnn|70884____|
**** File_Results ****
 ______________________________________
|File_Name_____________________________|
|i02rlk8.php%3Fspl%3DJWS%26fh%3B%3D.exe|
**** SNORT_Results ****
 ____________________________________________________________________
|Snort_Class|Snort_Alert_______________________________________|Count|
|Misc_Attack|ET_RBN_Known_Russian_Business_Network_IP_TCP_(284)|2____|
**** AV_Results ****
 __________________
|AV_Alert|AV_Vendor|
**** Folders_(Added)_-_ICC_Results ****
 ___________________________________________________________________________________________
|Path__________________________________________________|Folder_Name_________________________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|6e0aec3c-14b5-428d-b76e-ece9f82169ba|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|6ea3827a-c9f0-4c99-801f-8f9937ba7bb0|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|301cdfec-087c-4772-9c1e-dcce9db30beb|
**** Files_(Added)_-_ICC_Results ****
 _______________________________________________________________________________________________________________________________________
|Path_______________________________________________________________________________________|File_Name__________________________________|
|c:/Documents_and_Settings/dmc73144/Application_Data________________________________________|8fbc0ebc-15d7-4dae-818a-50f3473ae912_46.avi|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp/6e0aec3c-14b5-428d-b76e-ece9f82169ba|wrk1.tmp_46________________________________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp/6e0aec3c-14b5-428d-b76e-ece9f82169ba|wrk2.tmp___________________________________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp/6e0aec3c-14b5-428d-b76e-ece9f82169ba|wrk2.tmp_46________________________________|
|c:/WINDOWS/Prefetch________________________________________________________________________|RUNDLL32.EXE-1D5F630D.pf___________________|
|c:/WINDOWS/Prefetch________________________________________________________________________|RUNDLL32.EXE-38C52291.pf___________________|
|c:/WINDOWS/Prefetch________________________________________________________________________|SANDNET.EXE-2012C478.pf____________________|
|c:_________________________________________________________________________________________|netstat_post.txt___________________________|
|c:_________________________________________________________________________________________|taskv_post.txt_____________________________|
|c:/Documents_and_Settings/dmc73144/Application_Data________________________________________|8fbc0ebc-15d7-4dae-818a-50f3473ae912_46.avi|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp/6ea3827a-c9f0-4c99-801f-8f9937ba7bb0|wrk1.tmp_46________________________________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp/6ea3827a-c9f0-4c99-801f-8f9937ba7bb0|wrk2.tmp___________________________________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp/6ea3827a-c9f0-4c99-801f-8f9937ba7bb0|wrk2.tmp_46________________________________|
|c:/WINDOWS/Prefetch________________________________________________________________________|RUNDLL32.EXE-339BAD24.pf___________________|
|c:/WINDOWS/Prefetch________________________________________________________________________|RUNDLL32.EXE-4304AE8D.pf___________________|
|c:/WINDOWS/Prefetch________________________________________________________________________|SANDNET.EXE-2012C478.pf____________________|
|c:_________________________________________________________________________________________|netstat_post.txt___________________________|
|c:_________________________________________________________________________________________|taskv_post.txt_____________________________|
|c:/Documents_and_Settings/dmc73144/Application_Data________________________________________|8fbc0ebc-15d7-4dae-818a-50f3473ae912_46.avi|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp/301cdfec-087c-4772-9c1e-dcce9db30beb|wrk1.tmp_46________________________________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp/301cdfec-087c-4772-9c1e-dcce9db30beb|wrk2.tmp___________________________________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp/301cdfec-087c-4772-9c1e-dcce9db30beb|wrk2.tmp_46________________________________|
|c:/WINDOWS/Prefetch________________________________________________________________________|RUNDLL32.EXE-190DC878.pf___________________|
|c:/WINDOWS/Prefetch________________________________________________________________________|RUNDLL32.EXE-1C753EAB.pf___________________|
|c:/WINDOWS/Prefetch________________________________________________________________________|SANDNET.EXE-2012C478.pf____________________|
|c:_________________________________________________________________________________________|netstat_post.txt___________________________|
|c:_________________________________________________________________________________________|taskv_post.txt_____________________________|
**** Files_(Deleted)_-_ICC_Results ****
 _____________________
|Action|Path|File_Name|
**** Files_(Changed)_-_ICC_Results ****
 _______________________________________________________________________________________________________________________
|Action__|Path__________________________________________________________________________________|File_Name______________|
