Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =79fc284390906dc4f597eb2d0193a109

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    79fc284390906dc4f597eb2d0193a10918af6e835c801b120065b2ee848cd3d48eefcdcabed1439e31b50158d556c123c356d46e66a415c927efcc0c6f1ba62264670e8112288:buzINQlsd0Gywxwu0wWm/eitG0jwZ6NEaTC:buzOKswkwRdAeitG08ZF9443950

    File Results

    File Name
    cb.exe

    SNORT Results

    Snort ClassSnort AlertCount
    Misc AttackET RBN Known Russian Business Network IP TCP (86)1
    Misc AttackET RBN Known Russian Business Network IP TCP (382)1
    Misc AttackET RBN Known Russian Business Network IP TCP (369)1
    Misc AttackET RBN Known Russian Business Network IP TCP (367)1

    AV Results

    AV AlertAV Vendor

    Folders (Added) - ICC Results

    PathFolder Name
    c:/Documents and Settings/dmc73144/Local Settings/Tempnsu3.tmp
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE587IMY4XV
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5ITB2CJ0C
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5MILJGV5B
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5WO4JPI86

    Files (Added) - ICC Results

    PathFile Name
    c:/Documents and Settings/dmc73144/Application Data5xovzu4.log
    c:/Documents and Settings/dmc73144/Application Datab16pc7z.exe
    c:/Documents and Settings/dmc73144/Application DataMouseDriver.bat
    c:/Documents and Settings/dmc73144/Local Settings/Temp7.tmp
    c:/Documents and Settings/dmc73144/Local Settings/Temp/nsu3.tmp6tbp.exe
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/87IMY4XVdesktop.ini
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/87IMY4XVgggklycc[1].htm
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0Cdesktop.ini
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0Ciwwnnrvi[1].htm
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0Cobcptx[1].htm
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/MILJGV5BCAQ36R6L.htm
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/MILJGV5Bdesktop.ini
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/WO4JPI86desktop.ini
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/WO4JPI86oyppct[1].htm
    c:/WINDOWS/Prefetch1EUROP.EXE-200A8BB3.pf
    c:/WINDOWS/Prefetch2IC.EXE-274AD399.pf
    c:/WINDOWS/Prefetch3E4U - BUCKS.EXE-14E54360.pf
    c:/WINDOWS/Prefetch6TBP.EXE-0B9E946B.pf
    c:/WINDOWS/PrefetchB16PC7Z.EXE-27B53645.pf
    c:/WINDOWS/PrefetchCB.EXE-11D9B92E.pf
    c:/WINDOWS/PrefetchGRPCONV.EXE-111CD845.pf
    c:/WINDOWS/PrefetchIR.EXE-2660415C.pf
    c:/WINDOWS/PrefetchNET.EXE-01A53C2F.pf
    c:/WINDOWS/PrefetchNET1.EXE-029B9DB4.pf
    c:/WINDOWS/PrefetchRUNDLL32.EXE-253557CF.pf
    c:/WINDOWS/PrefetchRUNDLL32.EXE-36C4DF92.pf
    c:/WINDOWS/PrefetchRUNDLL32.EXE-41D077D8.pf
    c:/WINDOWS/PrefetchRUNONCE.EXE-2803F297.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/PrefetchSC.EXE-012262AF.pf
    c:/WINDOWS/PrefetchSVCHOST.EXE-3530F672.pf
    c:/WINDOWSkbtprf.dll
    c:/WINDOWSojikekegas.dll
    c:netstat_post.txt
    c:tasksvc_post.txt
    c:taskv_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/Documents and Settings/LocalServicentuser.dat.LOG
    modifiedc:/Program Files/OpenSSH/var/logOpenSSHd.log
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/system32/configdefault.LOG
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/configSysEvent.Evt
    modifiedc:/WINDOWS/system32/configSYSTEM
    modifiedc:/WINDOWS/system32/configsystem.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswbemess.log
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeedC9 7A A6 D4 BD 85 4F 09 C8 80 D8 AF 4F 33 6A 2E 22 80 38 20 AD 4F 03 EB 6F 71 04 37 86 07 79 0E 4D 2F C9 1A 01 D0 4B A7 96 10 2E 94 E1 29 DB 0D DB 9F 29 E4 90 A
    modifiedHKLM/SOFTWARE/Microsoft/DirectDraw/MostRecentApplicationName"msoobe.exe" "svchost.exe"
    modifiedHKLM/SOFTWARE/Microsoft/DirectDraw/MostRecentApplicationID0x3B7D853E 0x41107ED6
    modifiedHKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/ProfileList/S-1-5-19RefCount0x00000002 0x00000001
    modifiedHKLM/SYSTEM/ControlSet001/Services/SharedAccessStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/ControlSet001/Services/SharedAccess/EpochEpoch0x00000104 0x00000105
    modifiedHKLM/SYSTEM/ControlSet001/Services/wscsvcStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/SharedAccessStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/EpochEpoch0x00000104 0x00000105
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/wscsvcStart0x00000002 0x00000004
    modifiedHKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3CurrentLevel0x00011000 0x00000000
    modifiedHKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/316010x00000001 0x00000000
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 19 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001
    modifiedHKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3CurrentLevel0x00011000 0x00000000
    modifiedHKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/316010x00000001 0x00000000

