File MD5Sum | SHA1SUM | SHA256SUM | FUZZY HASH | File Size |
---|---|---|---|---|
1fee0d0a531739b2995f541b7de0a6b4 | 76c8c4da2cc960a00c27c84e30a1e235495b464d | 863f680a9cbb832111ef739019b661e8d732549557bc75627ca75e91a6f211aa | 384:0pRdCy4MqlWAmQ+87GTYo5dsOZCfwaW/R4IUpxFEaSklm3z0ZEvCJaSxpJCedbV:WCyVqltmQz6T | 24102 |
File Name |
---|
add.exe |
Snort Class | Snort Alert | Count |
---|---|---|
N/A | No snort alerts generated | 0 |
AV Alert | AV Vendor |
---|---|
N/A | Symantec |
DNSChanger!ei | McAfee |
Trojan.Win32.Qhost.nmf | Kaspersky |
Path | Folder Name |
---|
Action | Path | File Name |
---|
Action | Path |
---|
Action | Path | Val_Name | Val_Data |
---|
Action | Path | Val_Name | Val_Type | Mod_Val_Type | Val_Data | Mod_Val_Data |
---|
Action | Path | Val_Name | Val_Data | Mod_Val_Data |
---|---|---|---|---|
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | E8 65 5F 13 A6 F8 8F A5 26 99 97 92 2B A6 79 A6 8C F0 E4 E9 33 21 F5 F3 62 90 28 | 81 2E 22 A7 44 A6 2D BB 07 62 DE 8B 52 9E 13 81 D4 10 FC CB 98 FB 1F 48 EE E0 6 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | 2C F8 73 D4 E9 72 01 4E 88 D4 3B F0 59 D4 74 B7 45 26 A8 CB 12 4B 37 23 64 58 A0 | 01 54 26 9F D7 E0 AF 0B A4 20 3D BA 2A D4 7C 04 88 6C 5D BD FB 3A D3 61 3E 20 8 |
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | 81 21 6B 1F 44 E7 87 2F A4 FE C3 24 02 50 FA A7 A9 8D CF 08 07 8F C1 7B A8 48 1E | F3 98 D4 6C 81 6E 65 4C BA AB 98 21 24 59 78 F2 4A DD A9 50 42 31 3D 61 C5 36 2 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | 0D 46 EE F2 26 B6 8F AF 43 8E 8F AE 7E DD B4 1F 9E EC 22 BF B6 AC 8F 65 85 0B 9A | 96 68 10 53 70 C1 4B 95 41 3A 73 09 D7 FE 06 1A 05 C3 21 AD 42 26 67 5D 5A 2B C |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
DNS | DNS Response |
---|
DstIP | HTTP_HOST | HTTP_REQUEST_URI | HTTP_USER_AGENT | PROTOCOL |
---|---|---|---|---|
239.255.255.250 | 239.255.255.250:1900 | * | --blank-- | 0x11 |
PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|
17 | 2 | 0 | 350 | 0 |
DPORT | PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|---|
1900 | 17 | 2 | 0 | 350 | 0 |
Time | Date | Protocol | SrcIP | DstIP | Dir | Flags | Sport | Dport | Pkts | Bytes |
---|---|---|---|---|---|---|---|---|---|---|
19:05:43 | 2010-07-08 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 2 | 350 |
07:07:50 | 2010-07-09 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 2 | 350 |
18:40:18 | 2010-07-09 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 2 | 350 |
13:26:29 | 2010-07-10 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 2 | 350 |
Packer Name |
---|
Honey Trap Log File Location |
---|
PTFB Log File Location |
---|