Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =1634b7b8dc5cf1881fff3795ca1dfdde

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    1634b7b8dc5cf1881fff3795ca1dfdde9e3ae6a734669cd16b686023562b624dbb45646e5b2cca2c2ad0c59d8b32568bc59e1f013c79dd75d18d1ac861289b3fd40dcba01536:2wLD8sK0m3aHUMwLZmJUCdLCVQhrzPbv5rERHx9CVhpfwrjBpBlo:2wjmK0lZmJUCdLCVyzzOVx71312

    File Results

    File Name
    cb.exe

    SNORT Results

    Snort ClassSnort AlertCount
    N/ANo snort alerts generated0

    AV Results

    AV AlertAV Vendor

    Folders (Added) - ICC Results

    PathFolder Name
    c:/Documents and Settings/dmc73144/Local Settings/Tempnsj3.tmp

    Files (Added) - ICC Results

    PathFile Name
    c:/Documents and Settings/dmc73144/Application Datafts1gny.exe
    c:/Documents and Settings/dmc73144/Application Datak6jpm8.log
    c:/Documents and Settings/dmc73144/Application DataMouseDriver.bat
    c:/WINDOWS/PrefetchCB.EXE-3B8A22FB.pf
    c:/WINDOWS/PrefetchFTS1GNY.EXE-357EA233.pf
    c:/WINDOWS/PrefetchGRPCONV.EXE-111CD845.pf
    c:/WINDOWS/PrefetchIR.EXE-03502871.pf
    c:/WINDOWS/PrefetchNET.EXE-01A53C2F.pf
    c:/WINDOWS/PrefetchNET1.EXE-029B9DB4.pf
    c:/WINDOWS/PrefetchRUNDLL32.EXE-253557CF.pf
    c:/WINDOWS/PrefetchRUNONCE.EXE-2803F297.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/PrefetchSC.EXE-012262AF.pf
    c:netstat_post.txt
    c:tasksvc_post.txt
    c:taskv_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/Documents and Settings/LocalServicentuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/configSysEvent.Evt
    modifiedc:/WINDOWS/system32/configsystem.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswbemess.log
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed96 6F 34 BA 91 97 92 DB C3 EC FF C8 6A 3A 41 81 A3 C1 2E 6D 95 08 17 BF C6 A8 BE 8D A8 5B 9E 06 1E 67 A3 5C F9 00 15 0A 30 1B CB 96 FD 73 0C 72 D7 97 D9 0E AD B
    modifiedHKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/ProfileList/S-1-5-19RefCount0x00000002 0x00000001
    modifiedHKLM/SYSTEM/ControlSet001/Services/SharedAccessStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/ControlSet001/Services/SharedAccess/EpochEpoch0x00000104 0x00000105
    modifiedHKLM/SYSTEM/ControlSet001/Services/wscsvcStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/SharedAccessStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/EpochEpoch0x00000104 0x00000105
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/wscsvcStart0x00000002 0x00000004
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001

    DNS Results

    DNSDNS Response
    w.nucleardiscover.comStandard query response A 60.190.223.75

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    6576247883728
    17203500

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    8886576247883728
    190017203500

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    22:43:002011-06-05610.10.10.760.190.223.75-> e 108888131124
    22:43:052011-06-05610.10.10.760.190.223.75-> e 10888810600
    22:43:102011-06-05610.10.10.760.190.223.75-> e 1088886360
    22:44:122011-06-05610.10.10.760.190.223.75-> e 576888131124
    22:44:172011-06-05610.10.10.760.190.223.75-> e 57688810600
    22:44:222011-06-05610.10.10.760.190.223.75-> e 5768886360
    22:45:252011-06-05610.10.10.760.190.223.75-> e 636888131124
    22:45:302011-06-05610.10.10.760.190.223.75-> e 63688811660
    22:45:352011-06-05610.10.10.760.190.223.75-> e 6368885300
    22:46:372011-06-05610.10.10.760.190.223.75-> e 804888131124
    22:46:422011-06-05610.10.10.760.190.223.75-> e 80488810600
    22:46:472011-06-05610.10.10.760.190.223.75-> e d 8048885300
    22:46:522011-06-05610.10.10.760.190.223.75-> e d 804888160
    22:46:582011-06-05610.10.10.760.190.223.75-> e d 804888160
    22:47:092011-06-05610.10.10.760.190.223.75-> e d 804888160
    22:47:312011-06-05610.10.10.760.190.223.75-> e d 804888160
    22:48:202011-06-051710.10.10.7239.255.255.250-> e 819002350

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location