Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =1eae79ded7d781544ea19322fda94b83

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    1eae79ded7d781544ea19322fda94b83774ca8b1e70432710a2ee734b38f8f02decd906d9aee797eecce523892976c1605fa37c45b59d05bc4f6f35355ad6de59d3b2217768:5uRufd/4gDUq5uy9JICB3kO4lAVf6zEGbRydpExyq1I7kbmGovyy:QRyR4gDxpyC9UOczEG0TEv143741

    File Results

    File Name
    v62pipe.php%3Fspl%3DJWS%26fh%3B%3D.exe
    l.php%3Fwm%5Fid%3Dacc0047.exe

    SNORT Results

    Snort ClassSnort AlertCount
    Misc AttackET RBN Known Russian Business Network IP TCP (280)1

    AV Results

    AV AlertAV Vendor
    N/ASymantec
    N/AMcAfee
    N/AKaspersky
    Artemis!1EAE79DED7D7McAfee

    Folders (Added) - ICC Results

    PathFolder Name
    c:/Documents and Settings/dmc73144/Local Settings/Tempf3f5d276-7d5b-42f7-aa93-08b2cf090d83
    c:/Documents and Settings/dmc73144/Local Settings/Temp9d29c144-402f-4a81-9930-076a82e037ae

    Files (Added) - ICC Results

    PathFile Name
    c:/Documents and Settings/dmc73144/Application Data8fbc0ebc-15d7-4dae-818a-50f3473ae912_46.avi
    c:/Documents and Settings/dmc73144/Local Settings/Temp/f3f5d276-7d5b-42f7-aa93-08b2cf090d83wrk1.tmp_46
    c:/WINDOWS/PrefetchRUNDLL32.EXE-4D06AD3B.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:netstat_post.txt
    c:taskv_post.txt
    c:/Documents and Settings/dmc73144/Application Data8fbc0ebc-15d7-4dae-818a-50f3473ae912_46.avi
    c:/Documents and Settings/dmc73144/Local Settings/Temp/9d29c144-402f-4a81-9930-076a82e037aewrk1.tmp_46
    c:/WINDOWS/PrefetchRUNDLL32.EXE-36D432F8.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:netstat_post.txt
    c:taskv_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed8D 53 25 5E A4 1F 56 4C F5 C8 8A 60 8D 61 6A 79 F1 52 CE 0E 60 9F 01 C3 FA CA E3 85 36 AB 96 A8 A3 A4 17 21 29 56 AA BE 40 5C CB 3C 43 6A 3E 40 87 EE 41 24 99 E
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed82 FF 04 F2 CA 7B 22 7A 4C 53 D1 A6 80 32 E7 FD 48 45 02 04 05 2D D2 8D 4F DC FA 51 22 1D 5D 7D 54 BB 24 37 5A 98 FA AF 79 6D F5 00 E3 63 57 9D 13 00 61 69 87 5
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001

    DNS Results

    DNSDNS Response

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    91.188.60.591.188.60.5/hit.php?v=46&app_type_id=1&wm_id=acc0047&u=f3f5d276-7d5b-42f7-aa93-08b2cf090d83&t=20x06
    91.188.60.591.188.60.5/hit.php?v=46&app_type_id=1&wm_id=acc0047&u=9d29c144-402f-4a81-9930-076a82e037ae&t=20x06
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    654441515
    17203500

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    80654441515
    190017203500

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    10:00:342010-07-24610.10.10.791.188.60.5-> e 20809956
    10:06:002010-07-241710.10.10.7239.255.255.250-> e 819002350
    22:17:252010-07-24610.10.10.791.188.60.5-> e 6809956
    22:22:462010-07-241710.10.10.7239.255.255.250-> e 819002350

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location