Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =35ab3252ab8c38f44d34efa8c03f29b5

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    35ab3252ab8c38f44d34efa8c03f29b560fd2f2323c983b02c9d996f2df8704bb88b47575a1bc084983f0f7532dbcd65249b4bd0a54ae8fa35b37214196a2ae7b5eb8c5012288:XaB7p3sXmTU2WBnZ7yeeFt0vcjmD8qQLVy8cPI/zg45x+QU5d2L5:X07EmA26yavtD8zR2sdx+715264

    File Results

    File Name
    westpac.exe

    SNORT Results

    Snort ClassSnort AlertCount
    N/ANo snort alerts generated0

    AV Results

    AV AlertAV Vendor

    Folders (Added) - ICC Results

    PathFolder Name
    c:Windupdt

    Files (Added) - ICC Results

    PathFile Name
    c:/WINDOWS/PrefetchAUTOIT3.EXE-32361418.pf
    c:/WINDOWS/PrefetchDIEP.EXE-0B3E1DC8.pf
    c:/WINDOWS/PrefetchEXPLORER.EXE-082F38A9.pf
    c:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    c:/WINDOWS/PrefetchREGSHOT.EXE-010A5EE6.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:netstat_post.txt
    c:taskv_post.txt
    c:/WindupdtWinUpdate.exe

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchNOTEPAD.EXE-336351A9.pf
    modifiedc:/WINDOWS/PrefetchNTOSBOOT-B00DFAAD.pf
    modifiedc:/WINDOWS/PrefetchSCP.EXE-174845DC.pf
    modifiedc:/WINDOWS/PrefetchSENDIT.EXE-34C997E3.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/PrefetchWMIPRVSE.EXE-28F301A9.pf
    modifiedc:/WINDOWS/PrefetchWUAUCLT.EXE-399A8E72.pf
    modifiedc:/WINDOWSSchedLgU.Txt
    modifiedc:/WINDOWS/SoftwareDistribution/DataStore/Logsedb.chk
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeedCB 1E 3A FA EE 68 7F AE 35 02 2E FB CE E2 B1 B6 28 A1 26 55 E5 F7 9A 67 26 C5 62 AA 7D B5 9A FF 1A 5F 9C 98 23 7C 17 F0 97 35 71 66 0E 00 DC 1B B3 AD 38 65 E2 D
    modifiedHKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/WinlogonUserinitC:WINDOWSsystem32userinit.exe, "C

    DNS Results

    DNSDNS Response

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    62762681671616110
    17203500

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    160462762681671616110
    190017203500

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    23:37:382011-06-01610.10.10.7110.86.23.246-> e 30160411664
    23:37:432011-06-01610.10.10.7110.86.23.246-> e 30160411660
    23:37:482011-06-01610.10.10.7110.86.23.246-> e 3016045300
    23:37:492011-06-01610.10.10.7110.86.23.246-> e 31160413793
    23:37:542011-06-01610.10.10.7110.86.23.246-> e 31160410600
    23:37:592011-06-01610.10.10.7110.86.23.246-> e 31160414840
    23:38:052011-06-01610.10.10.7110.86.23.246-> e 35160413793
    23:38:102011-06-01610.10.10.7110.86.23.246-> e 35160411660
    23:38:152011-06-01610.10.10.7110.86.23.246-> e 35160413780
    23:38:212011-06-01610.10.10.7110.86.23.246-> e 179160413793
    23:38:262011-06-01610.10.10.7110.86.23.246-> e 179160410600
    23:38:312011-06-01610.10.10.7110.86.23.246-> e 179160414840
    23:38:362011-06-01610.10.10.7110.86.23.246-> e 314160413793
    23:38:422011-06-01610.10.10.7110.86.23.246-> e 314160411660
    23:38:472011-06-01610.10.10.7110.86.23.246-> e 314160413780
    23:38:522011-06-01610.10.10.7110.86.23.246-> e 99160413793
    23:38:582011-06-01610.10.10.7110.86.23.246-> e 99160411660
    23:39:032011-06-01610.10.10.7110.86.23.246-> e 99160413780
    23:39:092011-06-01610.10.10.7110.86.23.246-> e 434160413793
    23:39:142011-06-01610.10.10.7110.86.23.246-> e 434160410600
    23:39:192011-06-01610.10.10.7110.86.23.246-> e 434160410600
    23:39:242011-06-01610.10.10.7110.86.23.246-> e 101160413793
    23:39:242011-06-01610.10.10.7110.86.23.246-> e 43416044240
    23:39:302011-06-01610.10.10.7110.86.23.246-> e 101160410600
    23:39:352011-06-01610.10.10.7110.86.23.246-> e 101160414840
    23:39:402011-06-01610.10.10.7110.86.23.246-> e 389160413793
    23:39:462011-06-01610.10.10.7110.86.23.246-> e 389160411660
    23:39:512011-06-01610.10.10.7110.86.23.246-> e 389160413780
    23:39:562011-06-01610.10.10.7110.86.23.246-> e 503160413793
    23:40:022011-06-01610.10.10.7110.86.23.246-> e 503160410600
    23:40:072011-06-01610.10.10.7110.86.23.246-> e 503160414840
    23:40:132011-06-01610.10.10.7110.86.23.246-> e 521160413793
    23:40:182011-06-01610.10.10.7110.86.23.246-> e 521160411660
    23:40:232011-06-01610.10.10.7110.86.23.246-> e 521160413780
    23:40:292011-06-01610.10.10.7110.86.23.246-> e 613160412733
    23:40:342011-06-01610.10.10.7110.86.23.246-> e 613160410600
    23:40:392011-06-01610.10.10.7110.86.23.246-> e 613160414840
    23:40:442011-06-01610.10.10.7110.86.23.246-> e 456160413793
    23:40:502011-06-01610.10.10.7110.86.23.246-> e 456160411660
    23:40:552011-06-01610.10.10.7110.86.23.246-> e 456160413780
    23:41:002011-06-01610.10.10.7110.86.23.246-> e 639160413793
    23:41:062011-06-01610.10.10.7110.86.23.246-> e 639160410600
    23:41:112011-06-01610.10.10.7110.86.23.246-> e 639160410600
    23:41:172011-06-01610.10.10.7110.86.23.246-> e 233160413793
    23:41:162011-06-01610.10.10.7110.86.23.246-> e 63916044240
    23:41:222011-06-01610.10.10.7110.86.23.246-> e 233160411660
    23:41:272011-06-01610.10.10.7110.86.23.246-> e d 233160411660
    23:41:342011-06-01610.10.10.7110.86.23.246-> e d 23316042120
    23:43:052011-06-011710.10.10.7239.255.255.250-> e 819002350

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location