Malware Report

Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:

MD5 =2c8f3943d1aa7331ad068b0099b46f1c

Malware Report - Results

File MD5Sum	SHA1SUM	SHA256SUM	FUZZY HASH	File Size
2c8f3943d1aa7331ad068b0099b46f1c	d8b85802a76c0ea3e1a901a1f05d368c49468b81	36ea123c7ae6ff6b2995b047a2d06ad671203e834efa052effebfcfd768ea886	6144:EcWMJJhqryYP/daqlzAFV9X3J5+qNBEA0HAcjdQ5YQFXCdwdWJXWKD:EczJJhqrVPldApX55+qz	281310

File Results

File Name
callistointgoup.exe

SNORT Results

Snort Class	Snort Alert	Count
N/A	No snort alerts generated	0

AV Results

AV Alert	AV Vendor
N/A	Symantec
Artemis!212F78522E8E	McAfee
Trojan.Win32.FakeTest.g	Kaspersky
Fakesurvey	Symantec
Artemis!2C8F3943D1AA	McAfee

Folders (Added) - ICC Results

Path	Folder Name
c:/Documents and Settings/dmc73144	test

Files (Added) - ICC Results

Path	File Name
c:/Documents and Settings/dmc73144/Desktop	test2.exe.lnk
c:/Documents and Settings/dmc73144/test	test.ini
c:/Documents and Settings/dmc73144/test	test2.exe
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:/WINDOWS/Prefetch	TEST2.EXE-30015B16.pf
c:	netstat_post.txt
c:	tasksvc_post.txt
c:	taskv_post.txt

Files (Deleted) - ICC Results

Action	Path	File Name

Files (Changed) - ICC Results

Action	Path	File Name
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/SoftwareDistribution/DataStore/Logs	edb.chk
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING1.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP

Registry Keys (Added) - ICC Results

Action	Path

Registry Values (Added) - ICC Results

Action	Path	Val_Name	Val_Data

Registry Values (Deleted) - ICC Results

Action	Path	Val_Name	Val_Type	Mod_Val_Type	Val_Data	Mod_Val_Data

Registry Values (Changed) - ICC Results

Action	Path	Val_Name	Val_Data	Mod_Val_Data
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	9E AD 9E 5B 48 97 CD FD 2F AC F0 43 41 FB D9 FB 83 10 3D C1 7A 42 FA 23 7A FA 58	E8 EC CA 21 E5 1E 6C A6 7E 61 91 35 5C 53 27 AD 17 0F FC 0A D8 D9 B3 F0 21 B1 D
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000003

DNS Results

DNS	DNS Response

URL Results

DstIP	HTTP_HOST	HTTP_REQUEST_URI	HTTP_USER_AGENT	PROTOCOL
239.255.255.250	239.255.255.250:1900	*	--blank--	0x11

ARGUS PROTOCOL Results

PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
17	1	0	175	0

ARGUS DPORT Results

DPORT	PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
1900	17	1	0	175	0

ARGUS DATA Results

Time	Date	Protocol	SrcIP	DstIP	Dir	Flags	Sport	Dport	Pkts	Bytes
03:29:52	2011-03-23	17	10.10.10.7	239.255.255.250	->	e	3631	1900	1	175

Packer Results

Packer Name

HoneyTrap Results

Honey Trap Log File Location

PTFB Results

PTFB Log File Location