**** Malware_Report_-_Results ****
This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
MD5 =35ab3252ab8c38f44d34efa8c03f29b5

**** Malware_Report_-_Results ****
 _____________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|File_MD5Sum_____________________|SHA1SUM_________________________________|SHA256SUM_______________________________________________________|FUZZY_HASH______________________________________________________________________|File_Size|
|35ab3252ab8c38f44d34efa8c03f29b5|60fd2f2323c983b02c9d996f2df8704bb88b4757|5a1bc084983f0f7532dbcd65249b4bd0a54ae8fa35b37214196a2ae7b5eb8c50|12288:XaB7p3sXmTU2WBnZ7yeeFt0vcjmD8qQLVy8cPI/zg45x+QU5d2L5:X07EmA26yavtD8zR2sdx+|715264___|
**** File_Results ****
 ___________
|File_Name__|
|westpac.exe|
**** SNORT_Results ****
 ___________________________________________
|Snort_Class|Snort_Alert______________|Count|
|N/A________|No_snort_alerts_generated|0____|
**** AV_Results ****
 __________________
|AV_Alert|AV_Vendor|
**** Folders_(Added)_-_ICC_Results ****
 ________________
|Path|Folder_Name|
|c:__|Windupdt___|
**** Files_(Added)_-_ICC_Results ****
 ____________________________________________
|Path_______________|File_Name_______________|
|c:/WINDOWS/Prefetch|AUTOIT3.EXE-32361418.pf_|
|c:/WINDOWS/Prefetch|DIEP.EXE-0B3E1DC8.pf____|
|c:/WINDOWS/Prefetch|EXPLORER.EXE-082F38A9.pf|
|c:/WINDOWS/Prefetch|HSTART.EXE-221D72BF.pf__|
|c:/WINDOWS/Prefetch|REGSHOT.EXE-010A5EE6.pf_|
|c:/WINDOWS/Prefetch|SANDNET.EXE-2012C478.pf_|
|c:_________________|netstat_post.txt________|
|c:_________________|taskv_post.txt__________|
|c:/Windupdt________|WinUpdate.exe___________|
**** Files_(Deleted)_-_ICC_Results ****
 _____________________
|Action|Path|File_Name|
**** Files_(Changed)_-_ICC_Results ****
 ________________________________________________________________________________________________________________________
|Action__|Path__________________________________________________________________________________|File_Name_______________|
|modified|c:/Documents_and_Settings/dmc73144/Cookies____________________________________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/History/History.IE5_________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144____________________________________________________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|NOTEPAD.EXE-336351A9.pf_|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|NTOSBOOT-B00DFAAD.pf____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SCP.EXE-174845DC.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SENDIT.EXE-34C997E3.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|WUAUCLT.EXE-399A8E72.pf_|
|modified|c:/WINDOWS____________________________________________________________________________|SchedLgU.Txt____________|
|modified|c:/WINDOWS/SoftwareDistribution/DataStore/Logs________________________________________|edb.chk_________________|
|modified|c:/WINDOWS/system32/drivers/etc_______________________________________________________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|OBJECTS.MAP_____________|
**** Registry_Keys_(Added)_-_ICC_Results ****
 ___________
|Action|Path|
**** Registry_Values_(Added)_-_ICC_Results ****
 _____________________________
|Action|Path|Val_Name|Val_Data|
**** Registry_Values_(Deleted)_-_ICC_Results ****
 ________________________________________________________________
|Action|Path|Val_Name|Val_Type|Mod_Val_Type|Val_Data|Mod_Val_Data|
**** Registry_Values_(Changed)_-_ICC_Results ****
 _____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action__|Path______________________________________________________|Val_Name|Val_Data________________________________________________________________________|Mod_Val_Data___________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG__________________|Seed____|CB_1E_3A_FA_EE_68_7F_AE_35_02_2E_FB_CE_E2_B1_B6_28_A1_26_55_E5_F7_9A_67_26_C5_62|AA_7D_B5_9A_FF_1A_5F_9C_98_23_7C_17_F0_97_35_71_66_0E_00_DC_1B_B3_AD_38_65_E2_D|
|modified|HKLM/SOFTWARE/Microsoft/Windows_NT/CurrentVersion/Winlogon|Userinit|C:WINDOWSsystem32userinit.exe,__________________________________________________|"C_____________________________________________________________________________|
**** DNS_Results ****
 ________________
|DNS|DNS_Response|
**** URL_Results ****
 ______________________________________________________________________________
|DstIP__________|HTTP_HOST___________|HTTP_REQUEST_URI|HTTP_USER_AGENT|PROTOCOL|
|239.255.255.250|239.255.255.250:1900|*_______________|--blank--______|0x11____|
**** ARGUS_PROTOCOL_Results ****
 ______________________________________________
|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|6_______|276_____|268_____|16716____|16110____|
|17______|2_______|0_______|350______|0________|
**** ARGUS_DPORT_Results ****
 ____________________________________________________
|DPORT|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|1604_|6_______|276_____|268_____|16716____|16110____|
