Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =725e106289a1ef9ade0475046fc4baf3

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    725e106289a1ef9ade0475046fc4baf3bef1ea3179cfc90e453739d40f489a16670b28424920871ecb9fa3faf5402de9339b54a529543514fa021409d6e6da11c5c197f3768:AmOhplcsHvKWzX6HJmFqda7koY7EiInbcuyD7UP7VDO:1OhplcsHv1X6n0i7DInouy85DO27648

    File Results

    File Name
    0000094Amorzinhovejaseucartao.exe

    SNORT Results

    Snort ClassSnort AlertCount

    AV Results

    AV AlertAV Vendor

    Folders (Added) - ICC Results

    PathFolder Name
    c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5MSHist012011100720111008
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5ITB2CJ0C

    Files (Added) - ICC Results

    PathFile Name
    c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5/MSHist012011100720111008index.dat
    c:/Documents and Settings/dmc73144/Local Settings/Temp~i.tmp
    c:/Documents and Settings/dmc73144/Local Settings/Temp~r.tmp
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0Cdesktop.ini
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0Cver[1].htm
    c:/WINDOWS/PrefetchAUTOIT3.EXE-32361418.pf
    c:/WINDOWS/PrefetchIEXPLORE.EXE-27122324.pf
    c:/WINDOWS/PrefetchREG.EXE-0D2A95F7.pf
    c:/WINDOWS/PrefetchREGSHOT.EXE-010A5EE6.pf
    c:/WINDOWS/PrefetchRUNAS.EXE-00979155.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/Administratorntuser.dat.LOG
    modifiedc:/Documents and Settings/dmc73144/Application Data/Mozilla/Firefox/Profiles/ektregxy.defaultprefs.js
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchATTRIB.EXE-39EAFB02.pf
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchFIND.EXE-0EC32F1E.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNET.EXE-01A53C2F.pf
    modifiedc:/WINDOWS/PrefetchNET1.EXE-029B9DB4.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchWMIPRVSE.EXE-28F301A9.pf
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log

    Registry Keys (Added) - ICC Results

    ActionPath
    addedHKLM/SOFTWARE/Policies/Microsoft/Internet Explorer
    addedHKLM/SOFTWARE/Policies/Microsoft/Internet Explorer/Control Panel
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{08B0E5C0-4FCB-11CF-AAA5-00401C608501}/iexplore
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{FB5F1910-F110-11D2-BB9E-00C04F795683}
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{FB5F1910-F110-11D2-BB9E-00C04F795683}/iexplore
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/Cache/Extensible Cache/MSHist012011100720111008
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Policies/Microsoft/Internet Explorer
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Policies/Microsoft/Internet Explorer/Control Panel

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data
    addedHKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Internet SettingsAutoConfigUrl"216.172.178.215adobe.seu-download.com/get.flashplayer.js"
    addedHKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Internet SettingsEnableHttp1_10x00000001
    addedHKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Internet SettingsProxyEnable0x00000000
    addedHKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Internet SettingsProxyHttp1.10x00000000
    addedHKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/RunJavaUpdateSched "C:/DOCUME~1/dmc73144/LOCALS~1/Temp/jusched.exe"
    addedHKLM/SOFTWARE/Policies/Microsoft/Internet Explorer/Control PanelAutoconfig0x00000001
    addedHKLM/SOFTWARE/Policies/Microsoft/Internet Explorer/Control PanelAdvancedTab0x00000001
    addedHKLM/SOFTWARE/Policies/Microsoft/Internet Explorer/Control PanelResetWebSettings0x00000001
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{08B0E5C0-4FCB-11CF-AAA5-00401C608501}/iexploreType0x00000004
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{08B0E5C0-4FCB-11CF-AAA5-00401C608501}/iexploreCount0x00000001
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{08B0E5C0-4FCB-11CF-AAA5-00401C608501}/iexploreTimeDB 07 0A 00 05 00 07 00 16 00 2C 00 1E 00 4F 02
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{FB5F1910-F110-11D2-BB9E-00C04F795683}/iexploreType0x00000004
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{FB5F1910-F110-11D2-BB9E-00C04F795683}/iexploreCount0x00000001
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{FB5F1910-F110-11D2-BB9E-00C04F795683}/iexploreTimeDB 07 0A 00 05 00 07 00 16 00 2C 00 1E 00 4F 02
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet SettingsAutoConfigUrl"216.172.178.215adobe.seu-download.com/get.flashplayer.js"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet SettingsProxyHttp1.10x00000000
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/Cache/Extensible Cache/MSHist012011100720111008CachePath"%USERPROFILE%Local SettingsHistoryHistory.IE5MSHist012011100720111008"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/Cache/Extensible Cache/MSHist012011100720111008CachePrefix ":2011100720111008: "
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/Cache/Extensible Cache/MSHist012011100720111008CacheLimit0x00002000
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/Cache/Extensible Cache/MSHist012011100720111008CacheOptions0x0000000B
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/Cache/Extensible Cache/MSHist012011100720111008CacheRepair0x00000000
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICacheC://Documents and Settings//dmc73144//Local Settings//Temp//1.tmp//0000amorzinho "0000amorzinhovejaseucartao"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Policies/Microsoft/Internet Explorer/Control PanelAutoconfig0x00000001
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Policies/Microsoft/Internet Explorer/Control PanelAdvancedTab0x00000001
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Policies/Microsoft/Internet Explorer/Control PanelResetWebSettings0x00000001
    addedHKU/S-1-5-21-1844237615-562591055-839522115-500/Software/Microsoft/Windows/CurrentVersion/Internet SettingsWarnonBadCertRecving0x00000000
    addedHKU/S-1-5-21-1844237615-562591055-839522115-500/Software/Microsoft/Windows/CurrentVersion/Internet SettingsWarnOnIntranet0x00000000
    addedHKU/S-1-5-21-1844237615-562591055-839522115-500/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ZoneMapAutoDetect0x00000000

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed21 95 64 79 7F 68 1E 93 59 08 0B 01 DF 9E D3 76 92 81 48 B6 10 0C 38 0A 09 42 88A5 D7 D0 66 BF 94 12 E4 55 8A 26 0B C4 1C 89 5D 1A D8 0A F4 12 43 A8 74 9C 02 5C
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}/iexploreCount0x000000080x00000009
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}/iexploreTimeDA 07 08 00 02 00 03 00 08 00 15 00 34 00 57 01DB 07 0A 00 05 00 07 00 16 00 2C 00 1E 00 F2 01
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsDefaultConnectionSettings3C 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 003C 00 00 00 04 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 38 00 00 00 32 31 36
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 003C 00 00 00 17 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 38 00 00 00 32 31 36
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/BagMRUMRUListEx01 00 00 00 00 00 00 00 02 00 00 00 04 00 00 00 03 00 00 00 FF FF FF FF00 00 00 00 01 00 00 00 02 00 00 00 04 00 00 00 03 00 00 00 FF FF FF FF
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x000000020x00000003

    DNS Results

    DNSDNS Response

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location