Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =14f89836c2d1757c85acb17f0f3ca341

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    14f89836c2d1757c85acb17f0f3ca341d9c9efbebd2cf5da3bb621d39c3acd36111284eb48bc809873c5bc2fdad0f759b36408a9c9be690a2ff3a9172f105d91f6f38c62768:Ed+t0BSP3+qAkP/0o0YFhLnqrltLFcx3pliHXd96VFMxBsdz0sdODJyfvxI4MY69:Ed+1m/E/x0Y47104

    File Results

    File Name
    kp.jpg.exe

    SNORT Results

    Snort ClassSnort AlertCount
    N/ANo snort alerts generated0

    AV Results

    AV AlertAV Vendor
    Backdoor.TrojanSymantec
    GenericMcAfee
    Backdoor.Win32.VB.nmwKaspersky

    Folders (Added) - ICC Results

    PathFolder Name

    Files (Added) - ICC Results

    PathFile Name
    c:/DELL/VIDEO/OUTPUTnetstat_base.txt
    c:/DELL/VIDEO/OUTPUTnetstat_post.txt
    c:/DELL/VIDEO/OUTPUTtasksvc_base.txt
    c:/DELL/VIDEO/OUTPUTtasksvc_post.txt
    c:/DELL/VIDEO/OUTPUTtaskv_base.txt
    c:/DELL/VIDEO/OUTPUTtaskv_post.txt
    c:/Documents and Settings/dmc73144/Local Settings/Temp2u82v5c00.bat
    c:/Documents and Settings/dmc73144/Local Settings/Tempj1t5ts7.exe
    c:/Documents and Settings/dmc73144/Local Settings/TempMouseDriver.bat
    c:/Documents and Settings/dmc73144/Local Settings/Temp~DFAB48.tmp
    c:/WINDOWS/Prefetch7Z.EXE-1A62CD19.pf
    c:/WINDOWS/PrefetchJ1T5TS7.EXE-08EDD5FA.pf
    c:/WINDOWS/PrefetchNET.EXE-01A53C2F.pf
    c:/WINDOWS/PrefetchNET1.EXE-029B9DB4.pf
    c:/WINDOWS/PrefetchRUNDLL32.EXE-4B010C9D.pf
    c:/WINDOWS/PrefetchRUNONCE.EXE-2803F297.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/PrefetchSC.EXE-012262AF.pf
    c:/WINDOWS/system32lur7q.log
    c:/Documents and Settings/dmc73144/Local Settings/Tempb4ib5ela.bat
    c:/Documents and Settings/dmc73144/Local Settings/Tempj1t5ts7.exe
    c:/Documents and Settings/dmc73144/Local Settings/TempMouseDriver.bat
    c:/Documents and Settings/dmc73144/Local Settings/Temp~DF8B76.tmp
    c:/WINDOWS/PrefetchGRPCONV.EXE-111CD845.pf
    c:/WINDOWS/PrefetchJ1T5TS7.EXE-08EDD5FA.pf
    c:/WINDOWS/PrefetchNET.EXE-01A53C2F.pf
    c:/WINDOWS/PrefetchNET1.EXE-029B9DB4.pf
    c:/WINDOWS/PrefetchRUNDLL32.EXE-4B010C9D.pf
    c:/WINDOWS/PrefetchRUNONCE.EXE-2803F297.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/PrefetchSC.EXE-012262AF.pf
    c:/WINDOWS/system32lur7q.log
    c:netstat_post.txt
    c:tasksvc_post.txt
    c:taskv_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/Documents and Settings/LocalServicentuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/configSysEvent.Evt
    modifiedc:/WINDOWS/system32/configsystem.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswbemess.log
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/Documents and Settings/LocalServicentuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/configsystem.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswbemess.log
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed8A 87 53 D9 1B 1D FE 91 59 B5 6C D6 D4 6B C3 B7 70 F4 9D 24 16 BA 37 2A 1B FD A8 33 BE 92 ED 5D 21 30 DD 82 60 9F 50 7F 21 63 50 AB E4 B7 A7 4A F1 BA 05 12 A1 8
    modifiedHKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/ProfileList/S-1-5-19RefCount0x00000002 0x00000001
    modifiedHKLM/SYSTEM/ControlSet001/Services/SharedAccessStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/ControlSet001/Services/SharedAccess/EpochEpoch0x00000104 0x00000105
    modifiedHKLM/SYSTEM/ControlSet001/Services/wscsvcStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/SharedAccessStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/EpochEpoch0x00000104 0x00000105
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/wscsvcStart0x00000002 0x00000004
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeedBE 3C C5 2F 71 10 E6 54 79 4C E2 C3 51 82 EF 4B 1A 58 49 C4 63 B7 89 25 1D 1B 62 3D F2 DB 1D 57 60 7B 24 8E C3 9D 79 28 45 CD CF 9F 97 D7 B9 12 40 7B 0C 0C EC 8
    modifiedHKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/ProfileList/S-1-5-19RefCount0x00000002 0x00000001
    modifiedHKLM/SYSTEM/ControlSet001/Services/SharedAccessStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/ControlSet001/Services/SharedAccess/EpochEpoch0x00000104 0x00000105
    modifiedHKLM/SYSTEM/ControlSet001/Services/wscsvcStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/SharedAccessStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/EpochEpoch0x00000104 0x00000105
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/wscsvcStart0x00000002 0x00000004
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001

    DNS Results

    DNSDNS Response
    w.nucleardiscover.comStandard query response A 60.190.223.75

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    6454236552526
    17101750

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    8886454236552526
    190017101750

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    12:08:412011-04-23610.10.10.760.190.223.75-> e 366888131099
    12:08:462011-04-23610.10.10.760.190.223.75-> e 36688811660
    12:08:512011-04-23610.10.10.760.190.223.75-> e 3668885300
    12:09:572011-04-23610.10.10.760.190.223.75-> e 578888131099
    12:10:022011-04-23610.10.10.760.190.223.75-> e 57888810600
    12:10:072011-04-23610.10.10.760.190.223.75-> e 5788886360
    12:11:122011-04-23610.10.10.760.190.223.75-> e 727888131103
    12:11:172011-04-23610.10.10.760.190.223.75-> e 72788810600
    12:11:222011-04-23610.10.10.760.190.223.75-> e 7278886360
    23:10:572011-05-02610.10.10.760.190.223.75-> e 412888141160
    23:11:022011-05-02610.10.10.760.190.223.75-> e 41288811660
    23:11:082011-05-02610.10.10.760.190.223.75-> e 4128884240
    23:12:122011-05-02610.10.10.760.190.223.75-> e 571888141160
    23:12:172011-05-02610.10.10.760.190.223.75-> e 57188810600
    23:12:222011-05-02610.10.10.760.190.223.75-> e 5718885300
    23:13:252011-05-02610.10.10.760.190.223.75-> e 162888141160
    23:13:312011-05-02610.10.10.760.190.223.75-> e 16288810600
    23:13:362011-05-02610.10.10.760.190.223.75-> e 1628885300
    23:14:392011-05-02610.10.10.760.190.223.75-> e 809888131100
    23:14:452011-05-02610.10.10.760.190.223.75-> e 80988811660
    23:14:502011-05-02610.10.10.760.190.223.75-> e 8098885300
    23:16:292011-05-021710.10.10.7239.255.255.250-> e 819001175

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location