**** Malware_Report_-_Results ****
This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
MD5 =5675f5fe409b89eb61136fc3dac675b5

**** Malware_Report_-_Results ****
 _____________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|File_MD5Sum_____________________|SHA1SUM_________________________________|SHA256SUM_______________________________________________________|FUZZY_HASH______________________________________________________________________|File_Size|
|5675f5fe409b89eb61136fc3dac675b5|d33e8c8ce1d2aea0f3df54033a4c6bcb458ec5fb|e49fbbf0bae408000b644e2cb44437c56d8e351cd70d57d3ab0cff8cff1b0f1b|1536:HGXwVWm5UuQlJd40/llDl8ZUF/elGLQqYXwHPzfRjG86jjDO:HGXwP5dQLe0/bl8ZLlGLZY64lD|171008___|
**** File_Results ****
 _________________________________
|File_Name________________________|
|bkb.VirusRamnit%2DaJoSqNtL167.exe|
**** SNORT_Results ****
 ________________________________________________________________________________________
|Snort_Class__________________|Snort_Alert_________________________________________|Count|
|Misc_Attack__________________|ET_RBN_Known_Russian_Business_Network_IP_TCP_(316)__|3____|
|Misc_Attack__________________|ET_RBN_Known_Russian_Business_Network_IP_TCP_(66)___|1____|
|Misc_Attack__________________|ET_RBN_Known_Russian_Business_Network_IP_TCP_(187)__|1____|
|A_Network_Trojan_was_Detected|ET_DROP_Known_Bot_C&C_Server_Traffic_TCP_(group_90)_|1____|
|A_Network_Trojan_was_Detected|ET_DROP_Known_Bot_C&C_Server_Traffic_TCP_(group_176)|1____|
**** AV_Results ****
 ______________________________
|AV_Alert____________|AV_Vendor|
|Packed.Protexor!gen1|Symantec_|
|PWS-Zbot.gen.di_____|McAfee___|
|Virus.Win32.Virut.ce|Kaspersky|
**** Folders_(Added)_-_ICC_Results ****
 ________________
|Path|Folder_Name|
**** Files_(Added)_-_ICC_Results ****
 _______________________________________________________________________________________
|Path__________________________________________________________|File_Name_______________|
|c:/Documents_and_Settings/dmc73144/Start_Menu/Programs/Startup|pdlkjkis.exe____________|
|c:/Program_Files/Internet_Explorer____________________________|dmlconf.dat_____________|
|c:/WINDOWS/Prefetch___________________________________________|IEXPLORE.EXE-27122324.pf|
|c:/WINDOWS/Prefetch___________________________________________|SANDNET.EXE-2012C478.pf_|
|c:____________________________________________________________|netstat_post.txt________|
|c:____________________________________________________________|taskv_post.txt__________|
**** Files_(Deleted)_-_ICC_Results ****
 _____________________
|Action|Path|File_Name|
**** Files_(Changed)_-_ICC_Results ****
 _______________________________________________________________________________________________________________________
|Action__|Path__________________________________________________________________________________|File_Name______________|
|modified|c:/Documents_and_Settings/dmc73144/Cookies____________________________________________|index.dat______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/History/History.IE5_________________|index.dat______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|index.dat______________|
|modified|c:/Program_Files/Internet_Explorer____________________________________________________|iexplore.exe___________|
|modified|c:/Program_Files/OpenSSH/bin__________________________________________________________|sh.exe_________________|
|modified|c:/Program_Files/OpenSSH/bin__________________________________________________________|switch.exe_____________|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|CMD.EXE-087B4001.pf____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|HSTART.EXE-221D72BF.pf_|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|NETSTAT.EXE-2B2B4428.pf|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SH.EXE-00254D2B.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SLEEP.EXE-094A3D2A.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SSHD.EXE-298CA236.pf___|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SWITCH.EXE-0496EC21.pf_|
|modified|c:/WINDOWS/system32/config____________________________________________________________|default.LOG____________|
|modified|c:/WINDOWS/system32/drivers/etc_______________________________________________________|hosts__________________|
|modified|c:/WINDOWS/system32___________________________________________________________________|netstat.exe____________|
|modified|c:/WINDOWS/system32___________________________________________________________________|tasklist.exe___________|
**** Registry_Keys_(Added)_-_ICC_Results ****
 ___________
|Action|Path|