    DNS Results

    DNSDNS Response
    tinypic.comStandard query response A 209.17.70.143
    match.comStandard query response A 208.83.243.15
    daum.netStandard query response A 110.45.215.23 A 114.108.157.19 A 114.108.157.50 A 61.111.62.173
    mastrubas.inStandard query response A 66.23.234.100
    caperiod.comStandard query response A 195.2.240.78
    myavava.inStandard query response A 91.217.153.61
    w.nucleardiscover.comStandard query response A 60.190.223.75
    clashjamwallop.inStandard query response A 64.158.56.57 A 63.251.179.57
    211107db060f.wordxs.netStandard query response A 202.150.208.66
    cr0wd-wal1.comStandard query response A 91.213.29.63 A 188.95.52.161

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    66.23.234.100mastrubas.in/90ds8c9ds8c9d0s8cds.php?ini=v22MmjDnH4OmXzNmvVFHEeE2PuPsctM6PdFWTH11KB0CWwXTiUHUzGr1BVrHIQqMgMqV7ZlDeAiBMF4cAHrzfI2RtufQpKX/NPtqve7ukA==Mozilla/6.0 (Windows; wget 3.0)0x06
    195.2.240.78caperiod.com/pxxko/iwwnnrvi.php?adv=adv401&id=82799957&c=10331881Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)ver750x06
    195.2.240.78caperiod.com/pxxko/obcptx.php?adv=adv401&id=82799957&c=10331881Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)ver750x06
    195.2.240.78caperiod.com/pxxko/oyppct.php?adv=adv401&id=82799957&c=10331881Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)ver750x06
    195.2.240.78caperiod.com/pxxko/gggklycc.php?adv=adv401&code1=HOND&code2=5211&id=82799957&p=1&b=1&c=10331881Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)ver750x06
    91.217.153.61myavava.in/90ds8c9ds8c9d0s8cds.php?ini=v22MmjDnH4OmXzNmvVFHEeE2PuPsctM6PdFWTH11KB0CWwXTiUHUzGr1BVrHIQqMgMqV7ZlDeAiBMF4cAHrzfI2RtufQpKX/NPtqve7ukA==Mozilla/6.0 (Windows; wget 3.0)0x06
    64.158.56.57clashjamwallop.in/90ds8c9ds8c9d0s8cds.php?ini=v22MmjDnH4OmXzNmvVFHEeE2PuPsctM6PdFWTH11KB0CWwXTiUHUzGr1BVrHIQqMgMqV7ZlDeAiBMF4cAHrzfI2RtufQpKX/NPtqve7ukA==Mozilla/6.0 (Windows; wget 3.0)0x06
    95.143.193.13895.143.193.138/xxxx_5/bGcyMDAwfG5vbmFtZXwzMDAxOHwxfDAuMDN8MC4xNzV8NS4xIDI2MDAgU1AyLjB8b3RsODg4fF9DbWRFeGVjU2VydmVyc3xzdGFydA==0x06
    95.143.193.13895.143.193.138/xxxx_5/bGcyMDAwfG5vbmFtZXwzMDAxOHwxfDAuMDN8MC4xNzV8NS4xIDI2MDAgU1AyLjB8b3RsODg4fENtZEV4ZWNNYWlufGZhaWxlZHxodHRwczovL2NyMHdkLXdhbDEuY29tLw==0x06
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    61471321317618051
    17101750

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    8068070801514321
    4436222014351204
    8886454237262526
    190017101750

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    17:15:252011-06-11610.10.10.766.23.234.100-> e 22780132401
    17:15:272011-06-11610.10.10.7195.2.240.78-> e 439809975
    17:15:282011-06-11610.10.10.7195.2.240.78-> e 451809973
    17:15:302011-06-11610.10.10.7195.2.240.78-> e 428091005
    17:15:302011-06-11610.10.10.766.23.234.100-> e 22780112298
    17:15:352011-06-11610.10.10.766.23.234.100-> e 227805300
    17:15:382011-06-11610.10.10.791.217.153.61-> e 41280132399
    17:15:432011-06-11610.10.10.791.217.153.61-> e 41280112298
    17:15:452011-06-11610.10.10.760.190.223.75-> e 44888131124
    17:15:482011-06-11610.10.10.791.217.153.61-> e 412805300
    17:15:492011-06-11610.10.10.764.158.56.57-> e 31180142739
    17:15:502011-06-11610.10.10.760.190.223.75-> e 4488810600
    17:15:542011-06-11610.10.10.764.158.56.57-> e 31180112025
    17:15:552011-06-11610.10.10.760.190.223.75-> e 448886360
    17:15:592011-06-11610.10.10.7202.150.208.66-> e 68091408
    17:16:002011-06-11610.10.10.764.158.56.57-> e 311804240
    17:16:582011-06-11610.10.10.760.190.223.75-> e 504888131124
    17:17:032011-06-11610.10.10.760.190.223.75-> e 50488811660
    17:17:082011-06-11610.10.10.760.190.223.75-> e 5048885300
    17:18:102011-06-11610.10.10.760.190.223.75-> e 620888131124
    17:18:152011-06-11610.10.10.760.190.223.75-> e 62088811660
    17:18:202011-06-11610.10.10.760.190.223.75-> e 6208885300
    17:18:422011-06-11610.10.10.791.213.29.63-> e 35344313856
    17:18:422011-06-11610.10.10.795.143.193.138-> e 352809987
    17:18:482011-06-11610.10.10.791.213.29.63-> e 35344311660
    17:18:532011-06-11610.10.10.791.213.29.63-> e 3534435300
    17:18:542011-06-11610.10.10.791.213.29.63-> e 64744313823
    17:18:562011-06-11610.10.10.795.143.193.138-> e 6488091015
    17:20:522011-06-111710.10.10.7239.255.255.250-> e 819001175

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location