File MD5Sum | SHA1SUM | SHA256SUM | FUZZY HASH | File Size |
---|---|---|---|---|
14f89836c2d1757c85acb17f0f3ca341 | d9c9efbebd2cf5da3bb621d39c3acd36111284eb | 48bc809873c5bc2fdad0f759b36408a9c9be690a2ff3a9172f105d91f6f38c62 | 768:Ed+t0BSP3+qAkP/0o0YFhLnqrltLFcx3pliHXd96VFMxBsdz0sdODJyfvxI4MY69:Ed+1m/E/x0Y | 47104 |
File Name |
---|
kp.jpg.exe |
Snort Class | Snort Alert | Count |
---|---|---|
N/A | No snort alerts generated | 0 |
AV Alert | AV Vendor |
---|---|
Backdoor.Trojan | Symantec |
Generic | McAfee |
Backdoor.Win32.VB.nmw | Kaspersky |
Path | Folder Name |
---|
Action | Path | File Name |
---|
Action | Path |
---|
Action | Path | Val_Name | Val_Data |
---|
Action | Path | Val_Name | Val_Type | Mod_Val_Type | Val_Data | Mod_Val_Data |
---|
Action | Path | Val_Name | Val_Data | Mod_Val_Data |
---|---|---|---|---|
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | 8A 87 53 D9 1B 1D FE 91 59 B5 6C D6 D4 6B C3 B7 70 F4 9D 24 16 BA 37 2A 1B FD A8 | 33 BE 92 ED 5D 21 30 DD 82 60 9F 50 7F 21 63 50 AB E4 B7 A7 4A F1 BA 05 12 A1 8 |
modified | HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/ProfileList/S-1-5-19 | RefCount | 0x00000002 | 0x00000001 |
modified | HKLM/SYSTEM/ControlSet001/Services/SharedAccess | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch | Epoch | 0x00000104 | 0x00000105 |
modified | HKLM/SYSTEM/ControlSet001/Services/wscsvc | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch | Epoch | 0x00000104 | 0x00000105 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/wscsvc | Start | 0x00000002 | 0x00000004 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections | SavedLegacySettings | 3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 | 3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | BE 3C C5 2F 71 10 E6 54 79 4C E2 C3 51 82 EF 4B 1A 58 49 C4 63 B7 89 25 1D 1B 62 | 3D F2 DB 1D 57 60 7B 24 8E C3 9D 79 28 45 CD CF 9F 97 D7 B9 12 40 7B 0C 0C EC 8 |
modified | HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/ProfileList/S-1-5-19 | RefCount | 0x00000002 | 0x00000001 |
modified | HKLM/SYSTEM/ControlSet001/Services/SharedAccess | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch | Epoch | 0x00000104 | 0x00000105 |
modified | HKLM/SYSTEM/ControlSet001/Services/wscsvc | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch | Epoch | 0x00000104 | 0x00000105 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/wscsvc | Start | 0x00000002 | 0x00000004 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections | SavedLegacySettings | 3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 | 3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
DNS | DNS Response |
---|---|
w.nucleardiscover.com | Standard query response A 60.190.223.75 |
DstIP | HTTP_HOST | HTTP_REQUEST_URI | HTTP_USER_AGENT | PROTOCOL |
---|---|---|---|---|
239.255.255.250 | 239.255.255.250:1900 | * | --blank-- | 0x11 |
PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|
6 | 45 | 42 | 3655 | 2526 |
17 | 1 | 0 | 175 | 0 |
DPORT | PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|---|
888 | 6 | 45 | 42 | 3655 | 2526 |
1900 | 17 | 1 | 0 | 175 | 0 |
Time | Date | Protocol | SrcIP | DstIP | Dir | Flags | Sport | Dport | Pkts | Bytes |
---|---|---|---|---|---|---|---|---|---|---|
12:08:41 | 2011-04-23 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 366 | 888 | 13 | 1099 |
12:08:46 | 2011-04-23 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 366 | 888 | 11 | 660 |
12:08:51 | 2011-04-23 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 366 | 888 | 5 | 300 |
12:09:57 | 2011-04-23 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 578 | 888 | 13 | 1099 |
12:10:02 | 2011-04-23 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 578 | 888 | 10 | 600 |
12:10:07 | 2011-04-23 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 578 | 888 | 6 | 360 |
12:11:12 | 2011-04-23 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 727 | 888 | 13 | 1103 |
12:11:17 | 2011-04-23 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 727 | 888 | 10 | 600 |
12:11:22 | 2011-04-23 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 727 | 888 | 6 | 360 |
23:10:57 | 2011-05-02 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 412 | 888 | 14 | 1160 |
23:11:02 | 2011-05-02 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 412 | 888 | 11 | 660 |
23:11:08 | 2011-05-02 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 412 | 888 | 4 | 240 |
23:12:12 | 2011-05-02 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 571 | 888 | 14 | 1160 |
23:12:17 | 2011-05-02 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 571 | 888 | 10 | 600 |
23:12:22 | 2011-05-02 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 571 | 888 | 5 | 300 |
23:13:25 | 2011-05-02 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 162 | 888 | 14 | 1160 |
23:13:31 | 2011-05-02 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 162 | 888 | 10 | 600 |
23:13:36 | 2011-05-02 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 162 | 888 | 5 | 300 |
23:14:39 | 2011-05-02 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 809 | 888 | 13 | 1100 |
23:14:45 | 2011-05-02 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 809 | 888 | 11 | 660 |
23:14:50 | 2011-05-02 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 809 | 888 | 5 | 300 |
23:16:29 | 2011-05-02 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 1 | 175 |
Packer Name |
---|
Honey Trap Log File Location |
---|
PTFB Log File Location |
---|