Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =3cdb9e4c12ff9bb76197469bed0aad2f

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    3cdb9e4c12ff9bb76197469bed0aad2fb15c27b7baac2692964ed91b18b196ba3081f56d81a7cf2d38b08402294c592d3a85b703a753683248ae352141ff5e42943a83f349152:P1xY5Fsls3vWRxAMtTbl7LrzIZhmEm16aSJNzadVSsW:flyJMtT9HERfcVB1624576

    File Results

    File Name
    arraysaw.net.exe

    SNORT Results

    Snort ClassSnort AlertCount
    A Network Trojan was detectedET TROJAN LDPinch Checkin (5)1
    A Network Trojan was detectedET TROJAN LDPinch Checkin (2)1

    AV Results

    AV AlertAV Vendor

    Folders (Added) - ICC Results

    PathFolder Name
    c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5MSHist012010042020100421
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE587IMY4XV
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5ITB2CJ0C
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5WO4JPI86

    Files (Added) - ICC Results

    PathFile Name
    c:/DELL/VIDEO/OUTPUTnetstat_base.txt
    c:/DELL/VIDEO/OUTPUTnetstat_post.txt
    c:/DELL/VIDEO/OUTPUTtasksvc_base.txt
    c:/DELL/VIDEO/OUTPUTtasksvc_post.txt
    c:/DELL/VIDEO/OUTPUTtaskv_base.txt
    c:/DELL/VIDEO/OUTPUTtaskv_post.txt
    c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5/MSHist012010042020100421index.dat
    c:/Documents and Settings/dmc73144/Local Settings/Temp1_goo.exe
    c:/Documents and Settings/dmc73144/Local Settings/Temp4_pinnew.exe
    c:/Documents and Settings/dmc73144/Local Settings/Temp5_odbns.exe
    c:/Documents and Settings/dmc73144/Local Settings/Temp60325cahp25ca0.exe
    c:/Documents and Settings/dmc73144/Local Settings/Tempavto.exe
    c:/Documents and Settings/dmc73144/Local Settings/Tempteste1_p.exe
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/87IMY4XVdesktop.ini
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0Cdesktop.ini
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0Cr[1].htm
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/WO4JPI86desktop.ini
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/WO4JPI86r[1].htm
    c:/WINDOWS/Prefetch1033X.EXE-20B8AC9E.pf
    c:/WINDOWS/Prefetch1_GOO.EXE-15FE1DEE.pf
    c:/WINDOWS/Prefetch2_LOAD.EXE-35E31D12.pf
    c:/WINDOWS/Prefetch4_PINNEW.EXE-20359EE0.pf
    c:/WINDOWS/Prefetch5_ODBNS.EXE-0A05BF52.pf
    c:/WINDOWS/Prefetch7Z.EXE-1A62CD19.pf
    c:/WINDOWS/PrefetchAUTOIT3.EXE-32361418.pf
    c:/WINDOWS/PrefetchAVTO.EXE-112EBFA8.pf
    c:/WINDOWS/PrefetchDIEP.EXE-0B3E1DC8.pf
    c:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    c:/WINDOWS/PrefetchREGSHOT.EXE-010A5EE6.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/PrefetchSVCHOST.EXE-3530F672.pf
    c:/WINDOWS/PrefetchTESTE1_P.EXE-38221047.pf
    c:/WINDOWS/system321033x.exe
    c:/WINDOWS/system3282799957.dat
    c:/WINDOWSlsass.exe
    c:/WINDOWSodbns.exe
    c:/WINDOWSsvc.exe
    c:BoOT.INi

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/Documents and Settings/LocalServicentuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchNTOSBOOT-B00DFAAD.pf
    modifiedc:/WINDOWS/PrefetchSCP.EXE-174845DC.pf
    modifiedc:/WINDOWS/PrefetchSENDIT.EXE-34C997E3.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/PrefetchWMIPRVSE.EXE-28F301A9.pf
    modifiedc:/WINDOWS/PrefetchWUAUCLT.EXE-399A8E72.pf
    modifiedc:/WINDOWS/SoftwareDistribution/DataStore/Logsedb.chk
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/configsystem.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswbemess.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING1.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeedE1 FC 83 8A 18 DE 96 D3 8E 4C E5 64 20 82 24 9D 84 1E 2C 7D FA 3F 0B 5C AD 8A 23 00 65 AD 8A F0 C4 53 65 E2 20 12 97 CB 3F 80 29 DB 40 E8 34 DA 60 70 25 C1 72 C
    modifiedHKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/ProfileList/S-1-5-19RefCount0x00000002 0x00000001
    modifiedHKLM/SYSTEM/ControlSet001/Services/SharedAccess/EpochEpoch0x00000104 0x00000106
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/EpochEpoch0x00000104 0x00000106
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 1A 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0

