File MD5Sum | SHA1SUM | SHA256SUM | FUZZY HASH | File Size |
---|---|---|---|---|
80427b754b11de653758dd5e1ba3de1c | 554e1331fdc050bd603f6f3628285008a91cba37 | 5b0dd1aa5e1f84d044ac2c381a78144b988cd6d314a9b0ebc862449e9343f499 | 384:KeDE19UDclcuPFFCl0k47fEb/i8xZT1vZS37SCyNS/iPZpf4bacPXkKh9QPpdmx+:nDAUDctFCl0 | 24576 |
File Name |
---|
yourbot.exe |
wsc.exe |
load.php%3Fspl%3Dmdac%5F3%26h%3D.exe |
load.php%3Fspl%3Dmdac%5F3%26amp%3Bh%3D.exe |
load.exe |
exe.exe |
de.exe |
bot.exe |
723.exe |
Snort Class | Snort Alert | Count |
---|---|---|
N/A | No snort alerts generated | 0 |
AV Alert | AV Vendor |
---|---|
Trojan.FakeAV | Symantec |
Generic.dx!pnl | McAfee |
Net-Worm.Win32.Koobface.fxb | Kaspersky |
Path | Folder Name |
---|
Action | Path | File Name |
---|
Action | Path |
---|
Action | Path | Val_Name | Val_Data |
---|
Action | Path | Val_Name | Val_Type | Mod_Val_Type | Val_Data | Mod_Val_Data |
---|
Action | Path | Val_Name | Val_Data | Mod_Val_Data |
---|---|---|---|---|
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | 12 5A BC 39 09 DA BC 1D F7 7D E4 B6 30 13 79 BD 28 72 9C 1C 85 D6 78 6B E3 65 C3 | 93 9F E8 C3 B4 80 91 8A BA 29 A9 8B 81 5A 4F A1 1C 8E FD E1 E0 D3 32 4B F1 17 6 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | 2F 56 3C A3 F7 D9 D4 7E CF 81 FF 29 8E A7 5A 03 67 33 27 2E 0C 69 18 3E F3 B1 89 | E6 D6 1F AD 5C 6F A8 F4 9D 04 5F AE A4 E8 32 60 C6 A7 B5 22 47 59 5A 4B 9A 10 7 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | B4 8A C8 7D ED F5 7F B4 F2 52 49 B6 4E 96 CF 5D 80 A8 91 E2 C1 E9 32 F7 35 10 4D | 8E 4A 0D 06 BB DF F4 7A 9A 45 D6 72 79 59 64 34 9F 6E 08 5A 88 5E 71 DC DA 36 C |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | E8 26 5A 97 49 98 E7 3A 70 5E E3 5F 5C 2A 5E 4B C1 B2 4A C5 07 91 7A 7F 3A DF 46 | 96 B6 DA 1A 13 7E CE 5D 19 97 0B 86 1C B9 23 39 71 A6 05 B9 FA 77 61 46 03 C7 6 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
DNS | DNS Response |
---|
DstIP | HTTP_HOST | HTTP_REQUEST_URI | HTTP_USER_AGENT | PROTOCOL |
---|---|---|---|---|
239.255.255.250 | 239.255.255.250:1900 | * | --blank-- | 0x11 |
PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|
17 | 2 | 0 | 350 | 0 |
DPORT | PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|---|
1900 | 17 | 2 | 0 | 350 | 0 |
Time | Date | Protocol | SrcIP | DstIP | Dir | Flags | Sport | Dport | Pkts | Bytes |
---|---|---|---|---|---|---|---|---|---|---|
09:18:32 | 2010-07-28 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 2 | 350 |
00:38:54 | 2010-07-30 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 2 | 350 |
19:18:48 | 2010-07-30 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 2 | 350 |
14:28:12 | 2010-08-30 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 2 | 350 |
Packer Name |
---|
Honey Trap Log File Location |
---|
PTFB Log File Location |
---|