Malware Report

Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:

MD5 =196804757307e89e9fa968fc1e09115b

Malware Report - Results

File MD5Sum	SHA1SUM	SHA256SUM	FUZZY HASH	File Size
196804757307e89e9fa968fc1e09115b	b89e0f36ee61a966d38f3f52d260cecca5bc620b	7218ace4ba4aced7b73e70a38a223fc2c409a06d18e884c39c03eccc98ff83a8	768:T1mOhplcsHvKWzX6HJmFqda7kon9uKj8/nbcuyD7UsRalsOh:gOhplcsHv1X6n0tynouy8aO	25088

File Results

File Name
Player%2DFree%2DPorn%2DVideo.exe

SNORT Results

Snort Class	Snort Alert	Count
N/A	No snort alerts generated	0

AV Results

AV Alert	AV Vendor
N/A	Symantec
N/A	McAfee
Trojan.Win32.Hosts2.gen	Kaspersky

Folders (Added) - ICC Results

Path	Folder Name

Files (Added) - ICC Results

Path	File Name
c:/Documents and Settings/dmc73144/Local Settings/Temp	~i.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temp	~r.tmp
c:/WINDOWS/Prefetch	IEXPLORE.EXE-27122324.pf
c:/WINDOWS/Prefetch	REG.EXE-0D2A95F7.pf
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:	netstat_post.txt
c:	tasksvc_post.txt
c:	taskv_post.txt

Files (Deleted) - ICC Results

Action	Path	File Name

Files (Changed) - ICC Results

Action	Path	File Name
modified	c:/Documents and Settings/Administrator	ntuser.dat.LOG
modified	c:/Documents and Settings/dmc73144/Application Data/Mozilla/Firefox/Profiles/ektregxy.default	prefs.js
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	ATTRIB.EXE-39EAFB02.pf
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	FIND.EXE-0EC32F1E.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/system32/config	software.LOG
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP

Registry Keys (Added) - ICC Results

Action	Path

Registry Values (Added) - ICC Results

Action	Path	Val_Name	Val_Data

Registry Values (Deleted) - ICC Results

Action	Path	Val_Name	Val_Type	Mod_Val_Type	Val_Data	Mod_Val_Data

Registry Values (Changed) - ICC Results

Action	Path	Val_Name	Val_Data	Mod_Val_Data
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	93 2B D4 AA 45 10 FA ED 66 DF 9F 7E 03 76 00 91 F2 8B F6 2D 88 AF 87 17 1F 28 01	DD 7A 12 9A 06 61 6B EC A4 15 6C 90 A4 96 0D E0 E3 72 E5 4E 77 CB CC 1F 83 05 8
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}/iexplore	Count	0x00000007	0x00000008
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}/iexplore	Time	D9 07 0C 00 03 00 09 00 03 00 0C 00 36 00 51 02	DB 07 05 00 05 00 06 00 0B 00 0E 00 27 00 5A 03
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	DefaultConnectionSettings	3C 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 04 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 2F 00 00 00 73 6C 6
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 17 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 2F 00 00 00 73 6C 6
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/BagMRU	MRUListEx	01 00 00 00 00 00 00 00 02 00 00 00 04 00 00 00 03 00 00 00 FF FF FF FF	00 00 00 00 01 00 00 00 02 00 00 00 04 00 00 00 03 00 00 00 FF FF FF FF
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000003

DNS Results

DNS	DNS Response
www.ilheuspraia.com.br	Standard query response, Server failure

URL Results

DstIP	HTTP_HOST	HTTP_REQUEST_URI	HTTP_USER_AGENT	PROTOCOL
239.255.255.250	239.255.255.250:1900	*	--blank--	0x11

ARGUS PROTOCOL Results

PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
17	2	0	350	0

ARGUS DPORT Results

DPORT	PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
1900	17	2	0	350	0

ARGUS DATA Results

Time	Date	Protocol	SrcIP	DstIP	Dir	Flags	Sport	Dport	Pkts	Bytes
07:19:47	2011-05-06	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350

Packer Results

Packer Name

HoneyTrap Results

Honey Trap Log File Location

PTFB Results

PTFB Log File Location