Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =2345df605a8c207357b9d33953877311

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    2345df605a8c207357b9d339538773112c9e6116034f11785985ee57e5d5c318120a94365396fb95676be4e9cb1bcb0af7ce80b92d32e3868c7eec1ff95120f1d8c50540768:K/va/1ntRseeYaM+0yqzA6n/TOVjUnw05QzB/23nbcuyD7U:Z/BtCH1qvn/TONUv6/Mnouy840960

    File Results

    File Name
    kp.gif.exe
    index.html%3Fgetexe%3Dloader.exe

    SNORT Results

    Snort ClassSnort AlertCount
    Misc AttackET RBN Known Russian Business Network IP TCP (5)4

    AV Results

    AV AlertAV Vendor

    Folders (Added) - ICC Results

    PathFolder Name

    Files (Added) - ICC Results

    PathFile Name
    c:/DELL/VIDEO/OUTPUTnetstat_base.txt
    c:/DELL/VIDEO/OUTPUTnetstat_post.txt
    c:/DELL/VIDEO/OUTPUTtasksvc_base.txt
    c:/DELL/VIDEO/OUTPUTtasksvc_post.txt
    c:/DELL/VIDEO/OUTPUTtaskv_base.txt
    c:/DELL/VIDEO/OUTPUTtaskv_post.txt
    c:/Documents and Settings/dmc73144/Local Settings/Temp5mtrzw.exe
    c:/Documents and Settings/dmc73144/Local Settings/Tempoguohrym.bat
    c:/Documents and Settings/dmc73144/Local Settings/Temp~DF83A4.tmp
    c:/WINDOWS/Prefetch5MTRZW.EXE-2C8CF7DF.pf
    c:/WINDOWS/Prefetch7Z.EXE-1A62CD19.pf
    c:/WINDOWS/PrefetchNET.EXE-01A53C2F.pf
    c:/WINDOWS/PrefetchNET1.EXE-029B9DB4.pf
    c:/WINDOWS/PrefetchSC.EXE-012262AF.pf
    c:/WINDOWS/system32iu5avj3.log
    c:/DELL/VIDEO/OUTPUTnetstat_base.txt
    c:/DELL/VIDEO/OUTPUTnetstat_post.txt
    c:/DELL/VIDEO/OUTPUTtasksvc_base.txt
    c:/DELL/VIDEO/OUTPUTtasksvc_post.txt
    c:/DELL/VIDEO/OUTPUTtaskv_base.txt
    c:/DELL/VIDEO/OUTPUTtaskv_post.txt
    c:/Documents and Settings/dmc73144/Local Settings/Temp5mtrzw.exe
    c:/Documents and Settings/dmc73144/Local Settings/Tempd5jd6gnb.bat
    c:/Documents and Settings/dmc73144/Local Settings/Temp~DFC37E.tmp
    c:/WINDOWS/Prefetch5MTRZW.EXE-2C8CF7DF.pf
    c:/WINDOWS/Prefetch7Z.EXE-1A62CD19.pf
    c:/WINDOWS/system32iu5avj3.log

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/Documents and Settings/LocalServicentuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/configSysEvent.Evt
    modifiedc:/WINDOWS/system32/configsystem.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswbemess.log
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/Documents and Settings/LocalServicentuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchNET.EXE-01A53C2F.pf
    modifiedc:/WINDOWS/PrefetchNET1.EXE-029B9DB4.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSC.EXE-012262AF.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswbemess.log
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed93 6E 8D AC D7 D2 3E C7 00 D2 4C B0 2F 6F 36 98 ED 2A 5B 94 2D FA B7 C0 04 55 8C 9C 7A FB A9 BA D6 D7 2F 12 95 92 E5 C2 B2 74 D2 CA 48 FA CB 03 9B 7A 88 97 1C E
    modifiedHKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/ProfileList/S-1-5-19RefCount0x00000002 0x00000001
    modifiedHKLM/SYSTEM/ControlSet001/Services/SharedAccessStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/ControlSet001/Services/SharedAccess/EpochEpoch0x00000104 0x00000105
    modifiedHKLM/SYSTEM/ControlSet001/Services/wscsvcStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/SharedAccessStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/EpochEpoch0x00000104 0x00000105
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/wscsvcStart0x00000002 0x00000004
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed38 AE C7 FA AF B3 12 C1 4F 67 DC 2A B2 03 31 56 D8 AC 53 04 94 AB 5E 08 E5 51 A2 F8 76 07 3C C3 53 01 11 CD 58 62 AA 54 6D A5 20 C4 89 EB F7 DC 73 4C 59 8A F7 6
    modifiedHKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/ProfileList/S-1-5-19RefCount0x00000002 0x00000001
    modifiedHKLM/SYSTEM/ControlSet001/Services/SharedAccessStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/ControlSet001/Services/SharedAccess/EpochEpoch0x00000104 0x00000105
    modifiedHKLM/SYSTEM/ControlSet001/Services/wscsvcStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/SharedAccessStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/EpochEpoch0x00000104 0x00000105
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/wscsvcStart0x00000002 0x00000004
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001

    DNS Results

    DNSDNS Response
    exe.perfectexe.comStandard query response A 122.224.6.48

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    6605648633368
    17203500

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    2556605648633368
    190017203500

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    17:13:192010-08-27610.10.10.7122.224.6.48-> e 11255131097
    17:13:242010-08-27610.10.10.7122.224.6.48-> e 1125510600
    17:13:292010-08-27610.10.10.7122.224.6.48-> e 112556360
    17:14:362010-08-27610.10.10.7122.224.6.48-> e 83255131100
    17:14:412010-08-27610.10.10.7122.224.6.48-> e 8325511660
    17:14:462010-08-27610.10.10.7122.224.6.48-> e 832555300
    17:15:502010-08-27610.10.10.7122.224.6.48-> e 609255131097
    17:15:552010-08-27610.10.10.7122.224.6.48-> e 60925510600
    17:16:002010-08-27610.10.10.7122.224.6.48-> e 6092556360
    17:17:032010-08-27610.10.10.7122.224.6.48-> e 112255131097
    17:17:082010-08-27610.10.10.7122.224.6.48-> e 11225511660
    17:17:132010-08-27610.10.10.7122.224.6.48-> e 1122555300
    17:18:462010-08-271710.10.10.7239.255.255.250-> e 819002350
    12:13:572010-09-02610.10.10.7122.224.6.48-> e 412255131097
    12:14:022010-09-02610.10.10.7122.224.6.48-> e 41225510600
    12:14:072010-09-02610.10.10.7122.224.6.48-> e 4122556360
    12:15:132010-09-02610.10.10.7122.224.6.48-> e 533255131097
    12:15:182010-09-02610.10.10.7122.224.6.48-> e 53325510600
    12:15:232010-09-02610.10.10.7122.224.6.48-> e 5332556360
    12:16:272010-09-02610.10.10.7122.224.6.48-> e 462255141157
    12:16:322010-09-02610.10.10.7122.224.6.48-> e 46225510600
    12:16:372010-09-02610.10.10.7122.224.6.48-> e 4622555300
    12:17:422010-09-02610.10.10.7122.224.6.48-> e d 753255131097
    12:17:472010-09-02610.10.10.7122.224.6.48-> e 75325513780
    12:17:522010-09-02610.10.10.7122.224.6.48-> e d 7532557420
    12:20:072010-09-021710.10.10.7239.255.255.250-> e 819002350

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location