**** Registry_Values_(Added)_-_ICC_Results ****
 _____________________________
|Action|Path|Val_Name|Val_Data|
**** Registry_Values_(Deleted)_-_ICC_Results ****
 ________________________________________________________________
|Action|Path|Val_Name|Val_Type|Mod_Val_Type|Val_Data|Mod_Val_Data|
**** Registry_Values_(Changed)_-_ICC_Results ****
 ________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action__|Path_________________________________________________________________________|Val_Name|Val_Data________________________________________________________________________|Mod_Val_Data___________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG_____________________________________|Seed____|79_EC_33_20_B3_35_86_BE_79_F1_2A_83_1C_B4_FF_70_A1_61_90_3A_7D_7F_7A_60_01_48_14|C4_D1_28_2D_11_4B_2A_42_9A_90_13_C6_F6_61_55_B3_63_7B_8B_89_4F_D7_A1_AA_B0_4B_C|
|modified|HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch________________________|Epoch___|0x00000104______________________________________________________________________|0x00000106_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch____________________|Epoch___|0x00000104______________________________________________________________________|0x00000106_____________________________________________________________________|
|modified|HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell_Folders|Cookies_|C:Documents_and_SettingsDefault_UserCookies_____________________________________|"C_____________________________________________________________________________|
|modified|HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell_Folders|Cache___|C:Documents_and_SettingsDefault_UserLocal_SettingsTemporary_Internet_Files______|"C_____________________________________________________________________________|
|modified|HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell_Folders|History_|C:Documents_and_SettingsDefault_UserLocal_SettingsHistory_______________________|"C_____________________________________________________________________________|
|modified|HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell_Folders|Cookies_|C:Documents_and_SettingsDefault_UserCookies_____________________________________|"C_____________________________________________________________________________|
|modified|HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell_Folders|Cache___|C:Documents_and_SettingsDefault_UserLocal_SettingsTemporary_Internet_Files______|"C_____________________________________________________________________________|
|modified|HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell_Folders|History_|C:Documents_and_SettingsDefault_UserLocal_SettingsHistory_______________________|"C_____________________________________________________________________________|
**** DNS_Results ****
 _________________________________________________________________________________________________________________________________________________
|DNS_______________________|DNS_Response__________________________________________________________________________________________________________|
|google.com________________|Standard_query_response_A_74.125.93.105_A_74.125.93.106_A_74.125.93.147_A_74.125.93.99_A_74.125.93.103_A_74.125.93.104|
|zahlung.name______________|Standard_query_response_A_193.23.126.55_______________________________________________________________________________|
|ilo.brenz.pl______________|Standard_query_response_A_83.133.119.197______________________________________________________________________________|
|tybdtyutjfyvetscev.com____|Standard_query_response_A_66.228.49.83________________________________________________________________________________|
|ervwetyrbuyouiylkdhrbt.com|Standard_query_response_A_64.158.56.57_A_63.251.179.57________________________________________________________________|
|buhpop.com________________|Standard_query_response_A_64.158.56.57_A_63.251.179.57________________________________________________________________|
|wervynuuyjhnbvfservdy.com_|Standard_query_response_A_208.73.210.29_______________________________________________________________________________|
|tmtadt.com________________|Standard_query_response_A_63.251.179.57_A_64.158.56.57________________________________________________________________|
|tybsyiutnrtvtybdrser.com__|Standard_query_response_A_63.251.179.57_A_64.158.56.57________________________________________________________________|
|denjou.com________________|Standard_query_response_A_63.251.179.57_A_64.158.56.57________________________________________________________________|
|vlixta.com________________|Standard_query_response_A_63.251.179.57_A_64.158.56.57________________________________________________________________|
