Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =2ea83963c15a02577f66784e15af47da

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    2ea83963c15a02577f66784e15af47dac9650c337baf310a39797ecfa0e607220e56d15a9e8380608b547a395e563a13207707226596559442df470798c55b5d0293c0c212288:kz+4KMVzDfrTRYQ3+WltCiHE4vTB3cwhu7CdfCRHHDfVIEO:oFDf/RkWjJvTOeusQjm539648

    File Results

    File Name
    FHackPublic.exe

    SNORT Results

    Snort ClassSnort AlertCount
    N/ANo snort alerts generated0

    AV Results

    AV AlertAV Vendor
    Trojan.GenSymantec
    GenericMcAfee
    Trojan.Win32.Siscos.aosKaspersky

    Folders (Added) - ICC Results

    PathFolder Name
    c:Windupdt

    Files (Added) - ICC Results

    PathFile Name
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/PrefetchWINUPDATE.EXE-26CE0264.pf
    c:netstat_post.txt
    c:taskv_post.txt
    c:/WindupdtWinUpdate.exe

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed9F F8 AB 52 F2 F5 2F A6 48 A3 56 24 8D 85 94 B8 AA FD 3A E2 84 BA 0E 34 B0 49 51 35 0A 35 7B 14 8D D2 E0 36 29 85 25 53 33 24 3E FA EA 0F 6F 3E 51 40 68 5B AB 7
    modifiedHKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/WinlogonUserinitC:WINDOWSsystem32userinit.exe, "C
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001

    DNS Results

    DNSDNS Response
    fuckingnubs.no-ip.bizStandard query response A 66.30.17.158

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    62772721677816357
    17101750

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    210062772721677816357
    190017101750

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    09:15:412011-05-16610.10.10.766.30.17.158-> e 42210012724
    09:15:462011-05-16610.10.10.766.30.17.158-> e 42210011660
    09:15:522011-05-16610.10.10.766.30.17.158-> e 4221004240
    09:15:522011-05-16610.10.10.766.30.17.158-> e 412210013793
    09:15:582011-05-16610.10.10.766.30.17.158-> e 412210011660
    09:16:032011-05-16610.10.10.766.30.17.158-> e 412210011660
    09:16:082011-05-16610.10.10.766.30.17.158-> e 514210012733
    09:16:132011-05-16610.10.10.766.30.17.158-> e 514210011660
    09:16:182011-05-16610.10.10.766.30.17.158-> e 514210013780
    09:16:232011-05-16610.10.10.766.30.17.158-> e 452210013793
    09:16:292011-05-16610.10.10.766.30.17.158-> e 452210010600
    09:16:342011-05-16610.10.10.766.30.17.158-> e 452210010600
    09:16:392011-05-16610.10.10.766.30.17.158-> e 45221004240
    09:16:402011-05-16610.10.10.766.30.17.158-> e 536210013793
    09:16:452011-05-16610.10.10.766.30.17.158-> e 536210010600
    09:16:502011-05-16610.10.10.766.30.17.158-> e 536210014840
    09:16:562011-05-16610.10.10.766.30.17.158-> e 212210013793
    09:17:012011-05-16610.10.10.766.30.17.158-> e 212210011660
    09:17:062011-05-16610.10.10.766.30.17.158-> e 212210013780
    09:17:122011-05-16610.10.10.766.30.17.158-> e 578210012733
    09:17:172011-05-16610.10.10.766.30.17.158-> e 578210011660
    09:17:222011-05-16610.10.10.766.30.17.158-> e 578210013780
    09:17:272011-05-16610.10.10.766.30.17.158-> e 109210013793
    09:17:332011-05-16610.10.10.766.30.17.158-> e 109210010600
    09:17:382011-05-16610.10.10.766.30.17.158-> e 109210014840
    09:17:432011-05-16610.10.10.766.30.17.158-> e 58210013793
    09:17:492011-05-16610.10.10.766.30.17.158-> e 58210011660
    09:17:542011-05-16610.10.10.766.30.17.158-> e 58210013780
    09:18:002011-05-16610.10.10.766.30.17.158-> e 111210013793
    09:18:052011-05-16610.10.10.766.30.17.158-> e 111210011660
    09:18:102011-05-16610.10.10.766.30.17.158-> e 111210013780
    09:18:162011-05-16610.10.10.766.30.17.158-> e 213210012733
    09:18:212011-05-16610.10.10.766.30.17.158-> e 213210011660
    09:18:262011-05-16610.10.10.766.30.17.158-> e 213210013780
    09:18:322011-05-16610.10.10.766.30.17.158-> e 731210012733
    09:18:372011-05-16610.10.10.766.30.17.158-> e 731210010600
    09:18:422011-05-16610.10.10.766.30.17.158-> e 731210014840
    09:18:482011-05-16610.10.10.766.30.17.158-> e 773210013793
    09:18:532011-05-16610.10.10.766.30.17.158-> e 773210011660
    09:18:582011-05-16610.10.10.766.30.17.158-> e 773210013780
    09:19:042011-05-16610.10.10.766.30.17.158-> e 774210012733
    09:19:092011-05-16610.10.10.766.30.17.158-> e 774210011660
    09:19:142011-05-16610.10.10.766.30.17.158-> e 774210013780
    09:19:192011-05-16610.10.10.766.30.17.158-> e 817210013793
    09:19:252011-05-16610.10.10.766.30.17.158-> e 817210011660
    09:19:302011-05-16610.10.10.766.30.17.158-> e 817210013780
    09:19:362011-05-16610.10.10.766.30.17.158-> e d 81821008484
    09:19:432011-05-16610.10.10.766.30.17.158-> e d 81821003185
    09:21:132011-05-161710.10.10.7239.255.255.250-> e 819001175

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location