Malware Report

Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:

MD5 =4e04a86dbf426823bb6d8ec7f00ce267

Malware Report - Results

File MD5Sum	SHA1SUM	SHA256SUM	FUZZY HASH	File Size
4e04a86dbf426823bb6d8ec7f00ce267	0edf39bd2de95018aa395f7bcbdc9084d81923d8	88196e89b314c2c784e6260fa5603ded15708b84c2c192399010f0b7a155f6b0	6144:8NEMveY0vfnK1TgjHQyp23Mb/LbsbeE4aNl7x8XFRRYjjEnZAl4PxEMj:AEMvb0vfnK1o/LoCE4	258048

File Results

File Name
Amor%2DPara%2DTi.swf.exe

SNORT Results

Snort Class	Snort Alert	Count
N/A	No snort alerts generated	0

AV Results

AV Alert	AV Vendor
Trojan.Gen.2	Symantec
BackDoor-CEP!zw	McAfee
Backdoor.Win32.Bifrose.dqrs	Kaspersky

Folders (Added) - ICC Results

Path	Folder Name

Files (Added) - ICC Results

Path	File Name
c:/Documents and Settings/dmc73144/Local Settings/Temp	~DF9DC7.tmp
c:/WINDOWS/Prefetch	AUTOIT3.EXE-32361418.pf
c:/WINDOWS/Prefetch	REGSHOT.EXE-010A5EE6.pf
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:/WINDOWS/SoftwareDistribution/DataStore/Logs	tmp.edb
c:/WINDOWS	updt32.exe

Files (Deleted) - ICC Results

Action	Path	File Name

Files (Changed) - ICC Results

Action	Path	File Name
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/Prefetch	WUAUCLT.EXE-399A8E72.pf
modified	c:/WINDOWS/SoftwareDistribution/DataStore	DataStore.edb
modified	c:/WINDOWS/SoftwareDistribution/DataStore/Logs	edb.chk
modified	c:/WINDOWS/SoftwareDistribution/DataStore/Logs	edb.log
modified	c:/WINDOWS/system32/config	software.LOG
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS	WindowsUpdate.log

Registry Keys (Added) - ICC Results

Action	Path
added	HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/WindowsUpdate/Reporting/RebootWatch

Registry Values (Added) - ICC Results

Action	Path	Val_Name	Val_Data
added	HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run	scssrr.exe	"C:/WINDOWS/updt32.exe"

Registry Values (Deleted) - ICC Results

Action	Path	Val_Name	Val_Type	Mod_Val_Type	Val_Data	Mod_Val_Data

Registry Values (Changed) - ICC Results

Action	Path	Val_Name	Val_Data	Mod_Val_Data
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	BB 1C 3A B9 35 1F FA 4A 48 93 E8 BE 8F 7A A0 65 CA EF DC 52 30 DF A3 1D DE 2D 4D	0F 30 33 41 C9 18 F4 C9 6F 5F 7F 93 2E D2 11 F8 35 3A 12 2F A2 E6 B3 CA F7 7C BF
modified	HKLM/SYSTEM/ControlSet001/Services/Eventlog/Application/ESENT	EventMessageFile	"c	"C:WINDOWSsystem32ESENT.dll"
modified	HKLM/SYSTEM/ControlSet001/Services/Eventlog/Application/ESENT	CategoryMessageFile	"c	"C:WINDOWSsystem32ESENT.dll"
modified	HKLM/SYSTEM/CurrentControlSet/Services/Eventlog/Application/ESENT	EventMessageFile	"c	"C:WINDOWSsystem32ESENT.dll"
modified	HKLM/SYSTEM/CurrentControlSet/Services/Eventlog/Application/ESENT	CategoryMessageFile	"c	"C:WINDOWSsystem32ESENT.dll"

DNS Results

DNS	DNS Response
black189.4irc.com	Standard query response A 92.242.140.35

URL Results

DstIP	HTTP_HOST	HTTP_REQUEST_URI	HTTP_USER_AGENT	PROTOCOL

ARGUS PROTOCOL Results

PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES

ARGUS DPORT Results

DPORT	PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES

ARGUS DATA Results

Time	Date	Protocol	SrcIP	DstIP	Dir	Flags	Sport	Dport	Pkts	Bytes

Packer Results

Packer Name

HoneyTrap Results

Honey Trap Log File Location

PTFB Results

PTFB Log File Location