**** Malware_Report_-_Results ****
This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
MD5 =564048b35da9d447f2e861d5896d908d

**** Malware_Report_-_Results ****
 ___________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|File_MD5Sum_____________________|SHA1SUM_________________________________|SHA256SUM_______________________________________________________|FUZZY_HASH____________________________________________________________________|File_Size|
|564048b35da9d447f2e861d5896d908d|2a6d5ad9a782c96f9cd214fcd105056248e6df31|6fbc4d506f4d4e0a64ca09fd826408d3103c1a258c370553583a07a4cb9a6530|768:Xa+sl1CyWuSOuRUxjwcIA4RkfpocQijKB9pftm+Ezz/aS:Xat8zuSF2wcIdRkfOcpjKB9pZEaS|37376____|
**** File_Results ****
 ___________
|File_Name__|
|ml2.txt.exe|
**** SNORT_Results ****
 ___________________________________________________________________
|Snort_Class|Snort_Alert______________________________________|Count|
|Misc_Attack|ET_RBN_Known_Russian_Business_Network_IP_TCP_(62)|4____|
|Misc_Attack|ET_DROP_Spamhaus_DROP_Listed_Traffic_Inbound_____|1____|
**** AV_Results ****
 _______________________________
|AV_Alert_____________|AV_Vendor|
|Backdoor.Trojan______|Symantec_|
|Generic______________|McAfee___|
|Backdoor.Win32.VB.nju|Kaspersky|
**** Folders_(Added)_-_ICC_Results ****
 ________________
|Path|Folder_Name|
**** Files_(Added)_-_ICC_Results ****
 ______________________________________________________________________________
|Path__________________________________________________|File_Name______________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|qtfcyyp.exe____________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|yq4yr18ww.bat__________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|~DF57AA.tmp____________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|~DFBC23.tmp____________|
|c:/WINDOWS/Prefetch___________________________________|NET.EXE-01A53C2F.pf____|
|c:/WINDOWS/Prefetch___________________________________|NET1.EXE-029B9DB4.pf___|
|c:/WINDOWS/Prefetch___________________________________|QTFCYYP.EXE-0D80FEDE.pf|
|c:/WINDOWS/Prefetch___________________________________|SANDNET.EXE-2012C478.pf|
|c:/WINDOWS/Prefetch___________________________________|SC.EXE-012262AF.pf_____|
|c:/WINDOWS/system32___________________________________|31rvuk6.log____________|
|c:____________________________________________________|netstat_post.txt_______|
|c:____________________________________________________|tasksvc_post.txt_______|
|c:____________________________________________________|taskv_post.txt_________|
|c:/WINDOWS/Prefetch___________________________________|7Z.EXE-1A62CD19.pf_____|
|c:/WINDOWS/Prefetch___________________________________|SANDNET.EXE-2012C478.pf|
|c:____________________________________________________|netstat_post.txt_______|
|c:____________________________________________________|tasksvc_post.txt_______|
|c:____________________________________________________|taskv_post.txt_________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|e6kd7goc.bat___________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|qtfcyyp.exe____________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|~DF8940.tmp____________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|~DFD638.tmp____________|
|c:/WINDOWS/Prefetch___________________________________|NET.EXE-01A53C2F.pf____|
|c:/WINDOWS/Prefetch___________________________________|NET1.EXE-029B9DB4.pf___|
|c:/WINDOWS/Prefetch___________________________________|QTFCYYP.EXE-0D80FEDE.pf|
|c:/WINDOWS/Prefetch___________________________________|SANDNET.EXE-2012C478.pf|
|c:/WINDOWS/Prefetch___________________________________|SC.EXE-012262AF.pf_____|
|c:/WINDOWS/system32___________________________________|31rvuk6.log____________|
|c:____________________________________________________|netstat_post.txt_______|
|c:____________________________________________________|tasksvc_post.txt_______|
|c:____________________________________________________|taskv_post.txt_________|
**** Files_(Deleted)_-_ICC_Results ****
 _____________________
|Action|Path|File_Name|
**** Files_(Changed)_-_ICC_Results ****
 ________________________________________________________________________________________________________________________
|Action__|Path__________________________________________________________________________________|File_Name_______________|
|modified|c:/Documents_and_Settings/dmc73144/Cookies____________________________________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/History/History.IE5_________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144____________________________________________________|ntuser.dat.LOG__________|
|modified|c:/Documents_and_Settings/LocalService________________________________________________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/config____________________________________________________________|software.LOG____________|
|modified|c:/WINDOWS/system32/config____________________________________________________________|SysEvent.Evt____________|
|modified|c:/WINDOWS/system32/config____________________________________________________________|system.LOG______________|