|bzluxo.com________________|Standard_query_response_A_63.251.179.57_A_64.158.56.57________________________________________________________________|
|dobcpe.com________________|Standard_query_response_A_63.251.179.57_A_64.158.56.57________________________________________________________________|
|fjjvok.com________________|Standard_query_response_A_63.251.179.57_A_64.158.56.57________________________________________________________________|
|ilo.brenz.pl______________|Standard_query_response_A_60.190.222.139______________________________________________________________________________|
|emcegn.com________________|Standard_query_response_A_64.158.56.57_A_63.251.179.57________________________________________________________________|
|zkdbza.com________________|Standard_query_response_A_63.251.179.57_A_64.158.56.57________________________________________________________________|
**** URL_Results ****
 ______________________________________________________________________________
|DstIP__________|HTTP_HOST___________|HTTP_REQUEST_URI|HTTP_USER_AGENT|PROTOCOL|
|239.255.255.250|239.255.255.250:1900|*_______________|--blank--______|0x11____|
**** ARGUS_PROTOCOL_Results ****
 ______________________________________________
|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|6_______|351_____|327_____|21853____|41793____|
|17______|2_______|0_______|350______|0________|
**** ARGUS_DPORT_Results ****
 ____________________________________________________
|DPORT|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|80___|6_______|122_____|111_____|7730_____|28795____|
|443__|6_______|229_____|216_____|14123____|12998____|
|1900_|17______|2_______|0_______|350______|0________|
**** ARGUS_DATA_Results ****
 ________________________________________________________________________________________
|Time____|Date______|Protocol|SrcIP_____|DstIP__________|Dir|Flags|Sport|Dport|Pkts|Bytes|
|15:19:26|2011-06-25|6_______|10.10.10.7|74.125.93.105__|->_|e____|225__|80___|11__|1756_|
|15:19:26|2011-06-25|6_______|10.10.10.7|193.23.126.55__|->_|e____|226__|443__|15__|904__|
|15:19:26|2011-06-25|6_______|10.10.10.7|83.133.119.197_|->_|e____|227__|80___|15__|2052_|
|15:19:31|2011-06-25|6_______|10.10.10.7|74.125.93.105__|->_|e____|225__|80___|10__|1965_|
|15:19:31|2011-06-25|6_______|10.10.10.7|193.23.126.55__|->_|e____|226__|443__|6___|360__|
|15:19:31|2011-06-25|6_______|10.10.10.7|83.133.119.197_|->_|e____|227__|80___|8___|1572_|
|15:19:32|2011-06-25|6_______|10.10.10.7|193.23.126.55__|->_|e____|439__|443__|15__|973__|
|15:19:36|2011-06-25|6_______|10.10.10.7|74.125.93.105__|->_|e____|225__|80___|4___|513__|
|15:19:37|2011-06-25|6_______|10.10.10.7|193.23.126.55__|->_|e____|439__|443__|6___|360__|
|15:19:48|2011-06-25|6_______|10.10.10.7|66.228.49.83___|->_|e____|511__|443__|15__|904__|
|15:19:53|2011-06-25|6_______|10.10.10.7|66.228.49.83___|->_|e____|511__|443__|6___|360__|
|15:19:54|2011-06-25|6_______|10.10.10.7|66.228.49.83___|->_|e____|142__|443__|15__|973__|
|15:19:59|2011-06-25|6_______|10.10.10.7|66.228.49.83___|->_|e____|142__|443__|6___|360__|
|15:20:04|2011-06-25|6_______|10.10.10.7|83.133.119.197_|->_|e____|344__|80___|15__|2052_|
|15:20:09|2011-06-25|6_______|10.10.10.7|83.133.119.197_|->_|e____|344__|80___|10__|1965_|
|15:20:10|2011-06-25|6_______|10.10.10.7|64.158.56.57___|->_|e____|530__|443__|16__|964__|
|15:20:15|2011-06-25|6_______|10.10.10.7|64.158.56.57___|->_|e____|530__|443__|5___|300__|
|15:20:16|2011-06-25|6_______|10.10.10.7|64.158.56.57___|->_|e____|192__|443__|16__|1033_|
|15:20:21|2011-06-25|6_______|10.10.10.7|64.158.56.57___|->_|e____|192__|443__|5___|300__|
|15:20:25|2011-06-25|6_______|10.10.10.7|64.158.56.57___|->_|e____|531__|443__|11__|664__|
|15:20:30|2011-06-25|6_______|10.10.10.7|64.158.56.57___|->_|e____|531__|443__|10__|600__|
|15:20:32|2011-06-25|6_______|10.10.10.7|208.73.210.29__|->_|e____|568__|443__|15__|904__|
|15:20:35|2011-06-25|6_______|10.10.10.7|64.158.56.57___|->_|e____|531__|443__|4___|240__|
|15:20:36|2011-06-25|6_______|10.10.10.7|74.125.93.105__|->_|e____|569__|80___|11__|1756_|
|15:20:38|2011-06-25|6_______|10.10.10.7|208.73.210.29__|->_|e____|568__|443__|6___|360__|
|15:20:38|2011-06-25|6_______|10.10.10.7|208.73.210.29__|->_|e____|570__|443__|15__|973__|
|15:20:41|2011-06-25|6_______|10.10.10.7|74.125.93.105__|->_|e____|569__|80___|11__|2298_|
|15:20:43|2011-06-25|6_______|10.10.10.7|83.133.119.197_|->_|e____|571__|80___|15__|2052_|
|15:20:44|2011-06-25|6_______|10.10.10.7|208.73.210.29__|->_|e____|570__|443__|6___|360__|
|15:20:45|2011-06-25|6_______|10.10.10.7|64.158.56.57___|->_|e____|531__|443__|2___|120__|