|modified|c:/Documents_and_Settings/dmc73144/Cookies____________________________________________|index.dat______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/History/History.IE5_________________|index.dat______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|index.dat______________|
|modified|c:/Documents_and_Settings/dmc73144____________________________________________________|ntuser.dat.LOG_________|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|CMD.EXE-087B4001.pf____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|HSTART.EXE-221D72BF.pf_|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|NETSTAT.EXE-2B2B4428.pf|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SH.EXE-00254D2B.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SLEEP.EXE-094A3D2A.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SSHD.EXE-298CA236.pf___|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SWITCH.EXE-0496EC21.pf_|
|modified|c:/WINDOWS/system32/drivers/etc_______________________________________________________|hosts__________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wmiprov.log____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|INDEX.MAP______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|MAPPING.VER____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|MAPPING2.MAP___________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|OBJECTS.MAP____________|
|modified|c:/Documents_and_Settings/dmc73144/Cookies____________________________________________|index.dat______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/History/History.IE5_________________|index.dat______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|index.dat______________|
|modified|c:/Documents_and_Settings/dmc73144____________________________________________________|ntuser.dat.LOG_________|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|CMD.EXE-087B4001.pf____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|HSTART.EXE-221D72BF.pf_|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|NETSTAT.EXE-2B2B4428.pf|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SH.EXE-00254D2B.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SLEEP.EXE-094A3D2A.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SSHD.EXE-298CA236.pf___|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SWITCH.EXE-0496EC21.pf_|
|modified|c:/WINDOWS/system32/drivers/etc_______________________________________________________|hosts__________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wmiprov.log____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|INDEX.MAP______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|MAPPING.VER____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|MAPPING2.MAP___________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|OBJECTS.MAP____________|
|modified|c:/Documents_and_Settings/dmc73144/Cookies____________________________________________|index.dat______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/History/History.IE5_________________|index.dat______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|index.dat______________|
|modified|c:/Documents_and_Settings/dmc73144____________________________________________________|ntuser.dat.LOG_________|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|CMD.EXE-087B4001.pf____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|HSTART.EXE-221D72BF.pf_|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|NETSTAT.EXE-2B2B4428.pf|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SH.EXE-00254D2B.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SLEEP.EXE-094A3D2A.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SSHD.EXE-298CA236.pf___|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SWITCH.EXE-0496EC21.pf_|
|modified|c:/WINDOWS/system32/drivers/etc_______________________________________________________|hosts__________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wmiprov.log____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|INDEX.MAP______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|MAPPING.VER____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|MAPPING2.MAP___________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|OBJECTS.MAP____________|
**** Registry_Keys_(Added)_-_ICC_Results ****
 ___________
|Action|Path|
**** Registry_Values_(Added)_-_ICC_Results ****
 _____________________________
|Action|Path|Val_Name|Val_Data|
**** Registry_Values_(Deleted)_-_ICC_Results ****
 ________________________________________________________________
|Action|Path|Val_Name|Val_Type|Mod_Val_Type|Val_Data|Mod_Val_Data|
