File MD5Sum | SHA1SUM | SHA256SUM | FUZZY HASH | File Size |
---|---|---|---|---|
6e4f168b202bcae89ab6c5d60638b2a0 | 35c28d7a106d4dbcccf5932b5d7828a766dd39f5 | cc2006b3dfe7e14152d8acba89d4ad899b57807960168e3c72609b8b12594abc | 6144:bDeWbibn2UdAirjqCVaO2thIt5n2V5eKnRkLfX:66UdzrjJ0O2thIt5ESLv | 249344 |
File Name |
---|
info.exe |
Snort Class | Snort Alert | Count |
---|---|---|
N/A | No snort alerts generated | 0 |
AV Alert | AV Vendor |
---|
Path | Folder Name |
---|
Action | Path | File Name |
---|
Action | Path | Val_Name | Val_Data |
---|---|---|---|
added | HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Internet Settings | 6 | CD 5C 88 72 7D |
added | HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/policies/Explorer/run | haqgo | "C:/WINDOWS/system32/c_28593D.exe" |
added | HKLM/SYSTEM/ControlSet001/Control/Session Manager | PendingFileRenameOperations | 5C 3F 3F 5C 43 3A 5C 77 69 6E 64 6F 77 73 5C 73 79 73 74 65 6D 33 32 5C 73 61 6E |
added | HKLM/SYSTEM/CurrentControlSet/Control/Session Manager | PendingFileRenameOperations | 5C 3F 3F 5C 43 3A 5C 77 69 6E 64 6F 77 73 5C 73 79 73 74 65 6D 33 32 5C 73 61 6E |
added | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings | 6 | CD 5C 88 72 7D |
added | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache | C://WINDOWS//system32//ipconfig.exe | "IP Configuration Utility" |
added | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache | C://Documents and Settings//dmc73144xplore.exe | "dmc73144xplore" |
added | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache | C://WINDOWS//system32//ntvdm.exe | "NTVDM.EXE" |
Action | Path | Val_Name | Val_Type | Mod_Val_Type | Val_Data | Mod_Val_Data |
---|
Action | Path | Val_Name | Val_Data | Mod_Val_Data |
---|---|---|---|---|
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | D9 A5 07 59 7D 6C F4 C0 0C DF B4 8A 5F 48 9A BA 8D 36 E3 57 8C F3 7F 5A 3E 1D C3 | 05 6D B6 5C 5E 18 55 AA 72 94 1A 2A 46 40 EC CE 7C 72 D9 10 06 3C 32 DE 0E 0B BA |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections | SavedLegacySettings | 3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 | 3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000004 |
DNS | DNS Response |
---|---|
middlechrist.com | Standard query response A 78.159.100.32 |
imagehut4.cn | Standard query response A 64.158.56.57 A 63.251.179.57 |
DstIP | HTTP_HOST | HTTP_REQUEST_URI | HTTP_USER_AGENT | PROTOCOL |
---|---|---|---|---|
64.158.56.57 | imagehut4.cn | /update/utu.dat | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; SV1) | 0x06 |
PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|
6 | 15 | 12 | 3349 | 1545 |
DPORT | PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|---|
80 | 6 | 15 | 12 | 3349 | 1545 |
Time | Date | Protocol | SrcIP | DstIP | Dir | Flags | Sport | Dport | Pkts | Bytes |
---|---|---|---|---|---|---|---|---|---|---|
14:12:13 | 2011-10-07 | 6 | 10.10.10.7 | 78.159.100.32 | -> | e | 520 | 80 | 9 | 1751 |
14:12:14 | 2011-10-07 | 6 | 10.10.10.7 | 78.159.100.32 | -> | e | 521 | 80 | 9 | 2211 |
14:12:15 | 2011-10-07 | 6 | 10.10.10.7 | 64.158.56.57 | -> | e | 522 | 80 | 9 | 932 |
Packer Name |
---|
Honey Trap Log File Location |
---|
PTFB Log File Location |
---|