Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =811a6c66f510b4b22c10706b4e5c91b9

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    811a6c66f510b4b22c10706b4e5c91b94e72f6206adcd4c7afb5692f093a19d7792f1893e697d7a7febc54461351c53d72baf90e07ce14bb885244fa8a9e74ae0098d12612288:vZoe0wVY0DJeQkbtde8yQXhgC9AEeUaSsc09JGg0c8c:hoe0whD0Hve8/qIAPU+/uZcF457863

    File Results

    File Name
    Ver%5FMensaje.php.exe

    SNORT Results

    Snort ClassSnort AlertCount
    N/ANo snort alerts generated0

    AV Results

    AV AlertAV Vendor

    Folders (Added) - ICC Results

    PathFolder Name

    Files (Added) - ICC Results

    PathFile Name
    c:/Documents and Settings/dmc73144/Local Settings/Temp~DFACA8.tmp
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/system32winlogin.exe
    c:/WINDOWSwinrun.exe
    c:netstat_post.txt
    c:taskv_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed61 F5 94 2F DE 33 C9 23 1B E8 95 26 37 CD 23 B1 5C 14 44 76 8B CF 85 B7 6E 8F C1 9F C4 04 B1 99 A8 0D 2F 42 9A B6 96 BF 7D 01 C8 5D D6 CD 94 CA 16 43 DE 6A D7 1
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows NT/CurrentVersion/Windowsload"" "C

    DNS Results

    DNSDNS Response
    cruzrojayumbo.orgStandard query response A 66.197.162.117

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    66.197.162.117cruzrojayumbo.org/accesos.jpgvb wininet0x06
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    610080748010300
    17203500

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    80610080748010300
    190017203500

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    17:49:382011-07-02610.10.10.766.197.162.117-> e 108809889
    17:49:502011-07-02610.10.10.766.197.162.117-> e 316809889
    17:50:012011-07-02610.10.10.766.197.162.117-> e 21809889
    17:50:132011-07-02610.10.10.766.197.162.117-> e 379809889
    17:50:252011-07-02610.10.10.766.197.162.117-> e 536809889
    17:50:372011-07-02610.10.10.766.197.162.117-> e 212809889
    17:50:492011-07-02610.10.10.766.197.162.117-> e 129809889
    17:51:012011-07-02610.10.10.766.197.162.117-> e 577809889
    17:51:132011-07-02610.10.10.766.197.162.117-> e 323809889
    17:51:242011-07-02610.10.10.766.197.162.117-> e 609809889
    17:51:362011-07-02610.10.10.766.197.162.117-> e 627809889
    17:51:482011-07-02610.10.10.766.197.162.117-> e 325809889
    17:52:002011-07-02610.10.10.766.197.162.117-> e 628809889
    17:52:122011-07-02610.10.10.766.197.162.117-> e 729809889
    17:52:242011-07-02610.10.10.766.197.162.117-> e 730809889
    17:52:362011-07-02610.10.10.766.197.162.117-> e 772809889
    17:52:482011-07-02610.10.10.766.197.162.117-> e 773809889
    17:52:592011-07-02610.10.10.766.197.162.117-> e 820809889
    17:53:112011-07-02610.10.10.766.197.162.117-> e 821809889
    17:53:232011-07-02610.10.10.766.197.162.117-> e 822809889
    17:54:582011-07-021710.10.10.7239.255.255.250-> e 819002350

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location