    DNS Results

    DNSDNS Response
    www.edition-wilhelm-rieber.deStandard query response A 80.67.28.84
    supertds.comStandard query response A 64.74.223.32
    moretds.orgStandard query response A 188.124.9.62
    saloongins.netStandard query response A 188.124.9.60
    bulkrecord.comStandard query response A 63.251.179.57 A 64.158.56.57
    settopworld.netStandard query response A 188.124.9.61
    greatinstant.netStandard query response A 188.124.9.61
    trenublo.comStandard query response A 188.124.9.61
    bestwebtop.netStandard query response A 188.124.9.61
    greattaby.comStandard query response A 188.124.9.59
    cafebarplaza.cnStandard query response A 188.124.9.59

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    80.67.28.84www.edition-wilhelm-rieber.de/js/r/r.php?r=1Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)0x06
    64.74.223.32supertds.com/getit.php0x06
    80.67.28.84www.edition-wilhelm-rieber.de/js/r/r.php?r=4Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)0x06
    188.124.9.60saloongins.net/nopte/tds2.phpMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)0x06
    63.251.179.57bulkrecord.com/scripts/index.php0x06
    188.124.9.61settopworld.net/incallspa.phpMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)0x06
    188.124.9.61greatinstant.net/yourseekerz.phpMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)0x06
    188.124.9.61trenublo.com/estplanete.phpMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)0x06
    188.124.9.61bestwebtop.net/estvirtuel.phpMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)0x06
    188.124.9.59greattaby.com/addlinkworld.phpMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)0x06
    188.124.9.59cafebarplaza.cn/mostextra.phpMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)0x06
    188.124.9.61settopworld.net/greattab.phpMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)0x06
    188.124.9.61greatinstant.net/therealabc.phpMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)0x06
    188.124.9.61trenublo.com/topext.phpMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)0x06
    188.124.9.61trenublo.com/yourtopline.phpMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)0x06
    188.124.9.61trenublo.com/counterbest.phpMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)0x06
    188.124.9.61bestwebtop.net/detectinga.phpMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)0x06
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    61611381656426067
    174340761660

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    8061611381656426067
    1900174340761660

