Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =788853e059e3d67e3d0dee2540269c64

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    788853e059e3d67e3d0dee2540269c647c83c140f29ab16840edb9ec3857db87607d1a751a86b92dbde6eaf704f8841f530fe23886c724e6bbd315d262f0547bc7256486768:f89H/lDu4AZr80yMX/Ztgv3BCtn4Hq0mPub4Pd2zHDMW3aw00a:f2DMQ8PfgvxUQsF63awta42706

    File Results

    File Name
    load0x.php%3Fspl%3Dx1YY%26fh%3B%3D.exe

    SNORT Results

    Snort ClassSnort AlertCount
    Misc AttackET RBN Known Russian Business Network IP TCP (280)1

    AV Results

    AV AlertAV Vendor
    N/ASymantec
    Downloader-CKAMcAfee
    N/AKaspersky

    Folders (Added) - ICC Results

    PathFolder Name
    c:/Documents and Settings/dmc73144/Local Settings/Tempc36cba71-54d5-4ae3-9ee6-a9af355787a5
    c:/Documents and Settings/dmc73144/Local Settings/Temp6d508916-b13d-4f84-a42d-92c307be8114

    Files (Added) - ICC Results

    PathFile Name
    c:/Documents and Settings/dmc73144/Application Data8fbc0ebc-15d7-4dae-818a-50f3473ae912_44.avi
    c:/Documents and Settings/dmc73144/Local Settings/Temp/c36cba71-54d5-4ae3-9ee6-a9af355787a5wrk1.tmp_44
    c:/WINDOWS/PrefetchRUNDLL32.EXE-32A2A72E.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:netstat_post.txt
    c:taskv_post.txt
    c:/Documents and Settings/dmc73144/Application Data8fbc0ebc-15d7-4dae-818a-50f3473ae912_44.avi
    c:/Documents and Settings/dmc73144/Local Settings/Temp/6d508916-b13d-4f84-a42d-92c307be8114wrk1.tmp_44
    c:/WINDOWS/PrefetchRUNDLL32.EXE-2216A941.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:netstat_post.txt
    c:taskv_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed48 21 E0 4B 73 E3 5B C4 65 22 BA 8D FD 01 62 5F F1 87 76 5A 06 D6 33 F3 25 36 50 6F 8E 3A CC B8 F0 D8 38 CD D4 4A 68 55 C0 2F 39 43 D0 04 84 B0 C3 6D 2D C7 39 8
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed89 E1 B5 2A 9B D7 61 B8 3B 39 B1 83 B1 BF B5 B7 47 D9 8F BD 03 2B 40 39 55 6F 13 6F 8E 17 F9 9B B0 9B FB 0A 21 66 7A EE 85 83 3E 21 FB A5 D1 E5 30 9A 6C F1 CE 6
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001

    DNS Results

    DNSDNS Response

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    91.188.60.591.188.60.5/hit.php?v=44&app_type_id=1&wm_id=acc0049&u=c36cba71-54d5-4ae3-9ee6-a9af355787a5&t=20x06
    91.188.60.591.188.60.5/hit.php?v=44&app_type_id=1&wm_id=acc0049&u=6d508916-b13d-4f84-a42d-92c307be8114&t=20x06
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    654441515
    17203500

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    80654441515
    190017203500

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    16:50:442010-07-14610.10.10.791.188.60.5-> e 52809956
    16:55:592010-07-141710.10.10.7239.255.255.250-> e 819002350
    22:45:432010-07-14610.10.10.791.188.60.5-> e 118809956
    22:50:582010-07-141710.10.10.7239.255.255.250-> e 819002350

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location