Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =657b84cda589a78b5aaf115750a895c8

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    657b84cda589a78b5aaf115750a895c8008e040fb18779046beb00d19fa11cc2ff4a388297a6e6ef33893a92f64d97b0a74b4509d0a78e62cfadfbfda0e43f973191246a768:4mOhplcsHvKWzX6HJmFqda7koUtiTnbcuyD7URZsE4O:9OhplcsHv1X6n0WtiTnouy87h4O27648

    File Results

    File Name
    Amor%3DVercartao390278942.exe

    SNORT Results

    Snort ClassSnort AlertCount

    AV Results

    AV AlertAV Vendor

    Folders (Added) - ICC Results

    PathFolder Name
    c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5MSHist012011100820111009
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5ITB2CJ0C

    Files (Added) - ICC Results

    PathFile Name
    c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5/MSHist012011100820111009index.dat
    c:/Documents and Settings/dmc73144/Local Settings/Temp~i.tmp
    c:/Documents and Settings/dmc73144/Local Settings/Temp~r.tmp
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0Cdesktop.ini
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0Cver[1].htm
    c:/WINDOWS/PrefetchAUTOIT3.EXE-32361418.pf
    c:/WINDOWS/PrefetchIEXPLORE.EXE-27122324.pf
    c:/WINDOWS/PrefetchREG.EXE-0D2A95F7.pf
    c:/WINDOWS/PrefetchREGSHOT.EXE-010A5EE6.pf
    c:/WINDOWS/PrefetchRUNAS.EXE-00979155.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/Administratorntuser.dat.LOG
    modifiedc:/Documents and Settings/dmc73144/Application Data/Mozilla/Firefox/Profiles/ektregxy.defaultprefs.js
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchATTRIB.EXE-39EAFB02.pf
    modifiedc:/WINDOWS/PrefetchFIND.EXE-0EC32F1E.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNET.EXE-01A53C2F.pf
    modifiedc:/WINDOWS/PrefetchNET1.EXE-029B9DB4.pf
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath
    addedHKLM/SOFTWARE/Policies/Microsoft/Internet Explorer
    addedHKLM/SOFTWARE/Policies/Microsoft/Internet Explorer/Control Panel
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{08B0E5C0-4FCB-11CF-AAA5-00401C608501}/iexplore
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{FB5F1910-F110-11D2-BB9E-00C04F795683}
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{FB5F1910-F110-11D2-BB9E-00C04F795683}/iexplore
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/Cache/Extensible Cache/MSHist012011100820111009
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Policies/Microsoft/Internet Explorer
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Policies/Microsoft/Internet Explorer/Control Panel

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data
    addedHKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Internet SettingsAutoConfigUrl"216.172.178.215adobe.seu-download.com/get.flashplayer.js"
    addedHKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Internet SettingsEnableHttp1_10x00000001
    addedHKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Internet SettingsProxyEnable0x00000000
    addedHKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Internet SettingsProxyHttp1.10x00000000
    addedHKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/RunJavaUpdateSched "C:/DOCUME~1/dmc73144/LOCALS~1/Temp/jusched.exe"
    addedHKLM/SOFTWARE/Policies/Microsoft/Internet Explorer/Control PanelAutoconfig0x00000001
    addedHKLM/SOFTWARE/Policies/Microsoft/Internet Explorer/Control PanelAdvancedTab0x00000001
    addedHKLM/SOFTWARE/Policies/Microsoft/Internet Explorer/Control PanelResetWebSettings0x00000001
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{08B0E5C0-4FCB-11CF-AAA5-00401C608501}/iexploreType0x00000004
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{08B0E5C0-4FCB-11CF-AAA5-00401C608501}/iexploreCount0x00000001
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{08B0E5C0-4FCB-11CF-AAA5-00401C608501}/iexploreTimeDB 07 0A 00 06 00 08 00 0B 00 0C 00 21 00 26 00
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{FB5F1910-F110-11D2-BB9E-00C04F795683}/iexploreType0x00000004
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{FB5F1910-F110-11D2-BB9E-00C04F795683}/iexploreCount0x00000001
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{FB5F1910-F110-11D2-BB9E-00C04F795683}/iexploreTimeDB 07 0A 00 06 00 08 00 0B 00 0C 00 21 00 36 00
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet SettingsAutoConfigUrl"216.172.178.215adobe.seu-download.com/get.flashplayer.js"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet SettingsProxyHttp1.10x00000000
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/Cache/Extensible Cache/MSHist012011100820111009CachePath"%USERPROFILE%Local SettingsHistoryHistory.IE5MSHist012011100820111009"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/Cache/Extensible Cache/MSHist012011100820111009CachePrefix ":2011100820111009: "
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/Cache/Extensible Cache/MSHist012011100820111009CacheLimit0x00002000
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/Cache/Extensible Cache/MSHist012011100820111009CacheOptions0x0000000B
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/Cache/Extensible Cache/MSHist012011100820111009CacheRepair0x00000000
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICacheC://Documents and Settings//dmc73144//Local Settings//Temp//1.tmp//Amor=vercarta "Amor=vercartaozinho"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Policies/Microsoft/Internet Explorer/Control PanelAutoconfig0x00000001
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Policies/Microsoft/Internet Explorer/Control PanelAdvancedTab0x00000001
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Policies/Microsoft/Internet Explorer/Control PanelResetWebSettings0x00000001
    addedHKU/S-1-5-21-1844237615-562591055-839522115-500/Software/Microsoft/Windows/CurrentVersion/Internet SettingsWarnonBadCertRecving0x00000000
    addedHKU/S-1-5-21-1844237615-562591055-839522115-500/Software/Microsoft/Windows/CurrentVersion/Internet SettingsWarnOnIntranet0x00000000
    addedHKU/S-1-5-21-1844237615-562591055-839522115-500/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ZoneMapAutoDetect0x00000000

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed7A 0D 07 71 E5 62 4D 82 23 E0 08 37 95 CA 9F 38 75 B8 E9 77 D7 A6 7B 2F DF 9D 33EC 87 B6 3A FA 85 7C EE DA 06 1B D7 C8 6C D3 6D B1 B0 48 53 C5 87 CE 63 D8 ED 17
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}/iexploreCount0x000000080x00000009
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}/iexploreTimeDA 07 08 00 02 00 03 00 08 00 15 00 34 00 57 01DB 07 0A 00 06 00 08 00 0B 00 0C 00 20 00 C0 03
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsDefaultConnectionSettings3C 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 003C 00 00 00 04 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 38 00 00 00 32 31 36
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 003C 00 00 00 17 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 38 00 00 00 32 31 36
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/BagMRUMRUListEx01 00 00 00 00 00 00 00 02 00 00 00 04 00 00 00 03 00 00 00 FF FF FF FF00 00 00 00 01 00 00 00 02 00 00 00 04 00 00 00 03 00 00 00 FF FF FF FF
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x000000020x00000003

    DNS Results

    DNSDNS Response

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location