Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =78c9b71bc239d2351e2f587a859cdfe1

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    78c9b71bc239d2351e2f587a859cdfe1d829d35856c17931a66ec29142309eb934503558c28b75103d864b3b10218dece9eaf714cf2d3401d123220574936fba3907b9d0384:SFLg2MOlzFaFs4BxKSnJ0dDHCUmMKqS0jBNH3wjmED3wR0Acdtvr:SFLJGs4BwS+dzr1SwNXDEDA25088

    File Results

    File Name
    fm01.css.exe

    SNORT Results

    Snort ClassSnort AlertCount
    N/ANo snort alerts generated0

    AV Results

    AV AlertAV Vendor
    TrojanSymantec
    GenericMcAfee
    Trojan-Downloader.Win32.Geral.vnkKaspersky

    Folders (Added) - ICC Results

    PathFolder Name
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5ITB2CJ0C

    Files (Added) - ICC Results

    PathFile Name
    c:/Documents and Settings/dmc73144/Local Settings/Temp149546.dll
    c:/Documents and Settings/dmc73144/Local Settings/Tempope1.tmp
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0CCount[1].asp
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0Cdesktop.ini
    c:/WINDOWS/Prefetch155656.EXE-0D3D10E9.pf
    c:/WINDOWS/PrefetchRUNDLL32.EXE-1BA9B03B.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/system32155656.exe
    c:/WINDOWS/system32scvhost.exe
    c:netstat_post.txt
    c:taskv_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/configsystem.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed34 E4 0E 7B 25 BC 24 7D 7A 72 D1 FE F9 6B DE C7 7D 75 12 8C 30 69 D5 72 2C 29 16 EF 3B 6C E7 D8 25 76 DB 36 BC 3D DC 0D 00 C4 0C 93 C6 E2 45 A4 42 D2 16 31 D3 A
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001

    DNS Results

    DNSDNS Response
    ad.wdtx.netStandard query response A 122.224.32.37
    count.wemv.netStandard query response A 122.224.32.37

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    6444129692466
    17101750

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    726302819811684
    8861413988782
    190017101750

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    15:57:492011-05-26610.10.10.7122.224.32.37-> e 567213874
    15:57:492011-05-26610.10.10.7122.224.32.37-> e 448814990
    15:57:492011-05-26610.10.10.7122.224.32.37-> e 207214931
    15:57:542011-05-26610.10.10.7122.224.32.37-> e 567211660
    15:57:542011-05-26610.10.10.7122.224.32.37-> e 448810600
    15:57:552011-05-26610.10.10.7122.224.32.37-> e 207210600
    15:57:592011-05-26610.10.10.7122.224.32.37-> e 56725300
    15:57:592011-05-26610.10.10.7122.224.32.37-> e 44883180
    15:58:002011-05-26610.10.10.7122.224.32.37-> e 20725300
    16:03:072011-05-261710.10.10.7239.255.255.250-> e 819001175

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location