Malware Report

Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:

MD5 =425c8868f73ce47fe46ceefc09bae877

Malware Report - Results

File MD5Sum	SHA1SUM	SHA256SUM	FUZZY HASH	File Size
425c8868f73ce47fe46ceefc09bae877	b1036858db0c1259b146f2fc4dad194c19d34c16	4e1df41685f36426fdb1e8000a248b1807f2bc2803f4c6376985f4a65f9117d3	6144:ky7iTB74YEAcnjqFYDkvkns6ouSXGmgdjgF7hMWjIZUCYq7jUPx56hFpkPf6YwE6:ml7PaqFIk8	438590

File Results

File Name
DC0356.exe

SNORT Results

Snort Class	Snort Alert	Count
N/A	No snort alerts generated	0

AV Results

AV Alert	AV Vendor
N/A	Symantec
Generic.dx!bado	McAfee
N/A	Kaspersky

Folders (Added) - ICC Results

Path	Folder Name
c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	MSHist012011073020110731
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	ITB2CJ0C
c:/Documents and Settings/dmc73144	РРРРРРР

Files (Added) - ICC Results

Path	File Name
c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5/MSHist012011073020110731	index.dat
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	desktop.ini
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	EYCnO[1].htm
c:/WINDOWS/Prefetch	7Z.EXE-1A62CD19.pf
c:/WINDOWS/Prefetch	IEXPLORE.EXE-27122324.pf
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:/WINDOWS/system32/drivers/etc	svchost.exe
c:	netstat_post.txt

Files (Deleted) - ICC Results

Action	Path	File Name

Files (Changed) - ICC Results

Action	Path	File Name
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/system32/config	software.LOG
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Logs	wbemess.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING1.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP

Registry Keys (Added) - ICC Results

Action	Path

Registry Values (Added) - ICC Results

Action	Path	Val_Name	Val_Data

Registry Values (Deleted) - ICC Results

Action	Path	Val_Name	Val_Type	Mod_Val_Type	Val_Data	Mod_Val_Data

Registry Values (Changed) - ICC Results

Action	Path	Val_Name	Val_Data	Mod_Val_Data
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	1A 39 E3 0A 2F 92 E3 1A 23 52 02 6F D0 9C D2 35 4E C7 0F EF 0B 42 03 1C 9C AD F0	52 D8 AD 1C 31 83 CD 2A 70 64 C1 CB 25 C6 6B 6A 11 B5 3A 15 0B 3E 02 86 50 45 D
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Explorer/Main	Window_Placement	2C 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF	2C 00 00 00 00 00 00 00 01 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF F
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Explorer/UserAssist/{5E6AB780-7743-11CF-A12B-00AA004AE837}/Count	HRZR_PGYFRFFVBA	89 C3 53 0E 0D 00 00 00	9B 74 62 0E 0E 00 00 00
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}/iexplore	Count	0x00000007	0x00000008
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}/iexplore	Time	D9 07 0C 00 03 00 09 00 03 00 0C 00 36 00 51 02	DB 07 07 00 06 00 1E 00 08 00 22 00 04 00 13 02
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/BagMRU	MRUListEx	01 00 00 00 00 00 00 00 02 00 00 00 04 00 00 00 03 00 00 00 FF FF FF FF	00 00 00 00 01 00 00 00 02 00 00 00 04 00 00 00 03 00 00 00 FF FF FF FF
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/Bags/1/Shell	WFlags	0x00000002	0x00000000
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/Bags/1/Shell	ShowCmd	0x00000003	0x00000001

DNS Results

DNS	DNS Response
goo.gl	Standard query response A 72.14.204.102 A 72.14.204.113 A 72.14.204.138 A 72.14.204.100 A 72.14.204.101

URL Results

DstIP	HTTP_HOST	HTTP_REQUEST_URI	HTTP_USER_AGENT	PROTOCOL
72.14.204.102	goo.gl	/EYCnO	Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)	0x06
239.255.255.250	239.255.255.250:1900	*	--blank--	0x11

ARGUS PROTOCOL Results

PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
6	5	4	579	515
17	1	0	175	0

ARGUS DPORT Results

DPORT	PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
80	6	5	4	579	515
1900	17	1	0	175	0

ARGUS DATA Results

Time	Date	Protocol	SrcIP	DstIP	Dir	Flags	Sport	Dport	Pkts	Bytes
08:34:13	2011-07-30	6	10.10.10.7	72.14.204.102	->	e	11	80	9	1094
08:39:35	2011-07-30	17	10.10.10.7	239.255.255.250	->	e	8	1900	1	175

Packer Results

Packer Name

HoneyTrap Results

Honey Trap Log File Location

PTFB Results

PTFB Log File Location