|15:20:45|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|572__|443__|12__|724__|
|15:20:46|2011-06-25|6_______|10.10.10.7|74.125.93.105__|->_|e____|569__|80___|3___|180__|
|15:20:48|2011-06-25|6_______|10.10.10.7|83.133.119.197_|->_|e____|571__|80___|4___|786__|
|15:20:50|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|572__|443__|10__|600__|
|15:20:55|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|573__|443__|15__|904__|
|15:20:55|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|572__|443__|3___|180__|
|15:21:00|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|573__|443__|6___|360__|
|15:21:01|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|607__|443__|16__|1033_|
|15:21:05|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|608__|443__|11__|664__|
|15:21:05|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|572__|443__|2___|120__|
|15:21:06|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|607__|443__|5___|300__|
|15:21:10|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|608__|443__|10__|600__|
|15:21:15|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|608__|443__|4___|240__|
|15:21:19|2011-06-25|6_______|10.10.10.7|83.133.119.197_|->_|e____|22___|80___|17__|2445_|
|15:21:25|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|626__|443__|11__|664__|
|15:21:25|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|608__|443__|2___|120__|
|15:21:30|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|626__|443__|10__|600__|
|15:21:35|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|626__|443__|4___|240__|
|15:21:45|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|627__|443__|11__|664__|
|15:21:45|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|626__|443__|2___|120__|
|15:21:47|2011-06-25|6_______|10.10.10.7|74.125.93.105__|->_|e____|325__|80___|11__|1756_|
|15:21:50|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|627__|443__|11__|660__|
|15:21:52|2011-06-25|6_______|10.10.10.7|74.125.93.105__|->_|e____|325__|80___|10__|1965_|
|15:21:55|2011-06-25|6_______|10.10.10.7|83.133.119.197_|->_|e____|640__|80___|17__|2168_|
|15:21:55|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|627__|443__|3___|180__|
|15:21:57|2011-06-25|6_______|10.10.10.7|74.125.93.105__|->_|e____|325__|80___|4___|513__|
|15:22:00|2011-06-25|6_______|10.10.10.7|83.133.119.197_|->_|e____|640__|80___|2___|393__|
|15:22:05|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|627__|443__|2___|120__|
|15:22:05|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|726__|443__|12__|724__|
|15:22:11|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|726__|443__|10__|600__|
|15:22:16|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|726__|443__|3___|180__|
|15:22:25|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|726__|443__|2___|120__|
|15:22:25|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|772__|443__|12__|724__|
|15:22:30|2011-06-25|6_______|10.10.10.7|60.190.222.139_|->_|e____|773__|80___|13__|1659_|
|15:22:31|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|772__|443__|10__|600__|
|15:22:36|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|772__|443__|3___|180__|
|15:22:46|2011-06-25|6_______|10.10.10.7|64.158.56.57___|->_|e____|820__|443__|11__|664__|
|15:22:45|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|772__|443__|2___|120__|
|15:22:51|2011-06-25|6_______|10.10.10.7|64.158.56.57___|->_|e____|820__|443__|11__|660__|
|15:22:56|2011-06-25|6_______|10.10.10.7|64.158.56.57___|->_|e____|820__|443__|3___|180__|
|15:22:57|2011-06-25|6_______|10.10.10.7|74.125.93.105__|->_|e____|821__|80___|11__|1756_|
|15:23:02|2011-06-25|6_______|10.10.10.7|74.125.93.105__|->_|e____|821__|80___|11__|2298_|
|15:23:03|2011-06-25|6_______|10.10.10.7|60.190.222.139_|->_|e____|822__|80___|15__|2052_|
|15:23:06|2011-06-25|6_______|10.10.10.7|64.158.56.57___|->_|e____|820__|443__|2___|120__|
|15:23:06|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e____|823__|443__|12__|724__|
|15:23:07|2011-06-25|6_______|10.10.10.7|74.125.93.105__|->_|e____|821__|80___|3___|180__|
|15:23:08|2011-06-25|6_______|10.10.10.7|60.190.222.139_|->_|e____|822__|80___|2___|393__|
|15:23:11|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e_d__|823__|443__|5___|300__|
|15:23:17|2011-06-25|6_______|10.10.10.7|63.251.179.57__|->_|e_d__|823__|443__|2___|120__|
|15:24:44|2011-06-25|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
**** Packer_Results ****
 ___________
|Packer_Name|
**** HoneyTrap_Results ****
 ____________________________
|Honey_Trap_Log_File_Location|
**** PTFB_Results ****
 ______________________
|PTFB_Log_File_Location|