|1900_|17______|2_______|0_______|350______|0________|
**** ARGUS_DATA_Results ****
 ________________________________________________________________________________________
|Time____|Date______|Protocol|SrcIP_____|DstIP__________|Dir|Flags|Sport|Dport|Pkts|Bytes|
|23:37:38|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|30___|1604_|11__|664__|
|23:37:43|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|30___|1604_|11__|660__|
|23:37:48|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|30___|1604_|5___|300__|
|23:37:49|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|31___|1604_|13__|793__|
|23:37:54|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|31___|1604_|10__|600__|
|23:37:59|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|31___|1604_|14__|840__|
|23:38:05|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|35___|1604_|13__|793__|
|23:38:10|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|35___|1604_|11__|660__|
|23:38:15|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|35___|1604_|13__|780__|
|23:38:21|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|179__|1604_|13__|793__|
|23:38:26|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|179__|1604_|10__|600__|
|23:38:31|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|179__|1604_|14__|840__|
|23:38:36|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|314__|1604_|13__|793__|
|23:38:42|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|314__|1604_|11__|660__|
|23:38:47|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|314__|1604_|13__|780__|
|23:38:52|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|99___|1604_|13__|793__|
|23:38:58|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|99___|1604_|11__|660__|
|23:39:03|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|99___|1604_|13__|780__|
|23:39:09|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|434__|1604_|13__|793__|
|23:39:14|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|434__|1604_|10__|600__|
|23:39:19|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|434__|1604_|10__|600__|
|23:39:24|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|101__|1604_|13__|793__|
|23:39:24|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|434__|1604_|4___|240__|
|23:39:30|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|101__|1604_|10__|600__|
|23:39:35|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|101__|1604_|14__|840__|
|23:39:40|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|389__|1604_|13__|793__|
|23:39:46|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|389__|1604_|11__|660__|
|23:39:51|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|389__|1604_|13__|780__|
|23:39:56|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|503__|1604_|13__|793__|
|23:40:02|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|503__|1604_|10__|600__|
|23:40:07|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|503__|1604_|14__|840__|
|23:40:13|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|521__|1604_|13__|793__|
|23:40:18|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|521__|1604_|11__|660__|
|23:40:23|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|521__|1604_|13__|780__|
|23:40:29|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|613__|1604_|12__|733__|
|23:40:34|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|613__|1604_|10__|600__|
|23:40:39|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|613__|1604_|14__|840__|
|23:40:44|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|456__|1604_|13__|793__|
|23:40:50|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|456__|1604_|11__|660__|
|23:40:55|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|456__|1604_|13__|780__|
|23:41:00|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|639__|1604_|13__|793__|
|23:41:06|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|639__|1604_|10__|600__|
|23:41:11|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|639__|1604_|10__|600__|
|23:41:17|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|233__|1604_|13__|793__|
|23:41:16|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|639__|1604_|4___|240__|
|23:41:22|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e____|233__|1604_|11__|660__|
|23:41:27|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e_d__|233__|1604_|11__|660__|
|23:41:34|2011-06-01|6_______|10.10.10.7|110.86.23.246__|->_|e_d__|233__|1604_|2___|120__|
|23:43:05|2011-06-01|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
**** Packer_Results ****
 ___________
|Packer_Name|
**** HoneyTrap_Results ****
 ____________________________
|Honey_Trap_Log_File_Location|
**** PTFB_Results ****
 ______________________
|PTFB_Log_File_Location|