File MD5Sum | SHA1SUM | SHA256SUM | FUZZY HASH | File Size |
---|---|---|---|---|
1baf402e1ce56065a17fb81fde78a7dc | fd175234627bfe84e5395554418daccd20601b0a | 4c39213876a8bfe3e0aa6a28803138485217a5d6cd99813c342749f2bbab33bc | 6144:ccg0hBLbmPG8hhhWQB3VwpVrOQMb4lWfgpsEviuWOM/elG7vqtGS+9yPQCWlpB7y:TBLbmPG8VW | 500224 |
File Name |
---|
comprovante.scr.exe |
Snort Class | Snort Alert | Count |
---|---|---|
N/A | No snort alerts generated | 0 |
AV Alert | AV Vendor |
---|---|
Adware.Websearch | Symantec |
PWS-Banker!gun | McAfee |
Trojan.Win32.Buzus.hjol | Kaspersky |
Path | Folder Name |
---|
Path | File Name |
---|---|
c:/WINDOWS/Prefetch | SANDNET.EXE-2012C478.pf |
c: | netstat_post.txt |
c: | old.gif |
c: | tasksvc_post.txt |
c: | taskv_post.txt |
Action | Path | File Name |
---|
Action | Path | File Name |
---|---|---|
modified | c:/Documents and Settings/dmc73144 | ntuser.dat.LOG |
modified | c:/WINDOWS/Prefetch | CMD.EXE-087B4001.pf |
modified | c:/WINDOWS/Prefetch | HSTART.EXE-221D72BF.pf |
modified | c:/WINDOWS/Prefetch | NETSTAT.EXE-2B2B4428.pf |
modified | c:/WINDOWS/Prefetch | SH.EXE-00254D2B.pf |
modified | c:/WINDOWS/Prefetch | SLEEP.EXE-094A3D2A.pf |
modified | c:/WINDOWS/Prefetch | SSHD.EXE-298CA236.pf |
modified | c:/WINDOWS/Prefetch | SWITCH.EXE-0496EC21.pf |
modified | c:/WINDOWS/Prefetch | TASKLIST.EXE-10D94B23.pf |
modified | c:/WINDOWS/system32/drivers/etc | hosts |
modified | c:/WINDOWS/system32/wbem/Logs | wmiprov.log |
Action | Path |
---|
Action | Path | Val_Name | Val_Data |
---|
Action | Path | Val_Name | Val_Type | Mod_Val_Type | Val_Data | Mod_Val_Data |
---|
Action | Path | Val_Name | Val_Data | Mod_Val_Data |
---|---|---|---|---|
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | 72 84 18 71 74 DB B5 93 EA 28 84 A2 77 35 13 50 A0 67 05 39 BC 12 EB 75 5E 2E 27 | 9F A1 89 65 57 6B 20 DD 6A 92 12 F4 04 37 F6 C5 6A 4C 8A 43 B6 FC 2B 64 5A 8E C |
DNS | DNS Response |
---|
DstIP | HTTP_HOST | HTTP_REQUEST_URI | HTTP_USER_AGENT | PROTOCOL |
---|---|---|---|---|
216.189.1.127 | 216.189.1.127 | /ajuda.txt | Mozilla/3.0 (compatible; Indy Library) | 0x06 |
216.189.1.127 | 216.189.1.127 | /acessar.php | Mozilla/3.0 (compatible; Indy Library) | 0x06 |
239.255.255.250 | 239.255.255.250:1900 | * | --blank-- | 0x11 |
PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|
6 | 10 | 8 | 892 | 1030 |
17 | 1 | 0 | 175 | 0 |
DPORT | PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|---|
80 | 6 | 10 | 8 | 892 | 1030 |
1900 | 17 | 1 | 0 | 175 | 0 |
Time | Date | Protocol | SrcIP | DstIP | Dir | Flags | Sport | Dport | Pkts | Bytes |
---|---|---|---|---|---|---|---|---|---|---|
22:27:44 | 2011-05-03 | 6 | 10.10.10.7 | 216.189.1.127 | -> | e | 128 | 80 | 9 | 960 |
22:27:45 | 2011-05-03 | 6 | 10.10.10.7 | 216.189.1.127 | -> | e | 158 | 80 | 9 | 962 |
22:33:26 | 2011-05-03 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 1 | 175 |
Packer Name |
---|
Honey Trap Log File Location |
---|
PTFB Log File Location |
---|