**** Malware_Report_-_Results ****
This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
MD5 =4c806459c744620b84cc6dceb838ef64

**** Malware_Report_-_Results ****
 _____________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|File_MD5Sum_____________________|SHA1SUM_________________________________|SHA256SUM_______________________________________________________|FUZZY_HASH______________________________________________________________________|File_Size|
|4c806459c744620b84cc6dceb838ef64|6ec805f13214a93d3b615e8cc614a6cc734966a1|5053bef3c6b22cb1ac90d124f8794d3f8541119b35b26edd2e221e3b38c52aa5|3072:ZYhrihSYup/A1kgDwWHUzEfY18miNLrV/LKL9XWyaWWKRp6a6Q8qqoXVUFfDU3eR:yhR9vJoYNi|281600___|
**** File_Results ****
 ____________
|File_Name___|
|show.php.exe|
|4.exe_______|
**** SNORT_Results ****
 ___________________________________________
|Snort_Class|Snort_Alert______________|Count|
|N/A________|No_snort_alerts_generated|0____|
**** AV_Results ****
 __________________
|AV_Alert|AV_Vendor|
**** Folders_(Added)_-_ICC_Results ****
 ________________
|Path|Folder_Name|
**** Files_(Added)_-_ICC_Results ****
 ____________________________________________
|Path________________|File_Name______________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf|
|c:__________________|netstat_post.txt_______|
|c:__________________|taskv_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|netstat_base.txt_______|
|c:/DELL/VIDEO/OUTPUT|netstat_post.txt_______|
|c:/DELL/VIDEO/OUTPUT|tasksvc_base.txt_______|
|c:/DELL/VIDEO/OUTPUT|tasksvc_post.txt_______|
|c:/DELL/VIDEO/OUTPUT|taskv_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|taskv_post.txt_________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_____|
|c:/WINDOWS/Prefetch_|NET.EXE-01A53C2F.pf____|
|c:/WINDOWS/Prefetch_|NET1.EXE-029B9DB4.pf___|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf|
**** Files_(Deleted)_-_ICC_Results ****
 _____________________
|Action|Path|File_Name|
**** Files_(Changed)_-_ICC_Results ****
 ________________________________________________________________________
|Action__|Path__________________________________|File_Name_______________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/drivers/etc_______|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/drivers/etc_______|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
**** Registry_Keys_(Added)_-_ICC_Results ****
 ___________
|Action|Path|
**** Registry_Values_(Added)_-_ICC_Results ****
 _____________________________
|Action|Path|Val_Name|Val_Data|
**** Registry_Values_(Deleted)_-_ICC_Results ****
 ________________________________________________________________
|Action|Path|Val_Name|Val_Type|Mod_Val_Type|Val_Data|Mod_Val_Data|
**** Registry_Values_(Changed)_-_ICC_Results ****
 __________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action__|Path_______________________________________________________________|Val_Name____|Val_Data________________________________________________________________________|Mod_Val_Data___________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|76_AC_F7_94_5F_99_33_45_87_54_77_27_83_3F_5B_58_C9_05_A5_00_43_7F_1E_CC_7F_BC_9C|21_32_D9_E3_69_1B_4A_0D_34_90_BA_C2_4A_40_F2_FD_20_99_9C_BB_6F_1A_A2_9E_0A_D3_E|
|modified|HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch______________|Epoch_______|0x00000104______________________________________________________________________|0x00000105_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch__________|Epoch_______|0x00000104______________________________________________________________________|0x00000105_____________________________________________________________________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|79_11_5E_7B_2F_80_C5_21_6B_88_D9_44_AB_5D_C2_6F_A7_C7_DB_BF_E8_63_F1_11_59_46_46|99_92_8B_6B_50_57_A9_72_AC_16_D5_02_8C_48_4F_76_2E_9B_9B_99_1F_4F_A7_D3_26_46_C|
|modified|HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch______________|Epoch_______|0x00000104______________________________________________________________________|0x00000105_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch__________|Epoch_______|0x00000104______________________________________________________________________|0x00000105_____________________________________________________________________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
**** DNS_Results ****
 ________________
|DNS|DNS_Response|
**** URL_Results ****
 ___________________________________________________________________________________________________
|DstIP__________|HTTP_HOST_______________|HTTP_REQUEST_URI_________________|HTTP_USER_AGENT|PROTOCOL|
