Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =6b31d1b536dcff82726760e845d605d6

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    6b31d1b536dcff82726760e845d605d6d7c5e5a8b9950a675b667f76a70d2617a21b430e42b06bee061ff190c0d3a9c5be888e8c594be5d4eeed4ae149d5ccf6a2101847768:hAkoR1Ug9htELff73pV+nDpXT1EYlcWp3hC+hjiIKyrA9sYMeEdpMz5TE:hCT9htcfzf+nlXT/Bh73728

    File Results

    File Name
    5.gif.exe

    SNORT Results

    Snort ClassSnort AlertCount
    N/ANo snort alerts generated0

    AV Results

    AV AlertAV Vendor
    N/ASymantec
    N/AMcAfee
    N/AKaspersky
    Suspicious.InsightSymantec
    Suspect-02!6B72610E89F5McAfee
    Heur.Trojan.GenericKaspersky
    Suspect-1B!6C1052C2DCADMcAfee
    Packed.Generic.265Symantec
    Packed.Win32.Krap.xKaspersky
    Trojan.Zbot!gen2Symantec
    PWS-Zbot.gen.xMcAfee
    Packed.Win32.Krap.aeKaspersky

    Folders (Added) - ICC Results

    PathFolder Name
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5ITB2CJ0C

    Files (Added) - ICC Results

    PathFile Name
    c:/Documents and Settings/dmc73144/Local Settings/Temp~DF676C.tmp
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0Catual[1].htm
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0Cdesktop.ini
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/system32atual.txt
    c:/WINDOWS/system32local.txt
    c:netstat_post.txt
    c:taskv_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeedB3 44 4B 06 94 EA 4D BA 77 28 9F 03 F7 5C 7D 81 CF E4 CF 88 E5 DB E0 28 64 D1 65 EE A7 6D 64 49 8C 5B 41 EB E7 E5 70 F5 67 72 98 BA 0B 17 2F AA 94 92 BA A8 A3 C
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0

    DNS Results

    DNSDNS Response
    acpbdf.com.brStandard query response A 200.219.214.6

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    200.219.214.6acpbdf.com.br/images/atual.txtMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)0x06
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    654489515
    17203500

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    80654489515
    190017203500

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    15:58:312010-05-02610.10.10.7200.219.214.6-> e 128091004
    16:03:522010-05-021710.10.10.7239.255.255.250-> e 819002350

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location