**** Malware_Report_-_Results ****
This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
MD5 =2e3f7fdbafb99fed7fa0dd79a962cc53

**** Malware_Report_-_Results ****
 _____________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|File_MD5Sum_____________________|SHA1SUM_________________________________|SHA256SUM_______________________________________________________|FUZZY_HASH______________________________________________________________________|File_Size|
|2e3f7fdbafb99fed7fa0dd79a962cc53|e973bceef5f30a9545c714717a4d05eb100e074b|258e4d5a4d49b6a8ed54818e98286bca27eded152a53f52c2af810c90309895f|384:0pRdCy4MqlWAmQ+87GTYo5dsOZCfwaW/R4IUpxFEaSklm3z0ZEvCJaS95JCedbV:WCyVqltmQz6T|24102____|
**** File_Results ****
 _______________________________________________
|File_Name______________________________________|
|view.exe_______________________________________|
|teemaeko.bin.exe_______________________________|
|statistics.php.exe_____________________________|
|sofeigoo.bin.exe_______________________________|
|securedupdaterfix717.exe_______________________|
|opapa.exe______________________________________|
|l.php.exe______________________________________|
|install.php%3Fcoid.exe_________________________|
|inst.php%3Ffff%3D7071710000%26saf%3Dru.exe_____|
|index1.php.exe_________________________________|
|index.php.exe__________________________________|
|index.php%3Fpid%3D6.exe________________________|
|exe.exe________________________________________|
|cgi.exe________________________________________|
|board.php.exe__________________________________|
|bb.php.exe_____________________________________|
|aimeenei.bin.exe_______________________________|
|add.exe________________________________________|
|74.169.14.172.exe______________________________|
|%3ESZpl%252FEnpuH3s7Wa5Ta3dmtlpmtiQ%3D%3D.exe__|
|%3ErKibpWKW0paH3s7Wa4nk1tmtlpWriQ%3D%3D.exe____|
|%3EpqCcqV%252FInZeH3s7Wa4nk1tmtlpmtiQ%3D%3D.exe|
|%3EkpqHZo5mantfJsZvlzcWxl2lnhw%3D%3D.exe_______|
|%20MainModule717release10000.exe_______________|
|%20ecard.exe___________________________________|
**** SNORT_Results ****
 ___________________________________________
|Snort_Class|Snort_Alert______________|Count|
|N/A________|No_snort_alerts_generated|0____|
**** AV_Results ****
 __________________________________
|AV_Alert________________|AV_Vendor|
|N/A_____________________|Symantec_|
|DNSChanger!ei___________|McAfee___|
|Trojan.Win32.Qhost.nme__|Kaspersky|
|N/A_____________________|McAfee___|
|Trojan.Win32.Pincav.adfe|Kaspersky|
|Backdoor.Trojan_________|Symantec_|
**** Folders_(Added)_-_ICC_Results ****
 ________________
|Path|Folder_Name|
**** Files_(Added)_-_ICC_Results ****
 ___________________________________________
|Path_______________|File_Name______________|
|c:_________________|netstat_post.txt_______|
|c:_________________|taskv_post.txt_________|
|c:/WINDOWS/Prefetch|SANDNET.EXE-2012C478.pf|
|c:_________________|netstat_post.txt_______|
|c:_________________|taskv_post.txt_________|
|c:/WINDOWS/Prefetch|SANDNET.EXE-2012C478.pf|
|c:_________________|netstat_post.txt_______|
|c:_________________|taskv_post.txt_________|
|c:/WINDOWS/Prefetch|SANDNET.EXE-2012C478.pf|
|c:_________________|netstat_post.txt_______|
|c:_________________|taskv_post.txt_________|
|c:/WINDOWS/Prefetch|SANDNET.EXE-2012C478.pf|
|c:_________________|netstat_post.txt_______|
|c:_________________|taskv_post.txt_________|
|c:/WINDOWS/Prefetch|SANDNET.EXE-2012C478.pf|
|c:_________________|netstat_post.txt_______|
|c:_________________|taskv_post.txt_________|
|c:/WINDOWS/Prefetch|SANDNET.EXE-2012C478.pf|
|c:_________________|netstat_post.txt_______|
|c:_________________|taskv_post.txt_________|
**** Files_(Deleted)_-_ICC_Results ****
 _____________________
|Action|Path|File_Name|
**** Files_(Changed)_-_ICC_Results ****
 _______________________________________________________________________
|Action__|Path__________________________________|File_Name______________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG_________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf____|
|modified|c:/WINDOWS/Prefetch___________________|HSTART.EXE-221D72BF.pf_|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf__|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf_|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP___________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP____________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf____|
|modified|c:/WINDOWS/Prefetch___________________|HSTART.EXE-221D72BF.pf_|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf__|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf_|
|modified|c:/WINDOWS/system32/drivers/etc_______|hosts__________________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP___________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP____________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf____|
|modified|c:/WINDOWS/Prefetch___________________|HSTART.EXE-221D72BF.pf_|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf__|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf_|
|modified|c:/WINDOWS/system32/drivers/etc_______|hosts__________________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING1.MAP___________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP____________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf____|
