Malware Report

Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:

MD5 =2fd1c6dc228ddedcf0f62ef10684fadf

Malware Report - Results

File MD5Sum	SHA1SUM	SHA256SUM	FUZZY HASH	File Size
2fd1c6dc228ddedcf0f62ef10684fadf	ffd7b4f7bad994c5e5f41e966c7d9afc438a53ca	ca91aae08e387b8f3b541cb4a564c5b9ea23d4f522a692ee3f707963f4b2b6bc	192:tN6hRw2Q4zOghOos8GPdLM2TH3ptqLhGhymwyD94jbjLDLfC7PAJ7:4wqO5pBlM2TXqLhG7wyD94	24576

File Results

File Name
postal.exe

SNORT Results

Snort Class	Snort Alert	Count
A Network Trojan was Detected	ET TROJAN Suspicious Useragent Used by Several trojans (API-Guide test program)	1

AV Results

AV Alert	AV Vendor
N/A	Symantec
Artemis!2FD1C6DC228D	McAfee
Trojan.Win32.Scar.evou	Kaspersky

Folders (Added) - ICC Results

Path	Folder Name
c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	MSHist012011102120111022
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	ITB2CJ0C

Files (Added) - ICC Results

Path	File Name
c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5/MSHist012011102120111022	index.dat
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	desktop.ini
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	postal[1].htm
c:/WINDOWS/Prefetch	AUTOIT3.EXE-32361418.pf
c:/WINDOWS/Prefetch	DIEP.EXE-0B3E1DC8.pf
c:/WINDOWS/Prefetch	EXPLORER.EXE-082F38A9.pf
c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
c:/WINDOWS/Prefetch	IEXPLORE.EXE-27122324.pf
c:/WINDOWS/Prefetch	REG.EXE-0D2A95F7.pf
c:/WINDOWS/Prefetch	REGSHOT.EXE-010A5EE6.pf
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:/WINDOWS	SoftwareIO.exe

Files (Deleted) - ICC Results

Action	Path	File Name

Files (Changed) - ICC Results

Action	Path	File Name
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	NTOSBOOT-B00DFAAD.pf
modified	c:/WINDOWS/Prefetch	SCP.EXE-174845DC.pf
modified	c:/WINDOWS/Prefetch	SENDIT.EXE-34C997E3.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS	SchedLgU.Txt
modified	c:/WINDOWS/SoftwareDistribution/DataStore/Logs	edb.chk
modified	c:/WINDOWS/system32/config	software.LOG
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP

Registry Keys (Added) - ICC Results

Action	Path
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{08B0E5C0-4FCB-11CF-AAA5-00401C608501}/iexplore
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{FB5F1910-F110-11D2-BB9E-00C04F795683}
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{FB5F1910-F110-11D2-BB9E-00C04F795683}/iexplore
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/Cache/Extensible Cache/MSHist012011102120111022

Registry Values (Added) - ICC Results

Action	Path	Val_Name	Val_Data
added	HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/policies/system	EnableLUA	0x00000000
added	HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run	Software	"C:/Windows/SoftwareIO.exe"
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{08B0E5C0-4FCB-11CF-AAA5-00401C608501}/iexplore	Type	0x00000004
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{08B0E5C0-4FCB-11CF-AAA5-00401C608501}/iexplore	Count	0x00000001
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{08B0E5C0-4FCB-11CF-AAA5-00401C608501}/iexplore	Time	DB 07 0A 00 05 00 15 00 13 00 08 00 37 00 19 01
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{FB5F1910-F110-11D2-BB9E-00C04F795683}/iexplore	Type	0x00000004
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{FB5F1910-F110-11D2-BB9E-00C04F795683}/iexplore	Count	0x00000001
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{FB5F1910-F110-11D2-BB9E-00C04F795683}/iexplore	Time	DB 07 0A 00 05 00 15 00 13 00 08 00 37 00 19 01
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/Cache/Extensible Cache/MSHist012011102120111022	CachePath	"%USERPROFILE%Local SettingsHistoryHistory.IE5MSHist012011102120111022"
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/Cache/Extensible Cache/MSHist012011102120111022	CachePrefix	":2011102120111022: "
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/Cache/Extensible Cache/MSHist012011102120111022	CacheLimit	0x00002000
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/Cache/Extensible Cache/MSHist012011102120111022	CacheOptions	0x0000000B
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/Cache/Extensible Cache/MSHist012011102120111022	CacheRepair	0x00000000

Registry Values (Deleted) - ICC Results

Action	Path	Val_Name	Val_Type	Mod_Val_Type	Val_Data	Mod_Val_Data

Registry Values (Changed) - ICC Results

Action	Path	Val_Name	Val_Data	Mod_Val_Data
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	89 5E 1E 06 70 DA 2B F6 ED 16 4A 65 15 11 3A A3 96 E1 82 6D 3B A4 9D 08 49 B2 AD	A8 EF 46 3A 44 13 13 F4 D0 B3 DE 0A 8F B1 3B 85 4F FD 68 2A 6F 9D DF 32 FE FB E9
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}/iexplore	Count	0x00000008	0x00000009
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}/iexplore	Time	DA 07 08 00 02 00 03 00 08 00 15 00 34 00 57 01	DB 07 0A 00 05 00 15 00 13 00 08 00 37 00 8C 00
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/BagMRU	MRUListEx	01 00 00 00 00 00 00 00 02 00 00 00 04 00 00 00 03 00 00 00 FF FF FF FF	00 00 00 00 01 00 00 00 02 00 00 00 04 00 00 00 03 00 00 00 FF FF FF FF
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000003

DNS Results

DNS	DNS Response
dri.publicidad3.org	Standard query response A 204.93.193.117

URL Results

DstIP	HTTP_HOST	HTTP_REQUEST_URI	HTTP_USER_AGENT	PROTOCOL
204.93.193.117	dri.publicidad3.org	/dns/dns.php	API-Guide test program	0x06
199.168.186.158	199.168.186.158	/~terrapos/terra/postal.php	Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)	0x06

ARGUS PROTOCOL Results

PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
6	10	8	913	1030

ARGUS DPORT Results

DPORT	PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
80	6	10	8	913	1030

ARGUS DATA Results

Time	Date	Protocol	SrcIP	DstIP	Dir	Flags	Sport	Dport	Pkts	Bytes
18:13:41	2011-10-18	6	10.10.10.7	204.93.193.117	->	e	505	80	9	903
18:13:44	2011-10-18	6	10.10.10.7	199.168.186.158	->	e	336	80	9	1040

Packer Results

Packer Name

HoneyTrap Results

Honey Trap Log File Location

PTFB Results

PTFB Log File Location