**** Malware_Report_-_Results ****
This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
MD5 =656082ffd34353a9fb4a2c81aff22eba

**** Malware_Report_-_Results ****
 _____________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|File_MD5Sum_____________________|SHA1SUM_________________________________|SHA256SUM_______________________________________________________|FUZZY_HASH______________________________________________________________________|File_Size|
|656082ffd34353a9fb4a2c81aff22eba|6eee1010ae97c52b58f7a28feab4706598a5c07e|dd7f85bf1f451d0a67da44133f0886bdb7d0917264f68ea51e017a4e4924c5c8|6144:fxUjrlp5c+w9ly90Uqkt1WoaO0JtasmlMH6DTk7B7l/X4BpvjqqrR9bjVsIl9v:Irlp5c+ONpas|422912___|
**** File_Results ****
 _____________
|File_Name____|
|101010113.exe|
**** SNORT_Results ****
 ___________________________________________
|Snort_Class|Snort_Alert______________|Count|
|N/A________|No_snort_alerts_generated|0____|
**** AV_Results ****
 ________________________________
|AV_Alert______________|AV_Vendor|
|Trojan.Gen.2__________|Symantec_|
|Qhost-Gen!____________|McAfee___|
|Trojan.Win32.Qhost.xvs|Kaspersky|
**** Folders_(Added)_-_ICC_Results ****
 ________________
|Path|Folder_Name|
**** Files_(Added)_-_ICC_Results ****
 _______________________________________________________
|Path___________________________|File_Name______________|
|c:/WINDOWS/Prefetch____________|AUTOIT3.EXE-32361418.pf|
|c:/WINDOWS/Prefetch____________|REGSHOT.EXE-010A5EE6.pf|
|c:/WINDOWS/Prefetch____________|SANDNET.EXE-2012C478.pf|
|c:/WINDOWS/system32/drivers/etc|hîsts_________________|
**** Files_(Deleted)_-_ICC_Results ****
 _____________________
|Action|Path|File_Name|
**** Files_(Changed)_-_ICC_Results ****
 ______________________________________________________________________
|Action__|Path__________________________________|File_Name_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf___|
|modified|c:/WINDOWS/Prefetch___________________|HSTART.EXE-221D72BF.pf|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf__|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf|
|modified|c:/WINDOWS/system32/drivers/etc_______|hosts_________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log___________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER___________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP__________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP___________|
**** Registry_Keys_(Added)_-_ICC_Results ****
 ___________
|Action|Path|
**** Registry_Values_(Added)_-_ICC_Results ****
 ____________________________________________________________________________________________________________________________________________________
|Action|Path____________________________________________________________________________________________|Val_Name__________________________|Val_Data_|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache|C://windows//system32//sandnet.exe|"sandnet"|
**** Registry_Values_(Deleted)_-_ICC_Results ****
 ________________________________________________________________
|Action|Path|Val_Name|Val_Type|Mod_Val_Type|Val_Data|Mod_Val_Data|
**** Registry_Values_(Changed)_-_ICC_Results ****
 ____________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action__|Path____________________________________|Val_Name|Val_Data________________________________________________________________________|Mod_Val_Data____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG|Seed____|65_F3_78_CB_D7_2A_E6_E3_06_EB_44_8F_7A_ED_5B_1C_68_DD_7D_7B_47_B1_FE_93_DD_19_14|83_86_D2_2C_6A_60_FA_62_BE_01_B7_68_D0_E7_19_BF_1F_11_DA_DA_2F_DB_6A_E1_35_AA_7D|
**** DNS_Results ****
 ________________
|DNS|DNS_Response|
**** URL_Results ****
 _________________________________________________________
|DstIP|HTTP_HOST|HTTP_REQUEST_URI|HTTP_USER_AGENT|PROTOCOL|
**** ARGUS_PROTOCOL_Results ****
 ______________________________________________
|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
**** ARGUS_DPORT_Results ****
 ____________________________________________________
|DPORT|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
**** ARGUS_DATA_Results ****
 _______________________________________________________________
|Time|Date|Protocol|SrcIP|DstIP|Dir|Flags|Sport|Dport|Pkts|Bytes|
**** Packer_Results ****
 ___________
|Packer_Name|
**** HoneyTrap_Results ****
 ____________________________
|Honey_Trap_Log_File_Location|
**** PTFB_Results ****
 ______________________
|PTFB_Log_File_Location|