File MD5Sum | SHA1SUM | SHA256SUM | FUZZY HASH | File Size |
---|---|---|---|---|
788853e059e3d67e3d0dee2540269c64 | 7c83c140f29ab16840edb9ec3857db87607d1a75 | 1a86b92dbde6eaf704f8841f530fe23886c724e6bbd315d262f0547bc7256486 | 768:f89H/lDu4AZr80yMX/Ztgv3BCtn4Hq0mPub4Pd2zHDMW3aw00a:f2DMQ8PfgvxUQsF63awta | 42706 |
File Name |
---|
load0x.php%3Fspl%3Dx1YY%26fh%3B%3D.exe |
Snort Class | Snort Alert | Count |
---|---|---|
Misc Attack | ET RBN Known Russian Business Network IP TCP (280) | 1 |
AV Alert | AV Vendor |
---|---|
N/A | Symantec |
Downloader-CKA | McAfee |
N/A | Kaspersky |
Path | Folder Name |
---|---|
c:/Documents and Settings/dmc73144/Local Settings/Temp | c36cba71-54d5-4ae3-9ee6-a9af355787a5 |
c:/Documents and Settings/dmc73144/Local Settings/Temp | 6d508916-b13d-4f84-a42d-92c307be8114 |
Action | Path | File Name |
---|
Action | Path |
---|
Action | Path | Val_Name | Val_Data |
---|
Action | Path | Val_Name | Val_Type | Mod_Val_Type | Val_Data | Mod_Val_Data |
---|
Action | Path | Val_Name | Val_Data | Mod_Val_Data |
---|---|---|---|---|
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | 48 21 E0 4B 73 E3 5B C4 65 22 BA 8D FD 01 62 5F F1 87 76 5A 06 D6 33 F3 25 36 50 | 6F 8E 3A CC B8 F0 D8 38 CD D4 4A 68 55 C0 2F 39 43 D0 04 84 B0 C3 6D 2D C7 39 8 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections | SavedLegacySettings | 3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 | 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | 89 E1 B5 2A 9B D7 61 B8 3B 39 B1 83 B1 BF B5 B7 47 D9 8F BD 03 2B 40 39 55 6F 13 | 6F 8E 17 F9 9B B0 9B FB 0A 21 66 7A EE 85 83 3E 21 FB A5 D1 E5 30 9A 6C F1 CE 6 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections | SavedLegacySettings | 3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 | 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
DNS | DNS Response |
---|
DstIP | HTTP_HOST | HTTP_REQUEST_URI | HTTP_USER_AGENT | PROTOCOL |
---|---|---|---|---|
91.188.60.5 | 91.188.60.5 | /hit.php?v=44&app_type_id=1&wm_id=acc0049&u=c36cba71-54d5-4ae3-9ee6-a9af355787a5&t=2 | 0x06 | |
91.188.60.5 | 91.188.60.5 | /hit.php?v=44&app_type_id=1&wm_id=acc0049&u=6d508916-b13d-4f84-a42d-92c307be8114&t=2 | 0x06 | |
239.255.255.250 | 239.255.255.250:1900 | * | --blank-- | 0x11 |
PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|
6 | 5 | 4 | 441 | 515 |
17 | 2 | 0 | 350 | 0 |
DPORT | PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|---|
80 | 6 | 5 | 4 | 441 | 515 |
1900 | 17 | 2 | 0 | 350 | 0 |
Time | Date | Protocol | SrcIP | DstIP | Dir | Flags | Sport | Dport | Pkts | Bytes |
---|---|---|---|---|---|---|---|---|---|---|
16:50:44 | 2010-07-14 | 6 | 10.10.10.7 | 91.188.60.5 | -> | e | 52 | 80 | 9 | 956 |
16:55:59 | 2010-07-14 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 2 | 350 |
22:45:43 | 2010-07-14 | 6 | 10.10.10.7 | 91.188.60.5 | -> | e | 118 | 80 | 9 | 956 |
22:50:58 | 2010-07-14 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 2 | 350 |
Packer Name |
---|
Honey Trap Log File Location |
---|
PTFB Log File Location |
---|