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    01:40:542010-04-20610.10.10.780.67.28.84-> e 10680101078
    01:40:572010-04-20610.10.10.764.74.223.32-> e 18080131985
    01:41:002010-04-20610.10.10.7188.124.9.62-> e 17280102939
    01:41:002010-04-20610.10.10.780.67.28.84-> e 718091018
    01:41:022010-04-20610.10.10.764.74.223.32-> e 18080101965
    01:41:032010-04-20610.10.10.763.251.179.57-> e 18180223653
    01:41:072010-04-20610.10.10.764.74.223.32-> e 180806633
    01:41:082010-04-20610.10.10.763.251.179.57-> e 18180101965
    01:41:092010-04-20610.10.10.7188.124.9.61-> e 728091027
    01:41:132010-04-20610.10.10.763.251.179.57-> e 181805300
    01:41:282010-04-20610.10.10.7188.124.9.61-> e 1838091030
    01:41:472010-04-20610.10.10.7188.124.9.61-> e 1868091025
    01:42:052010-04-20610.10.10.7188.124.9.61-> e 1888091027
    01:42:082010-04-20610.10.10.764.74.223.32-> e 14680131985
    01:42:132010-04-20610.10.10.764.74.223.32-> e 14680112298
    01:42:182010-04-20610.10.10.764.74.223.32-> e 146805300
    01:42:252010-04-20610.10.10.7188.124.9.59-> e 408091028
    01:42:442010-04-20610.10.10.7188.124.9.59-> e 568091027
    01:43:022010-04-20610.10.10.7188.124.9.61-> e 1088091026
    01:43:192010-04-20610.10.10.764.74.223.32-> e 19080131985
    01:43:212010-04-20610.10.10.7188.124.9.61-> e 1918091029
    01:43:242010-04-20610.10.10.764.74.223.32-> e 19080112298
    01:43:292010-04-20610.10.10.764.74.223.32-> e 190805300
    01:43:402010-04-20610.10.10.7188.124.9.61-> e 608091021
    01:43:592010-04-20610.10.10.7188.124.9.61-> e 1958091026
    01:44:182010-04-20610.10.10.7188.124.9.61-> e 248091026
    01:44:302010-04-20610.10.10.764.74.223.32-> e 2680131985
    01:44:352010-04-20610.10.10.764.74.223.32-> e 2680101965
    01:44:372010-04-20610.10.10.7188.124.9.61-> e 1998091027
    01:44:402010-04-20610.10.10.764.74.223.32-> e 26806633
    01:40:572010-04-201710.10.10.7239.255.255.250-> e 34190081404
    01:41:022010-04-201710.10.10.7239.255.255.250-> e 341900122106
    01:41:122010-04-201710.10.10.7239.255.255.250-> e 731900142457
    01:41:182010-04-201710.10.10.7239.255.255.250-> e 73190061053
    01:41:222010-04-201710.10.10.7239.255.255.250-> e 1821900142457
    01:41:282010-04-201710.10.10.7239.255.255.250-> e 182190061053
    01:41:322010-04-201710.10.10.7239.255.255.250-> e 1841900142457
    01:41:382010-04-201710.10.10.7239.255.255.250-> e 184190061053
    01:41:422010-04-201710.10.10.7239.255.255.250-> e 1851900122106
    01:41:482010-04-201710.10.10.7239.255.255.250-> e 185190081404
    01:41:522010-04-201710.10.10.7239.255.255.250-> e 1871900142457
    01:41:582010-04-201710.10.10.7239.255.255.250-> e 187190061053
    01:42:022010-04-201710.10.10.7239.255.255.250-> e 1401900142457
    01:42:082010-04-201710.10.10.7239.255.255.250-> e 140190061053
    01:42:122010-04-201710.10.10.7239.255.255.250-> e 1581900142457
    01:42:172010-04-201710.10.10.7239.255.255.250-> e 158190061053
    01:42:222010-04-201710.10.10.7239.255.255.250-> e 391900142457
    01:42:282010-04-201710.10.10.7239.255.255.250-> e 39190061053
    01:42:322010-04-201710.10.10.7239.255.255.250-> e 181900122106
    01:42:382010-04-201710.10.10.7239.255.255.250-> e 18190081404
    01:42:422010-04-201710.10.10.7239.255.255.250-> e 431900142457
    01:42:482010-04-201710.10.10.7239.255.255.250-> e 43190061053
    01:42:522010-04-201710.10.10.7239.255.255.250-> e 441900101755
    01:42:592010-04-201710.10.10.7239.255.255.250-> e 4419002351
    01:43:052010-04-201710.10.10.7239.255.255.250-> e 4419004702
    01:43:122010-04-201710.10.10.7239.255.255.250-> e 4419004702
    01:43:172010-04-201710.10.10.7239.255.255.250-> e 1891900162808
    01:43:232010-04-201710.10.10.7239.255.255.250-> e 18919004702
    01:43:272010-04-201710.10.10.7239.255.255.250-> e 1921900122106
    01:43:322010-04-201710.10.10.7239.255.255.250-> e 192190081404
    01:43:372010-04-201710.10.10.7239.255.255.250-> e 591900162808
    01:43:432010-04-201710.10.10.7239.255.255.250-> e 5919004702
    01:43:472010-04-201710.10.10.7239.255.255.250-> e 1931900162808
    01:43:532010-04-201710.10.10.7239.255.255.250-> e 19319004702
    01:43:572010-04-201710.10.10.7239.255.255.250-> e 1941900162808
    01:44:032010-04-201710.10.10.7239.255.255.250-> e 19419004702
    01:44:072010-04-201710.10.10.7239.255.255.250-> e 1961900162808
    01:44:132010-04-201710.10.10.7239.255.255.250-> e 19619004702
    01:44:172010-04-201710.10.10.7239.255.255.250-> e 1971900142457
    01:44:222010-04-201710.10.10.7239.255.255.250-> e 197190061053
    01:44:272010-04-201710.10.10.7239.255.255.250-> e 251900162808
    01:44:332010-04-201710.10.10.7239.255.255.250-> e 2519004702
    01:44:372010-04-201710.10.10.7239.255.255.250-> e 1981900162808
    01:44:432010-04-201710.10.10.7239.255.255.250-> e 19819004702
    01:44:472010-04-201710.10.10.7239.255.255.250-> e 2001900122106
    01:46:262010-04-201710.10.10.7239.255.255.250-> e 819002350

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location