Malware Report

Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:

MD5 =2e3f7fdbafb99fed7fa0dd79a962cc53

Malware Report - Results

File MD5Sum	SHA1SUM	SHA256SUM	FUZZY HASH	File Size
2e3f7fdbafb99fed7fa0dd79a962cc53	e973bceef5f30a9545c714717a4d05eb100e074b	258e4d5a4d49b6a8ed54818e98286bca27eded152a53f52c2af810c90309895f	384:0pRdCy4MqlWAmQ+87GTYo5dsOZCfwaW/R4IUpxFEaSklm3z0ZEvCJaS95JCedbV:WCyVqltmQz6T	24102

File Results

File Name
view.exe
teemaeko.bin.exe
statistics.php.exe
sofeigoo.bin.exe
securedupdaterfix717.exe
opapa.exe
l.php.exe
install.php%3Fcoid.exe
inst.php%3Ffff%3D7071710000%26saf%3Dru.exe
index1.php.exe
index.php.exe
index.php%3Fpid%3D6.exe
exe.exe
cgi.exe
board.php.exe
bb.php.exe
aimeenei.bin.exe
add.exe
74.169.14.172.exe
%3ESZpl%252FEnpuH3s7Wa5Ta3dmtlpmtiQ%3D%3D.exe
%3ErKibpWKW0paH3s7Wa4nk1tmtlpWriQ%3D%3D.exe
%3EpqCcqV%252FInZeH3s7Wa4nk1tmtlpmtiQ%3D%3D.exe
%3EkpqHZo5mantfJsZvlzcWxl2lnhw%3D%3D.exe
%20MainModule717release10000.exe
%20ecard.exe

SNORT Results

Snort Class	Snort Alert	Count
N/A	No snort alerts generated	0

AV Results

AV Alert	AV Vendor
N/A	Symantec
DNSChanger!ei	McAfee
Trojan.Win32.Qhost.nme	Kaspersky
N/A	McAfee
Trojan.Win32.Pincav.adfe	Kaspersky
Backdoor.Trojan	Symantec

Folders (Added) - ICC Results

Path	Folder Name

Files (Added) - ICC Results

Path	File Name
c:	netstat_post.txt
c:	taskv_post.txt
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:	netstat_post.txt
c:	taskv_post.txt
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:	netstat_post.txt
c:	taskv_post.txt
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:	netstat_post.txt
c:	taskv_post.txt
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:	netstat_post.txt
c:	taskv_post.txt
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:	netstat_post.txt
c:	taskv_post.txt
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:	netstat_post.txt
c:	taskv_post.txt

Files (Deleted) - ICC Results

Action	Path	File Name

Files (Changed) - ICC Results

Action	Path	File Name
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING1.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP

Registry Keys (Added) - ICC Results

Action	Path

Registry Values (Added) - ICC Results

Action	Path	Val_Name	Val_Data

Registry Values (Deleted) - ICC Results

Action	Path	Val_Name	Val_Type	Mod_Val_Type	Val_Data	Mod_Val_Data

Registry Values (Changed) - ICC Results

Action	Path	Val_Name	Val_Data	Mod_Val_Data
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	7E F0 65 9F F1 A6 58 42 BA 40 BC CA 48 6C FA 09 88 D6 6C D9 B4 31 C2 88 36 BE 16	B4 C1 FD 03 85 E0 EB 7F D3 EF 1F 83 0B 9C 50 67 75 2E 9C F9 D2 7D 3B A4 9F 51 8
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	A5 05 60 CA 98 DF E2 0E 2D 4C 42 CB 32 10 B5 98 F9 26 2E 28 6D 7D 34 B0 5B EF 75	BE B1 EA 79 39 13 B2 C3 6B E9 7B 76 E0 4E CA 50 D8 26 64 8D 2C 56 B5 55 92 DB 1
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	B5 84 04 66 36 56 22 1B ED 2E 11 FB 90 E4 0D A1 EF 5E DE BD 91 DD 68 FE 01 D4 79	D3 C8 A2 D0 9E 87 06 24 37 3C 35 76 FF C0 CE 00 A6 9D E4 34 FA FB A4 25 3B F4 4
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	AE 64 E0 11 25 0F 09 30 F8 80 33 20 E9 7B 8F 7E D1 2E 27 29 19 6F 0C 77 89 7D 49	16 B6 E9 94 8D 5E 8C 90 53 15 37 8A FA 10 BE ED C4 E9 B6 DA 4B C1 D2 A7 0C D5 3
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	58 64 E5 D4 6D B6 74 D3 BA 0E 68 B1 A5 24 72 EA B4 86 E4 0D 96 9B D7 EB 6C A0 72	BE 57 B9 F4 D3 B4 C9 1E CE DA 56 B6 39 19 65 00 4D FA D3 2A C0 8A 4F 40 08 2D 2
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	B5 22 ED 4A 69 2E 8C AE 83 DA CF 98 AF 3F BD 3F AB 57 E6 96 25 51 09 EF A0 CE F0	E9 88 75 FD B7 41 5D 2E 2D 24 51 B2 F0 B0 62 A8 16 9F D3 12 2B C6 45 52 5C 81 A
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	FE A2 4C 74 3A 9E 94 AB C8 4A DB BE 22 92 37 F7 0E 6B EA 3A 30 DF AF 2E 6A 8C 53	E3 29 03 26 FE A9 4B 2B 7A 48 BD 47 D4 FA B0 6D 6E 39 5B 0B 86 9A 58 D1 E3 FB C
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001

DNS Results

DNS	DNS Response

URL Results

DstIP	HTTP_HOST	HTTP_REQUEST_URI	HTTP_USER_AGENT	PROTOCOL
239.255.255.250	239.255.255.250:1900	*	--blank--	0x11

ARGUS PROTOCOL Results

PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
17	2	0	350	0

ARGUS DPORT Results

DPORT	PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
1900	17	2	0	350	0

ARGUS DATA Results

Time	Date	Protocol	SrcIP	DstIP	Dir	Flags	Sport	Dport	Pkts	Bytes
12:57:30	2010-07-19	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
01:03:17	2010-07-20	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
11:03:07	2010-07-20	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
23:14:26	2010-07-20	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
07:51:59	2010-07-22	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
16:49:39	2010-07-30	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350

Packer Results

Packer Name

HoneyTrap Results

Honey Trap Log File Location

PTFB Results

PTFB Log File Location