|77.78.240.80___|drivers-win-x4442124.com|/vk/get_ip_pay_needblock_lite.php|_______________|0x06____|
|77.78.240.80___|drivers-win-x4442124.com|/vk/1-md5________________________|_______________|0x06____|
|77.78.240.80___|drivers-win-x4442124.com|/vk/1-encode_____________________|_______________|0x06____|
|239.255.255.250|239.255.255.250:1900____|*________________________________|--blank--______|0x11____|
**** ARGUS_PROTOCOL_Results ****
 ______________________________________________
|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|6_______|90______|84______|5892_____|21432____|
|17______|2_______|0_______|350______|0________|
**** ARGUS_DPORT_Results ****
 ____________________________________________________
|DPORT|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|80___|6_______|90______|84______|5892_____|21432____|
|1900_|17______|2_______|0_______|350______|0________|
**** ARGUS_DATA_Results ****
 ________________________________________________________________________________________
|Time____|Date______|Protocol|SrcIP_____|DstIP__________|Dir|Flags|Sport|Dport|Pkts|Bytes|
|07:55:46|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|224__|80___|13__|1971_|
|07:55:51|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|224__|80___|10__|1965_|
|07:55:56|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|224__|80___|6___|633__|
|07:55:57|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|284__|80___|13__|1947_|
|07:56:02|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|284__|80___|10__|1965_|
|07:56:07|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|284__|80___|6___|633__|
|07:56:08|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|511__|80___|13__|1950_|
|07:56:13|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|511__|80___|11__|2298_|
|07:56:18|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|511__|80___|5___|300__|
|07:58:19|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|619__|80___|13__|1971_|
|07:58:24|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|619__|80___|11__|2298_|
|07:58:29|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|619__|80___|5___|300__|
|07:58:30|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|668__|80___|13__|1947_|
|07:58:35|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|668__|80___|11__|2298_|
|07:58:41|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|668__|80___|5___|300__|
|07:58:41|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|461__|80___|13__|1950_|
|07:58:46|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|461__|80___|11__|2298_|
|07:58:51|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|461__|80___|5___|300__|
|08:01:10|2010-09-25|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|20:09:14|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|222__|80___|13__|1971_|
|20:09:19|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e_d__|222__|80___|12__|2631_|
|20:09:25|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|222__|80___|5___|300__|
|20:09:25|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|223__|80___|13__|1947_|
|20:09:31|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|223__|80___|11__|2298_|
|20:09:36|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|223__|80___|5___|300__|
|20:09:36|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|400__|80___|13__|1950_|
|20:09:42|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|400__|80___|10__|1965_|
|20:09:47|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|400__|80___|6___|633__|
|20:11:48|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|299__|80___|13__|1971_|
|20:11:53|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|299__|80___|10__|1965_|
|20:11:58|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|299__|80___|6___|633__|
|20:11:59|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|714__|80___|14__|2280_|
|20:12:04|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|714__|80___|11__|2025_|
|20:12:10|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|756__|80___|13__|1950_|
|20:12:10|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|714__|80___|4___|240__|
|20:12:15|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|756__|80___|11__|2298_|
|20:12:20|2010-09-25|6_______|10.10.10.7|77.78.240.80___|->_|e____|756__|80___|5___|300__|
|20:14:39|2010-09-25|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
**** Packer_Results ****
 ___________
|Packer_Name|
**** HoneyTrap_Results ****
 ____________________________
|Honey_Trap_Log_File_Location|
**** PTFB_Results ****
 ______________________
|PTFB_Log_File_Location|