|modified|c:/WINDOWS/Prefetch___________________|HSTART.EXE-221D72BF.pf_|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf__|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf_|
|modified|c:/WINDOWS/system32/drivers/etc_______|hosts__________________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP___________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP____________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf____|
|modified|c:/WINDOWS/Prefetch___________________|HSTART.EXE-221D72BF.pf_|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf__|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf_|
|modified|c:/WINDOWS/system32/drivers/etc_______|hosts__________________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP___________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP____________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf____|
|modified|c:/WINDOWS/Prefetch___________________|HSTART.EXE-221D72BF.pf_|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf__|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf_|
|modified|c:/WINDOWS/system32/drivers/etc_______|hosts__________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP___________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP____________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf____|
|modified|c:/WINDOWS/Prefetch___________________|HSTART.EXE-221D72BF.pf_|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf__|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf_|
|modified|c:/WINDOWS/system32/drivers/etc_______|hosts__________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP___________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP____________|
**** Registry_Keys_(Added)_-_ICC_Results ****
 ___________
|Action|Path|
**** Registry_Values_(Added)_-_ICC_Results ****
 _____________________________
|Action|Path|Val_Name|Val_Data|
**** Registry_Values_(Deleted)_-_ICC_Results ****
 ________________________________________________________________
|Action|Path|Val_Name|Val_Type|Mod_Val_Type|Val_Data|Mod_Val_Data|
**** Registry_Values_(Changed)_-_ICC_Results ****
 __________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action__|Path_______________________________________________________________|Val_Name____|Val_Data________________________________________________________________________|Mod_Val_Data___________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|7E_F0_65_9F_F1_A6_58_42_BA_40_BC_CA_48_6C_FA_09_88_D6_6C_D9_B4_31_C2_88_36_BE_16|B4_C1_FD_03_85_E0_EB_7F_D3_EF_1F_83_0B_9C_50_67_75_2E_9C_F9_D2_7D_3B_A4_9F_51_8|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|A5_05_60_CA_98_DF_E2_0E_2D_4C_42_CB_32_10_B5_98_F9_26_2E_28_6D_7D_34_B0_5B_EF_75|BE_B1_EA_79_39_13_B2_C3_6B_E9_7B_76_E0_4E_CA_50_D8_26_64_8D_2C_56_B5_55_92_DB_1|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|B5_84_04_66_36_56_22_1B_ED_2E_11_FB_90_E4_0D_A1_EF_5E_DE_BD_91_DD_68_FE_01_D4_79|D3_C8_A2_D0_9E_87_06_24_37_3C_35_76_FF_C0_CE_00_A6_9D_E4_34_FA_FB_A4_25_3B_F4_4|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|AE_64_E0_11_25_0F_09_30_F8_80_33_20_E9_7B_8F_7E_D1_2E_27_29_19_6F_0C_77_89_7D_49|16_B6_E9_94_8D_5E_8C_90_53_15_37_8A_FA_10_BE_ED_C4_E9_B6_DA_4B_C1_D2_A7_0C_D5_3|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|58_64_E5_D4_6D_B6_74_D3_BA_0E_68_B1_A5_24_72_EA_B4_86_E4_0D_96_9B_D7_EB_6C_A0_72|BE_57_B9_F4_D3_B4_C9_1E_CE_DA_56_B6_39_19_65_00_4D_FA_D3_2A_C0_8A_4F_40_08_2D_2|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|B5_22_ED_4A_69_2E_8C_AE_83_DA_CF_98_AF_3F_BD_3F_AB_57_E6_96_25_51_09_EF_A0_CE_F0|E9_88_75_FD_B7_41_5D_2E_2D_24_51_B2_F0_B0_62_A8_16_9F_D3_12_2B_C6_45_52_5C_81_A|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|FE_A2_4C_74_3A_9E_94_AB_C8_4A_DB_BE_22_92_37_F7_0E_6B_EA_3A_30_DF_AF_2E_6A_8C_53|E3_29_03_26_FE_A9_4B_2B_7A_48_BD_47_D4_FA_B0_6D_6E_39_5B_0B_86_9A_58_D1_E3_FB_C|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
**** DNS_Results ****
 ________________
|DNS|DNS_Response|
**** URL_Results ****
 ______________________________________________________________________________
|DstIP__________|HTTP_HOST___________|HTTP_REQUEST_URI|HTTP_USER_AGENT|PROTOCOL|
|239.255.255.250|239.255.255.250:1900|*_______________|--blank--______|0x11____|
**** ARGUS_PROTOCOL_Results ****
 ______________________________________________
|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|17______|2_______|0_______|350______|0________|
**** ARGUS_DPORT_Results ****
 ____________________________________________________
|DPORT|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|1900_|17______|2_______|0_______|350______|0________|
**** ARGUS_DATA_Results ****
 ________________________________________________________________________________________
|Time____|Date______|Protocol|SrcIP_____|DstIP__________|Dir|Flags|Sport|Dport|Pkts|Bytes|
|12:57:30|2010-07-19|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|01:03:17|2010-07-20|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|11:03:07|2010-07-20|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|23:14:26|2010-07-20|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|07:51:59|2010-07-22|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|16:49:39|2010-07-30|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
**** Packer_Results ****
 ___________
|Packer_Name|
**** HoneyTrap_Results ****
 ____________________________
|Honey_Trap_Log_File_Location|
**** PTFB_Results ****
 ______________________
|PTFB_Log_File_Location|