File MD5Sum | SHA1SUM | SHA256SUM | FUZZY HASH | File Size |
---|---|---|---|---|
604377debb4e50e6cd9b33a50aee92b0 | dbf5e6d2f49e66516033bd53a80086bd0827dcd9 | 3c721986e8ef25e975b45a3fb786d213b398e88f0e373a723a216985990fb1b8 | 768:gu+ItE8306crbV7RCBKuDXpZdCSVZbXWiNjiyohy3p:gu+I+vrbV7EMuvrbXWiEyUqp | 32991 |
File Name |
---|
load0x.php%3Fspl%3Dmdac%26fh%3B%3D.exe |
Snort Class | Snort Alert | Count |
---|---|---|
Misc Attack | ET RBN Known Russian Business Network IP TCP (280) | 1 |
AV Alert | AV Vendor |
---|---|
N/A | Symantec |
N/A | McAfee |
N/A | Kaspersky |
Path | Folder Name |
---|---|
c:/Documents and Settings/dmc73144/Local Settings/Temp | 3fc3e6f6-2973-429d-9fe6-fa56bd30fb0c |
c:/Documents and Settings/dmc73144/Local Settings/Temp | 92bf0518-4f1f-408d-b01b-d3e964988622 |
Action | Path | File Name |
---|
Action | Path |
---|
Action | Path | Val_Name | Val_Data |
---|
Action | Path | Val_Name | Val_Type | Mod_Val_Type | Val_Data | Mod_Val_Data |
---|
Action | Path | Val_Name | Val_Data | Mod_Val_Data |
---|---|---|---|---|
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | 30 2E 18 1E A5 D4 E2 D0 30 17 E2 D5 F1 DC 70 48 A5 A1 55 97 4D F5 C8 0C 31 D0 EB | 2F F8 63 D2 ED ED 32 FD 49 0E D6 0E 0D 17 D0 FC 70 4E F8 3B 3B 27 CC B2 1D F2 B |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections | SavedLegacySettings | 3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 | 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0 |
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | 4F D0 86 5F 60 20 02 1F 73 7D 1D 56 E9 35 A0 BE 88 72 3F C8 35 75 CE 52 70 37 55 | EA FC 33 B9 87 04 37 0F CA 89 D0 8F BB 85 59 17 C6 05 A5 FB C0 75 FF C1 AF BB 2 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections | SavedLegacySettings | 3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 | 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
DNS | DNS Response |
---|
DstIP | HTTP_HOST | HTTP_REQUEST_URI | HTTP_USER_AGENT | PROTOCOL |
---|---|---|---|---|
91.188.60.5 | 91.188.60.5 | /hit.php?v=46&app_type_id=1&wm_id=acc0049&u=3fc3e6f6-2973-429d-9fe6-fa56bd30fb0c&t=2 | 0x06 | |
91.188.60.5 | 91.188.60.5 | /hit.php?v=46&app_type_id=1&wm_id=acc0049&u=92bf0518-4f1f-408d-b01b-d3e964988622&t=2 | 0x06 | |
239.255.255.250 | 239.255.255.250:1900 | * | --blank-- | 0x11 |
PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|
6 | 5 | 4 | 441 | 515 |
17 | 2 | 0 | 350 | 0 |
DPORT | PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|---|
80 | 6 | 5 | 4 | 441 | 515 |
1900 | 17 | 2 | 0 | 350 | 0 |
Time | Date | Protocol | SrcIP | DstIP | Dir | Flags | Sport | Dport | Pkts | Bytes |
---|---|---|---|---|---|---|---|---|---|---|
17:07:34 | 2010-07-21 | 6 | 10.10.10.7 | 91.188.60.5 | -> | e | 29 | 80 | 9 | 956 |
21:05:12 | 2010-07-21 | 6 | 10.10.10.7 | 91.188.60.5 | -> | e | 94 | 80 | 9 | 956 |
17:13:04 | 2010-07-21 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 2 | 350 |
21:10:39 | 2010-07-21 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 2 | 350 |
Packer Name |
---|
Honey Trap Log File Location |
---|
PTFB Log File Location |
---|