Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =7dd45a67e5f3a1443304ed41cbabd0a6

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    7dd45a67e5f3a1443304ed41cbabd0a6N/AN/AN/A237820

    File Results

    File Name
    worm.exe

    SNORT Results

    Snort ClassSnort AlertCount
    N/ANo snort alerts generated0

    AV Results

    AV AlertAV Vendor
    Backdoor.TrojanSymantec
    Generic.dx!baoMcAfee
    Trojan.Win32.Scar.edlvKaspersky

    Folders (Added) - ICC Results

    PathFolder Name
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5ITB2CJ0C

    Files (Added) - ICC Results

    PathFile Name
    c:/Documents and Settings/dmc73144/Application Data/Mozilla/Firefox/Profiles/ektregxy.defaultsignons.sqlite
    c:/Documents and Settings/dmc73144/Application Datalovely.ini
    c:/Documents and Settings/dmc73144/Application Datanet.bat
    c:/Documents and Settings/dmc73144/Application Datanet.vbs
    c:/Documents and Settings/dmc73144/Application Datasvchost.exe.exe
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0Cdesktop.ini
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0Cprofile[1].htm
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0Cprofile[2].htm
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0Cprofile[3].htm
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0Cprofile[4].htm
    c:/WINDOWS/PrefetchAUTOIT3.EXE-32361418.pf
    c:/WINDOWS/PrefetchDIEP.EXE-0B3E1DC8.pf
    c:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    c:/WINDOWS/PrefetchREGSHOT.EXE-010A5EE6.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144NTUSER.DAT
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchNTOSBOOT-B00DFAAD.pf
    modifiedc:/WINDOWS/PrefetchSCP.EXE-174845DC.pf
    modifiedc:/WINDOWS/PrefetchSENDIT.EXE-34C997E3.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/PrefetchWMIPRVSE.EXE-28F301A9.pf
    modifiedc:/WINDOWSSchedLgU.Txt
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts

    Registry Keys (Added) - ICC Results

    ActionPath
    addedHKLM/SOFTWARE/Microsoft/DownloadManager
    addedHKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_FASTFAT/0000/Control
    addedHKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_FASTFAT/0000/Control
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/Active Directory GC
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/Bigfoot
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/VeriSign
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/WhoWhere

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data
    addedHKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/RunWindows Svchost "C:/Documents and Settings/dmc73144/Application Data/svchost.exe.exe"
    addedHKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_FASTFAT/0000/ControlActiveService"Fastfat"
    addedHKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_FASTFAT/0000/ControlActiveService"Fastfat"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Identities/{32BF15D6-D919-458D-8A1A-AC3F3B3F3027}Identity Ordinal0x00000001
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/RunWindows Svchost "C:/Documents and Settings/dmc73144/Application Data/svchost.exe.exe"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/RunOnceFILE_9595 "C:/Documents and Settings/dmc73144/Application Data/FILE_9595.exe"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/WhoWhereLDAP Server ID0x00000003
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/WhoWhereAccount Name"WhoWhere Internet Directory Service"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/WhoWhereLDAP Server"ldap.whowhere.com"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/WhoWhereLDAP URL"http
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/WhoWhereLDAP Search Return0x00000064
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/WhoWhereLDAP Timeout0x0000003C
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/WhoWhereLDAP Authentication0x00000000
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/WhoWhereLDAP Simple Search0x00000001
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/WhoWhereLDAP Logo"%ProgramFiles%Common FilesServiceswhowhere.bmp"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/VeriSignLDAP Server ID0x00000002
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/VeriSignAccount Name"VeriSign Internet Directory Service"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/VeriSignLDAP Server"directory.verisign.com"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/VeriSignLDAP URL"http
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/VeriSignLDAP Search Return0x00000064
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/VeriSignLDAP Timeout0x0000003C
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/VeriSignLDAP Authentication0x00000000
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/VeriSignLDAP Search Base"NULL"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/VeriSignLDAP Simple Search0x00000001
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/VeriSignLDAP Logo"%ProgramFiles%Common FilesServicesverisign.bmp"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/BigfootLDAP Server ID0x00000001
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/BigfootAccount Name"Bigfoot Internet Directory Service"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/BigfootLDAP Server"ldap.bigfoot.com"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/BigfootLDAP URL"http
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/BigfootLDAP Search Return0x00000064
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/BigfootLDAP Timeout0x0000003C
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/BigfootLDAP Authentication0x00000000
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/BigfootLDAP Simple Search0x00000001
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/BigfootLDAP Logo"%ProgramFiles%Common FilesServicesbigfoot.bmp"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/Active Directory GCLDAP Server ID0x00000000
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/Active Directory GCAccount Name"Active Directory"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/Active Directory GCLDAP Server"NULL"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/Active Directory GCLDAP Search Return0x00000064
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/Active Directory GCLDAP Timeout0x0000003C
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/Active Directory GCLDAP Authentication0x00000002
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/Active Directory GCLDAP Simple Search0x00000000
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/Active Directory GCLDAP Bind DN0x00000000
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/Active Directory GCLDAP Port0x00000CC4
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/Active Directory GCLDAP Resolve Flag0x00000001
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/Active Directory GCLDAP Secure Connection0x00000000
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/Active Directory GCLDAP User Name"NULL"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/Accounts/Active Directory GCLDAP Search Base"NULL"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/AccountsAssociatedIDD6 15 BF 32 19 D9 8D 45 8A 1A AC 3F 3B 3F 30 27
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/AccountsPreConfigVer0x00000004
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account Manager/AccountsPreConfigVerNTDS0x00000001
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account ManagerServer ID0x00000004
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet Account ManagerDefault LDAP Account"Active Directory GC"