|modified|c:/WINDOWS/system32/drivers/etc_______________________________________________________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wmiprov.log_____________|
|modified|c:/Documents_and_Settings/dmc73144____________________________________________________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|MAPPING1.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144/Cookies____________________________________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/History/History.IE5_________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144____________________________________________________|ntuser.dat.LOG__________|
|modified|c:/Documents_and_Settings/LocalService________________________________________________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/config____________________________________________________________|software.LOG____________|
|modified|c:/WINDOWS/system32/config____________________________________________________________|SysEvent.Evt____________|
|modified|c:/WINDOWS/system32/config____________________________________________________________|system.LOG______________|
|modified|c:/WINDOWS/system32/drivers/etc_______________________________________________________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wmiprov.log_____________|
**** Registry_Keys_(Added)_-_ICC_Results ****
 ___________
|Action|Path|
**** Registry_Values_(Added)_-_ICC_Results ****
 _____________________________
|Action|Path|Val_Name|Val_Data|
**** Registry_Values_(Deleted)_-_ICC_Results ****
 ________________________________________________________________
|Action|Path|Val_Name|Val_Type|Mod_Val_Type|Val_Data|Mod_Val_Data|
**** Registry_Values_(Changed)_-_ICC_Results ****
 ______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action__|Path____________________________________________________________________________________________________________________|Val_Name___________|Val_Data________________________________________________________________________|Mod_Val_Data___________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG________________________________________________________________________________|Seed_______________|4B_5D_3C_F6_50_D8_70_89_0F_03_69_45_F5_7E_D2_64_CA_31_4A_DD_B2_AE_20_9B_69_03_25|43_B7_3F_62_64_78_11_C8_5B_FD_5C_07_EA_0F_28_B1_51_D1_8C_08_BB_23_BA_3D_7A_84_2|
|modified|HKLM/SOFTWARE/Microsoft/Windows_NT/CurrentVersion/ProfileList/S-1-5-19__________________________________________________|RefCount___________|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/SharedAccess_________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch___________________________________________________________________|Epoch______________|0x00000104______________________________________________________________________|0x00000105_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/wscsvc_______________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess_____________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch_______________________________________________________________|Epoch______________|0x00000104______________________________________________________________________|0x00000105_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/wscsvc___________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Connections|SavedLegacySettings|3C_00_00_00_15_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_00|3C_00_00_00_17_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_0|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation_____________________________________________________|ProgramCount_______|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG________________________________________________________________________________|Seed_______________|09_49_54_7E_82_7E_14_D4_DE_C6_90_D7_BA_D7_B1_35_22_B2_CA_05_08_1D_39_3E_28_18_38|86_18_E2_C0_02_D3_EC_54_3B_7A_CD_52_A8_B7_27_8E_26_77_E1_0C_D5_7C_B2_1A_B4_8F_6|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation_____________________________________________________|ProgramCount_______|0x00000002______________________________________________________________________|0x00000003_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG________________________________________________________________________________|Seed_______________|05_96_41_AD_AC_B1_FE_C8_74_76_81_4C_5B_A4_DF_61_ED_D8_25_F2_B4_43_FE_18_F4_A4_C4|E2_56_DC_E3_5E_40_D8_94_89_1D_71_11_9B_30_13_0E_86_67_50_FF_7C_89_D4_72_25_5F_9|
|modified|HKLM/SOFTWARE/Microsoft/Windows_NT/CurrentVersion/ProfileList/S-1-5-19__________________________________________________|RefCount___________|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/SharedAccess_________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch___________________________________________________________________|Epoch______________|0x00000104______________________________________________________________________|0x00000105_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/wscsvc_______________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess_____________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch_______________________________________________________________|Epoch______________|0x00000104______________________________________________________________________|0x00000105_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/wscsvc___________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Connections|SavedLegacySettings|3C_00_00_00_15_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_00|3C_00_00_00_17_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_0|
