Malware Report

Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:

MD5 =08d100768bee6ba22fbc7583049698c3

Malware Report - Results

File MD5Sum	SHA1SUM	SHA256SUM	FUZZY HASH	File Size
08d100768bee6ba22fbc7583049698c3	64ff9444f173cd19cdd31bf7bd1c716f63ced81f	a4a5b5767ab8308493ec7e4985805a7af09a6b32f331e19030acbe85ad0e10ba	1536:WrjvZfuH2JcrmrnWLYC7ZOn5m6pEGckMst+xzx92XGV1:qUH2OrAYO8k1kzxMWT	90213

File Results

File Name
Postales.exe

SNORT Results

Snort Class	Snort Alert	Count
N/A	No snort alerts generated	0

AV Results

AV Alert	AV Vendor
N/A	Symantec
N/A	McAfee
Trojan.Win32.Llac.acaz	Kaspersky

Folders (Added) - ICC Results

Path	Folder Name

Files (Added) - ICC Results

Path	File Name
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:/WINDOWS	scssrr.exe
c:	netstat_post.txt
c:	taskv_post.txt

Files (Deleted) - ICC Results

Action	Path	File Name

Files (Changed) - ICC Results

Action	Path	File Name
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/system32/config	software.LOG
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP

Registry Keys (Added) - ICC Results

Action	Path

Registry Values (Added) - ICC Results

Action	Path	Val_Name	Val_Data

Registry Values (Deleted) - ICC Results

Action	Path	Val_Name	Val_Type	Mod_Val_Type	Val_Data	Mod_Val_Data

Registry Values (Changed) - ICC Results

Action	Path	Val_Name	Val_Data	Mod_Val_Data
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	99 2C D9 54 7C 8A B1 4B D8 AC A7 92 E0 19 29 FA 6E 4C E3 93 EE 9A E6 24 2E FA 44	CE 7C FD 66 62 2D 81 7B 94 6F 48 94 03 F5 C0 8D C8 29 26 A3 A2 9A 91 3A E5 06 1

DNS Results

DNS	DNS Response
krikoperurlz.mooo.com	Standard query response A 200.108.108.43

URL Results

DstIP	HTTP_HOST	HTTP_REQUEST_URI	HTTP_USER_AGENT	PROTOCOL
239.255.255.250	239.255.255.250:1900	*	--blank--	0x11

ARGUS PROTOCOL Results

PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
17	4	0	700	0

ARGUS DPORT Results

DPORT	PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
1900	17	4	0	700	0

ARGUS DATA Results

Time	Date	Protocol	SrcIP	DstIP	Dir	Flags	Sport	Dport	Pkts	Bytes
04:19:25	2011-06-27	17	10.10.10.7	239.255.255.250	->	e	4002	1900	2	350
04:19:31	2011-06-27	17	10.10.10.7	239.255.255.250	->	e	4002	1900	1	175
04:19:34	2011-06-27	17	10.10.10.7	239.255.255.250	->	e	413	1900	1	175

Packer Results

Packer Name

HoneyTrap Results

Honey Trap Log File Location

PTFB Results

PTFB Log File Location