Malware Report

Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:

MD5 =1dd47683c694f269ccef56c84986cc8e

Malware Report - Results

File MD5Sum	SHA1SUM	SHA256SUM	FUZZY HASH	File Size
1dd47683c694f269ccef56c84986cc8e	962886be592f716bc5fcf59fdbeada265d4371a2	a3a8fd81fb0c8a55bc031c8ca2747d4b54d76051e1da933dc1b665f741054f1b	6144:0cg0lBvbaAG0hdhW0B3tcVBrG8MD4JWjIJsUH2yWO4/e1mbzqtW5GTyPQJQlpB7y:HBvbaAG0hW	500224

File Results

File Name
comprovante.scr.exe

SNORT Results

Snort Class	Snort Alert	Count
N/A	No snort alerts generated	0

AV Results

AV Alert	AV Vendor
Adware.Websearch	Symantec
Artemis!1DD47683C694	McAfee
Trojan.Win32.Buzus.hldn	Kaspersky
Downloader	Symantec
Generic	McAfee
Trojan-Downloader.Win32.Delf.aq	Kaspersky

Folders (Added) - ICC Results

Path	Folder Name

Files (Added) - ICC Results

Path	File Name
c:/DELL/VIDEO/OUTPUT	netstat_base.txt
c:/DELL/VIDEO/OUTPUT	netstat_post.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_base.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_post.txt
c:/DELL/VIDEO/OUTPUT	taskv_base.txt
c:/DELL/VIDEO/OUTPUT	taskv_post.txt
c:/WINDOWS/Prefetch	7Z.EXE-1A62CD19.pf
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:	paint.gif

Files (Deleted) - ICC Results

Action	Path	File Name

Files (Changed) - ICC Results

Action	Path	File Name
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Logs	wbemess.log
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP

Registry Keys (Added) - ICC Results

Action	Path

Registry Values (Added) - ICC Results

Action	Path	Val_Name	Val_Data

Registry Values (Deleted) - ICC Results

Action	Path	Val_Name	Val_Type	Mod_Val_Type	Val_Data	Mod_Val_Data

Registry Values (Changed) - ICC Results

Action	Path	Val_Name	Val_Data	Mod_Val_Data
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	01 01 FC 5A C6 9F 98 E3 1A D5 B4 2F AB 07 45 8C 24 31 50 41 18 D2 17 BD 0A 57 1A	9C 40 03 C8 2F 30 90 A0 FB 3A 5C B3 82 3C D1 64 F3 B8 06 2A 4E 9F 98 E4 A6 82 4
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001

DNS Results

DNS	DNS Response

URL Results

DstIP	HTTP_HOST	HTTP_REQUEST_URI	HTTP_USER_AGENT	PROTOCOL
70.39.93.38	70.39.93.38	/play.txt	Mozilla/3.0 (compatible; Indy Library)	0x06
70.39.93.38	70.39.93.38	/play.php	Mozilla/3.0 (compatible; Indy Library)	0x06

ARGUS PROTOCOL Results

PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
6	10	8	884	1030

ARGUS DPORT Results

DPORT	PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
80	6	10	8	884	1030

ARGUS DATA Results

Time	Date	Protocol	SrcIP	DstIP	Dir	Flags	Sport	Dport	Pkts	Bytes
06:30:14	2011-04-25	6	10.10.10.7	70.39.93.38	->	e	87	80	9	957
06:30:15	2011-04-25	6	10.10.10.7	70.39.93.38	->	e	100	80	9	957

Packer Results

Packer Name

HoneyTrap Results

Honey Trap Log File Location

PTFB Results

PTFB Log File Location