**** DNS_Results ****
 ___________________________________________________
|DNS________|DNS_Response___________________________|
|mewgost.com|Standard_query_response_A_194.28.44.213|
**** URL_Results ****
 ___________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|DstIP__________|HTTP_HOST___________|HTTP_REQUEST_URI___________________________________________________________________________________________________________________________________|HTTP_USER_AGENT__________________________________________________|PROTOCOL|
|194.28.44.213__|mewgost.com_________|/list.php?c=B4AC885F94224AE64DAAC6EE0346C213D049B58E0B3969C1DC9ECA9D5FF7F6D9DFE10E13F3845D3386FFC45E0D4897B5778D4CBB9FE6A5F44337&v=2&t=9.170169E-02|Mozilla/4.0_(compatible;_MSIE_6.0.2900.2180;_Windows_NT_5.1.2600)|0x06____|
|194.28.44.213__|mewgost.com_________|/list.php?c=D5CD11C608BE50FC61862008FEBB43924CD55962A89A872FFBB91A4D3D9587A8003E3D20790E1C729CE592084306A78582788C7B8EF75E0FDEAA&v=2&t=0.291012____|Mozilla/4.0_(compatible;_MSIE_6.0.2900.2180;_Windows_NT_5.1.2600)|0x06____|
|194.28.44.213__|mewgost.com_________|/list.php?c=140CEB3CA315359901E6022A02476DBC9A03B78CA391872F91D34314EC44250A92ACF1EC0D7A82EC7900801AD89DFBD9C238C93ED2ABCF9E4135&v=2&t=0.1554376___|Mozilla/4.0_(compatible;_MSIE_6.0.2900.2180;_Windows_NT_5.1.2600)|0x06____|
|194.28.44.213__|mewgost.com_________|/list.php?c=342C5087F64045E902E57D55EAAF3AEBF56C6F54F0C2D47C6321B7E0A50D4E616759908DA6D1E18F2950158FF6B396B4609AB245A0D959081561&v=2&t=0.1592066___|Mozilla/4.0_(compatible;_MSIE_6.0.2900.2180;_Windows_NT_5.1.2600)|0x06____|
|194.28.44.213__|mewgost.com_________|/list.php?c=B4AC885F94224AE64DAAC6EE0346C213D049B58E0B3969C1DC9ECA9D5FF7F6D9DFE10E13F3845D3386FFC45E0D4897B5778D4CBB9FE6A5F44337&v=2&t=0.663418____|Mozilla/4.0_(compatible;_MSIE_6.0.2900.2180;_Windows_NT_5.1.2600)|0x06____|
|194.28.44.213__|mewgost.com_________|/list.php?c=0D151FC8B503C16DA6418AA21A5FE6377BE283B80133F25A53114B1C02AA2F001E209B86384F59377E0722B8E9ACAD8F877D35C269104415C3B7&v=2&t=1.385134E-02|Mozilla/4.0_(compatible;_MSIE_6.0.2900.2180;_Windows_NT_5.1.2600)|0x06____|
|194.28.44.213__|mewgost.com_________|/list.php?c=B5ADFC2B9325F854FC1B456D9DD870A1148DBD863604E44C3F7DEDBAD37BC4EBBA84706DB5C21C72EE9754CEBFFA1A38EA10C43385FCCA9B1165&v=2&t=0.9291345___|Mozilla/4.0_(compatible;_MSIE_6.0.2900.2180;_Windows_NT_5.1.2600)|0x06____|
|194.28.44.213__|mewgost.com_________|/list.php?c=435BDE0917A17ED2856270589CD97FAE138A526993A108A0723085D247EF456AEFD1B4A906715D33E1986AF083C64B692ED483747900E9B81165&v=2&t=0.6016046___|Mozilla/4.0_(compatible;_MSIE_6.0.2900.2180;_Windows_NT_5.1.2600)|0x06____|
|239.255.255.250|239.255.255.250:1900|*__________________________________________________________________________________________________________________________________________________|--blank--________________________________________________________|0x11____|
**** ARGUS_PROTOCOL_Results ****
 ______________________________________________
|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|6_______|20______|16______|2418_____|2060_____|
|17______|2_______|0_______|350______|0________|
**** ARGUS_DPORT_Results ****
 ____________________________________________________
|DPORT|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|80___|6_______|20______|16______|2418_____|2060_____|
|1900_|17______|2_______|0_______|350______|0________|
**** ARGUS_DATA_Results ****
 ________________________________________________________________________________________
|Time____|Date______|Protocol|SrcIP_____|DstIP__________|Dir|Flags|Sport|Dport|Pkts|Bytes|
|21:19:15|2011-04-03|6_______|10.10.10.7|194.28.44.213__|->_|e____|227__|80___|9___|1122_|
|21:20:21|2011-04-03|6_______|10.10.10.7|194.28.44.213__|->_|e____|531__|80___|9___|1118_|
|21:21:36|2011-04-03|6_______|10.10.10.7|194.28.44.213__|->_|e____|259__|80___|9___|1119_|
|21:22:41|2011-04-03|6_______|10.10.10.7|194.28.44.213__|->_|e____|759__|80___|9___|1119_|
|16:00:35|2011-04-29|6_______|10.10.10.7|194.28.44.213__|->_|e____|43___|80___|9___|1118_|
|16:01:39|2011-04-29|6_______|10.10.10.7|194.28.44.213__|->_|e____|532__|80___|9___|1122_|
|16:02:51|2011-04-29|6_______|10.10.10.7|194.28.44.213__|->_|e____|258__|80___|9___|1119_|
|16:03:54|2011-04-29|6_______|10.10.10.7|194.28.44.213__|->_|e____|762__|80___|9___|1119_|
|16:06:07|2011-04-29|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
**** Packer_Results ****
 ___________
|Packer_Name|
**** HoneyTrap_Results ****
 ____________________________
|Honey_Trap_Log_File_Location|
**** PTFB_Results ****
 ______________________
|PTFB_Log_File_Location|