Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =7fa68ae89f63bdbb5603610441ab8175

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    7fa68ae89f63bdbb5603610441ab81759302c2450537d84f5772e7d12d60dee91f6468d128b5e9bd8453f930b4529171b51af45252bfe1657f5d7d759a53f1bc47c40ad912288:8BMmKGnhDT+JlChHgnMEuJ2XmLJoS05Z32mykIc:OMmnDC+hHgME8mwJovnGmqc541680

    File Results

    File Name
    youtube.exe

    SNORT Results

    Snort ClassSnort AlertCount
    A Network Trojan was detectedET TROJAN Banker.OT Checkin1
    A Network Trojan was detectedET TROJAN Banker.OT Checkin (2 packet)1

    AV Results

    AV AlertAV Vendor
    N/ASymantec
    Generic.dx!tczMcAfee
    N/AKaspersky

    Folders (Added) - ICC Results

    PathFolder Name

    Files (Added) - ICC Results

    PathFile Name
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWSsystemhosts.exe
    c:netstat_post.txt
    c:taskv_post.txt
    c:tempcharc

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING1.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed8E 87 18 09 A3 EB 91 8D 27 3A 09 37 F7 0A A5 48 0C A0 5B 4B 05 DF 75 5F EB 1E 0B F1 A8 6D 26 F1 3D 8C 33 57 2C DA 59 CB 3D C5 3A 79 4C ED 78 9B 62 9A E7 F1 D2 7

    DNS Results

    DNSDNS Response
    akininguemtaska.infoStandard query response A 65.254.54.5

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    65.254.54.5akininguemtaska.info/link1.txtMozilla/3.0 (compatible; Indy Library)0x06
    65.254.54.5akininguemtaska.info/link2.txtMozilla/3.0 (compatible; Indy Library)0x06
    65.254.54.5akininguemtaska.info/link3.txtMozilla/3.0 (compatible; Indy Library)0x06
    65.254.54.5akininguemtaska.info/sh0w.phpMozilla/3.0 (compatible; Indy Library)0x06
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    6211726032120
    17508750

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    806211726032120
    190017508750

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    19:58:552010-07-11610.10.10.765.254.54.5-> e 63809969
    19:58:562010-07-11610.10.10.765.254.54.5-> e 65809969
    19:58:572010-07-11610.10.10.765.254.54.5-> e 66809969
    19:58:582010-07-11610.10.10.765.254.54.5-> e 3380111816
    20:04:152010-07-111710.10.10.7239.255.255.250-> e 400219002350
    20:04:212010-07-111710.10.10.7239.255.255.250-> e 400219001175
    20:04:252010-07-111710.10.10.7239.255.255.250-> e 356219002350

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location