Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =6e4f168b202bcae89ab6c5d60638b2a0

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    6e4f168b202bcae89ab6c5d60638b2a035c28d7a106d4dbcccf5932b5d7828a766dd39f5cc2006b3dfe7e14152d8acba89d4ad899b57807960168e3c72609b8b12594abc6144:bDeWbibn2UdAirjqCVaO2thIt5n2V5eKnRkLfX:66UdzrjJ0O2thIt5ESLv249344

    File Results

    File Name
    info.exe

    SNORT Results

    Snort ClassSnort AlertCount
    N/ANo snort alerts generated0

    AV Results

    AV AlertAV Vendor

    Folders (Added) - ICC Results

    PathFolder Name

    Files (Added) - ICC Results

    PathFile Name
    c:/Documents and Settings/dmc73144/Local Settings/Temp~unins2250.bat
    c:/Documents and Settingsdmc73144xplore.exe
    c:/WINDOWS/PrefetchAUTOIT3.EXE-32361418.pf
    c:/WINDOWS/PrefetchC_28593D.EXE-06BB7CC3.pf
    c:/WINDOWS/PrefetchIPCONFIG.EXE-2395F30B.pf
    c:/WINDOWS/PrefetchNTVDM.EXE-1A10A423.pf
    c:/WINDOWS/PrefetchREGSHOT.EXE-010A5EE6.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/system32c_28593D.exe

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144NTUSER.DAT
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchDIEP.EXE-0B3E1DC8.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/system32/configsoftware
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/configsystem.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath
    addedHKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/policies/Explorer
    addedHKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/policies/Explorer/run
    addedHKLM/SOFTWARE/YICGGIOWP
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/YICGGIOWP

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data
    addedHKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Internet Settings6CD 5C 88 72 7D
    addedHKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/policies/Explorer/runhaqgo "C:/WINDOWS/system32/c_28593D.exe"
    addedHKLM/SYSTEM/ControlSet001/Control/Session ManagerPendingFileRenameOperations5C 3F 3F 5C 43 3A 5C 77 69 6E 64 6F 77 73 5C 73 79 73 74 65 6D 33 32 5C 73 61 6E
    addedHKLM/SYSTEM/CurrentControlSet/Control/Session ManagerPendingFileRenameOperations5C 3F 3F 5C 43 3A 5C 77 69 6E 64 6F 77 73 5C 73 79 73 74 65 6D 33 32 5C 73 61 6E
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings6CD 5C 88 72 7D
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICacheC://WINDOWS//system32//ipconfig.exe "IP Configuration Utility"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICacheC://Documents and Settings//dmc73144xplore.exe "dmc73144xplore"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICacheC://WINDOWS//system32//ntvdm.exe "NTVDM.EXE"

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeedD9 A5 07 59 7D 6C F4 C0 0C DF B4 8A 5F 48 9A BA 8D 36 E3 57 8C F3 7F 5A 3E 1D C305 6D B6 5C 5E 18 55 AA 72 94 1A 2A 46 40 EC CE 7C 72 D9 10 06 3C 32 DE 0E 0B BA
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 003C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x000000020x00000004

    DNS Results

    DNSDNS Response
    middlechrist.comStandard query response A 78.159.100.32
    imagehut4.cnStandard query response A 64.158.56.57 A 63.251.179.57

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    64.158.56.57imagehut4.cn/update/utu.datMozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; SV1)0x06

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    6151233491545

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    806151233491545

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    14:12:132011-10-07610.10.10.778.159.100.32-> e 5208091751
    14:12:142011-10-07610.10.10.778.159.100.32-> e 5218092211
    14:12:152011-10-07610.10.10.764.158.56.57-> e 522809932

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location