Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =604377debb4e50e6cd9b33a50aee92b0

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    604377debb4e50e6cd9b33a50aee92b0dbf5e6d2f49e66516033bd53a80086bd0827dcd93c721986e8ef25e975b45a3fb786d213b398e88f0e373a723a216985990fb1b8768:gu+ItE8306crbV7RCBKuDXpZdCSVZbXWiNjiyohy3p:gu+I+vrbV7EMuvrbXWiEyUqp32991

    File Results

    File Name
    load0x.php%3Fspl%3Dmdac%26fh%3B%3D.exe

    SNORT Results

    Snort ClassSnort AlertCount
    Misc AttackET RBN Known Russian Business Network IP TCP (280)1

    AV Results

    AV AlertAV Vendor
    N/ASymantec
    N/AMcAfee
    N/AKaspersky

    Folders (Added) - ICC Results

    PathFolder Name
    c:/Documents and Settings/dmc73144/Local Settings/Temp3fc3e6f6-2973-429d-9fe6-fa56bd30fb0c
    c:/Documents and Settings/dmc73144/Local Settings/Temp92bf0518-4f1f-408d-b01b-d3e964988622

    Files (Added) - ICC Results

    PathFile Name
    c:/Documents and Settings/dmc73144/Application Data8fbc0ebc-15d7-4dae-818a-50f3473ae912_46.avi
    c:/Documents and Settings/dmc73144/Local Settings/Temp/3fc3e6f6-2973-429d-9fe6-fa56bd30fb0cwrk1.tmp_46
    c:/WINDOWS/PrefetchRUNDLL32.EXE-164B869A.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:netstat_post.txt
    c:taskv_post.txt
    c:/Documents and Settings/dmc73144/Application Data8fbc0ebc-15d7-4dae-818a-50f3473ae912_46.avi
    c:/Documents and Settings/dmc73144/Local Settings/Temp/92bf0518-4f1f-408d-b01b-d3e964988622wrk1.tmp_46
    c:/WINDOWS/PrefetchRUNDLL32.EXE-3D4D0F26.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:netstat_post.txt
    c:taskv_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING1.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING1.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed30 2E 18 1E A5 D4 E2 D0 30 17 E2 D5 F1 DC 70 48 A5 A1 55 97 4D F5 C8 0C 31 D0 EB 2F F8 63 D2 ED ED 32 FD 49 0E D6 0E 0D 17 D0 FC 70 4E F8 3B 3B 27 CC B2 1D F2 B
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed4F D0 86 5F 60 20 02 1F 73 7D 1D 56 E9 35 A0 BE 88 72 3F C8 35 75 CE 52 70 37 55 EA FC 33 B9 87 04 37 0F CA 89 D0 8F BB 85 59 17 C6 05 A5 FB C0 75 FF C1 AF BB 2
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001

    DNS Results

    DNSDNS Response

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    91.188.60.591.188.60.5/hit.php?v=46&app_type_id=1&wm_id=acc0049&u=3fc3e6f6-2973-429d-9fe6-fa56bd30fb0c&t=20x06
    91.188.60.591.188.60.5/hit.php?v=46&app_type_id=1&wm_id=acc0049&u=92bf0518-4f1f-408d-b01b-d3e964988622&t=20x06
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    654441515
    17203500

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    80654441515
    190017203500

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    17:07:342010-07-21610.10.10.791.188.60.5-> e 29809956
    21:05:122010-07-21610.10.10.791.188.60.5-> e 94809956
    17:13:042010-07-211710.10.10.7239.255.255.250-> e 819002350
    21:10:392010-07-211710.10.10.7239.255.255.250-> e 819002350

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location