**** Registry_Values_(Changed)_-_ICC_Results ****
 ______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action__|Path____________________________________________________________________________________________________________________|Val_Name___________|Val_Data________________________________________________________________________|Mod_Val_Data___________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG________________________________________________________________________________|Seed_______________|E5_C6_89_00_37_17_62_D6_67_01_77_1A_CC_AE_FB_7A_46_BD_08_BD_FF_46_B1_1C_56_57_79|D4_A2_F0_12_F5_ED_CA_35_A9_CF_43_A9_1E_E6_3D_58_B7_07_08_D5_68_60_CA_E3_B7_F1_4|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Connections|SavedLegacySettings|3C_00_00_00_15_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_00|3C_00_00_00_16_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_0|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation_____________________________________________________|ProgramCount_______|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG________________________________________________________________________________|Seed_______________|6A_25_0F_9D_5F_A0_31_D4_CD_47_97_A3_EA_F4_82_36_AF_58_76_36_46_B7_A5_F8_33_EB_D9|D4_15_EE_FB_05_22_3F_46_C3_4F_C2_19_6C_3E_EA_6F_30_E0_24_C5_D8_D9_97_49_44_12_D|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Connections|SavedLegacySettings|3C_00_00_00_15_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_00|3C_00_00_00_16_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_0|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation_____________________________________________________|ProgramCount_______|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG________________________________________________________________________________|Seed_______________|B8_7E_2C_A7_3C_05_C3_9D_09_C8_D0_F5_63_9D_54_C1_76_F9_0F_1D_1A_AF_BD_3A_F5_B4_59|51_AA_5E_1B_87_FF_E7_DA_50_9B_3E_E9_50_30_7E_D7_81_7E_CD_62_A3_9E_36_CD_07_92_8|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Connections|SavedLegacySettings|3C_00_00_00_15_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_00|3C_00_00_00_16_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_0|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation_____________________________________________________|ProgramCount_______|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
**** DNS_Results ****
 ________________
|DNS|DNS_Response|
**** URL_Results ****
 __________________________________________________________________________________________________________________________________________________
|DstIP__________|HTTP_HOST___________|HTTP_REQUEST_URI____________________________________________________________________|HTTP_USER_AGENT|PROTOCOL|
|91.188.60.5____|91.188.60.5_________|/hit.php?v=46&app_type_id=1&wm_id=acc0028&u=6e0aec3c-14b5-428d-b76e-ece9f82169ba&t=2|_______________|0x06____|
|91.188.60.5____|91.188.60.5_________|/hit.php?v=46&app_type_id=1&wm_id=acc0028&u=6e0aec3c-14b5-428d-b76e-ece9f82169ba&t=5|_______________|0x06____|
|91.188.60.5____|91.188.60.5_________|/t.php?app_type_id=1&wm_id=acc0028&u=6e0aec3c-14b5-428d-b76e-ece9f82169ba&v=46______|_______________|0x06____|
|91.188.60.5____|91.188.60.5_________|/hit.php?v=46&app_type_id=1&wm_id=acc0028&u=6ea3827a-c9f0-4c99-801f-8f9937ba7bb0&t=2|_______________|0x06____|
|91.188.60.5____|91.188.60.5_________|/t.php?app_type_id=1&wm_id=acc0028&u=6ea3827a-c9f0-4c99-801f-8f9937ba7bb0&v=46______|_______________|0x06____|
|91.188.60.5____|91.188.60.5_________|/hit.php?v=46&app_type_id=1&wm_id=acc0028&u=6ea3827a-c9f0-4c99-801f-8f9937ba7bb0&t=5|_______________|0x06____|
|91.188.60.5____|91.188.60.5_________|/hit.php?v=46&app_type_id=1&wm_id=acc0028&u=301cdfec-087c-4772-9c1e-dcce9db30beb&t=2|_______________|0x06____|
|91.188.60.5____|91.188.60.5_________|/hit.php?v=46&app_type_id=1&wm_id=acc0028&u=301cdfec-087c-4772-9c1e-dcce9db30beb&t=5|_______________|0x06____|
|91.188.60.5____|91.188.60.5_________|/t.php?app_type_id=1&wm_id=acc0028&u=301cdfec-087c-4772-9c1e-dcce9db30beb&v=46______|_______________|0x06____|
|239.255.255.250|239.255.255.250:1900|*___________________________________________________________________________________|--blank--______|0x11____|
**** ARGUS_PROTOCOL_Results ****
 ______________________________________________
|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|6_______|15______|12______|1317_____|1545_____|
|17______|3_______|0_______|525______|0________|
**** ARGUS_DPORT_Results ****
 ____________________________________________________
|DPORT|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|80___|6_______|15______|12______|1317_____|1545_____|
|1900_|17______|3_______|0_______|525______|0________|
**** ARGUS_DATA_Results ****
 ________________________________________________________________________________________
|Time____|Date______|Protocol|SrcIP_____|DstIP__________|Dir|Flags|Sport|Dport|Pkts|Bytes|
|17:17:31|2010-07-28|6_______|10.10.10.7|91.188.60.5____|->_|e____|599__|80___|9___|956__|
|17:18:31|2010-07-28|6_______|10.10.10.7|91.188.60.5____|->_|e____|636__|80___|9___|956__|
|00:43:56|2010-07-29|6_______|10.10.10.7|91.188.60.5____|->_|e____|469__|80___|9___|956__|
|00:44:57|2010-07-29|6_______|10.10.10.7|91.188.60.5____|->_|e____|471__|80___|9___|950__|
|00:44:57|2010-07-29|6_______|10.10.10.7|91.188.60.5____|->_|e____|636__|80___|8___|896__|
|17:21:10|2010-07-28|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|17:21:16|2010-07-28|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|1___|175__|
|00:47:37|2010-07-29|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|09:21:52|2010-07-29|6_______|10.10.10.7|91.188.60.5____|->_|e____|602__|80___|9___|956__|
|09:22:51|2010-07-29|6_______|10.10.10.7|91.188.60.5____|->_|e____|355__|80___|9___|956__|
|09:25:32|2010-07-29|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
**** Packer_Results ****
 ___________
|Packer_Name|
**** HoneyTrap_Results ****
 ____________________________
|Honey_Trap_Log_File_Location|
**** PTFB_Results ****
 ______________________
|PTFB_Log_File_Location|