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeedCC 30 B5 A7 D9 45 F0 99 FA 05 0F 20 FF B8 D2 AB 63 E6 36 77 5A F0 71 DD 09 0F 0B57 B6 C9 34 E1 85 C5 4B 16 78 3D C7 0D 62 44 E0 69 CD 36 9C 2B 50 DF 3E FC 26 4D
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/IdentitiesIdentity Ordinal0x000000010x00000002
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 003C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00

    DNS Results

    DNSDNS Response
    www.facebook.comStandard query response A 69.171.228.11

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    69.171.228.11www.facebook.com/profile.php?id=857470339108769&sk=infoMozilla/5.0 (Windows NT 6.1; rv:2.0b7pre) Gecko/20100921 Firefox/4.0b7pre0x06
    69.171.228.11www.facebook.com/profile.php?id=27263888416361&sk=infoMozilla/5.0 (Windows NT 6.1; rv:2.0b7pre) Gecko/20100921 Firefox/4.0b7pre0x06
    69.171.228.11www.facebook.com/profile.php?id=549726439795707&sk=infoMozilla/5.0 (Windows NT 6.1; rv:2.0b7pre) Gecko/20100921 Firefox/4.0b7pre0x06
    69.171.228.11www.facebook.com/profile.php?id=31540994694756&sk=infoMozilla/5.0 (Windows NT 6.1; rv:2.0b7pre) Gecko/20100921 Firefox/4.0b7pre0x06
    69.171.228.11www.facebook.com/profile.php?id=726043406685916&sk=infoMozilla/5.0 (Windows NT 6.1; rv:2.0b7pre) Gecko/20100921 Firefox/4.0b7pre0x06
    69.171.228.11www.facebook.com/profile.php?id=93147862530184&sk=infoMozilla/5.0 (Windows NT 6.1; rv:2.0b7pre) Gecko/20100921 Firefox/4.0b7pre0x06

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    6302429253090

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    806302429253090

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    04:22:482011-10-04610.10.10.769.171.228.11-> e 5568091003
    04:23:202011-10-04610.10.10.769.171.228.11-> e 6138091002
    04:23:512011-10-04610.10.10.769.171.228.11-> e 248091003
    04:24:222011-10-04610.10.10.769.171.228.11-> e 6828091002
    04:24:382011-10-04610.10.10.769.171.228.11-> e 7068091003
    04:24:542011-10-04610.10.10.769.171.228.11-> e 7358091002

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location