File MD5Sum | SHA1SUM | SHA256SUM | FUZZY HASH | File Size |
---|---|---|---|---|
4e04a86dbf426823bb6d8ec7f00ce267 | 0edf39bd2de95018aa395f7bcbdc9084d81923d8 | 88196e89b314c2c784e6260fa5603ded15708b84c2c192399010f0b7a155f6b0 | 6144:8NEMveY0vfnK1TgjHQyp23Mb/LbsbeE4aNl7x8XFRRYjjEnZAl4PxEMj:AEMvb0vfnK1o/LoCE4 | 258048 |
File Name |
---|
Amor%2DPara%2DTi.swf.exe |
Snort Class | Snort Alert | Count |
---|---|---|
N/A | No snort alerts generated | 0 |
AV Alert | AV Vendor |
---|---|
Trojan.Gen.2 | Symantec |
BackDoor-CEP!zw | McAfee |
Backdoor.Win32.Bifrose.dqrs | Kaspersky |
Path | Folder Name |
---|
Action | Path | File Name |
---|
Action | Path |
---|---|
added | HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/WindowsUpdate/Reporting/RebootWatch |
Action | Path | Val_Name | Val_Data |
---|---|---|---|
added | HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run | scssrr.exe | "C:/WINDOWS/updt32.exe" |
Action | Path | Val_Name | Val_Type | Mod_Val_Type | Val_Data | Mod_Val_Data |
---|
Action | Path | Val_Name | Val_Data | Mod_Val_Data |
---|---|---|---|---|
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | BB 1C 3A B9 35 1F FA 4A 48 93 E8 BE 8F 7A A0 65 CA EF DC 52 30 DF A3 1D DE 2D 4D | 0F 30 33 41 C9 18 F4 C9 6F 5F 7F 93 2E D2 11 F8 35 3A 12 2F A2 E6 B3 CA F7 7C BF |
modified | HKLM/SYSTEM/ControlSet001/Services/Eventlog/Application/ESENT | EventMessageFile | "c | "C:WINDOWSsystem32ESENT.dll" |
modified | HKLM/SYSTEM/ControlSet001/Services/Eventlog/Application/ESENT | CategoryMessageFile | "c | "C:WINDOWSsystem32ESENT.dll" |
modified | HKLM/SYSTEM/CurrentControlSet/Services/Eventlog/Application/ESENT | EventMessageFile | "c | "C:WINDOWSsystem32ESENT.dll" |
modified | HKLM/SYSTEM/CurrentControlSet/Services/Eventlog/Application/ESENT | CategoryMessageFile | "c | "C:WINDOWSsystem32ESENT.dll" |
DNS | DNS Response |
---|---|
black189.4irc.com | Standard query response A 92.242.140.35 |
DstIP | HTTP_HOST | HTTP_REQUEST_URI | HTTP_USER_AGENT | PROTOCOL |
---|
PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|
DPORT | PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|
Time | Date | Protocol | SrcIP | DstIP | Dir | Flags | Sport | Dport | Pkts | Bytes |
---|
Packer Name |
---|
Honey Trap Log File Location |
---|
PTFB Log File Location |
---|