Malware Report

Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:

MD5 =85f8e7fb23b30ee0fe9aee0c5608286a

Malware Report - Results

File MD5Sum	SHA1SUM	SHA256SUM	FUZZY HASH	File Size
85f8e7fb23b30ee0fe9aee0c5608286a	27420bfac964dee92c9877b39bdfc3f309d8e9e2	64a06df2ec02bd417fcf2110f07f52b43951cb1465f9dd9fdda4c8143c7df8e1	768:PmOhplcsHvKWzX6HJmFqda7kolxeWAnbcuyD7UdkUGFd:+OhplcsHv1X6n0VfAnouy8dkUG	29184

File Results

File Name

SNORT Results

Snort Class	Snort Alert	Count
N/A	No snort alerts generated	0

AV Results

AV Alert	AV Vendor
N/A	Symantec
Artemis!85F8E7FB23B3	McAfee
Trojan-Banker.BAT.Qhost.ak	Kaspersky

Folders (Added) - ICC Results

Path	Folder Name
c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	MSHist012011072820110729
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	ITB2CJ0C

Files (Added) - ICC Results

Path	File Name
c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5/MSHist012011072820110729	index.dat
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	desktop.ini
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	redirect2[1].htm
c:/WINDOWS/Prefetch	IEXPLORE.EXE-27122324.pf
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:	netstat_post.txt
c:	taskv_post.txt

Files (Deleted) - ICC Results

Action	Path	File Name

Files (Changed) - ICC Results

Action	Path	File Name
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	ATTRIB.EXE-39EAFB02.pf
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP

Registry Keys (Added) - ICC Results

Action	Path

Registry Values (Added) - ICC Results

Action	Path	Val_Name	Val_Data

Registry Values (Deleted) - ICC Results

Action	Path	Val_Name	Val_Type	Mod_Val_Type	Val_Data	Mod_Val_Data

Registry Values (Changed) - ICC Results

Action	Path	Val_Name	Val_Data	Mod_Val_Data
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	D8 EA 84 65 97 F3 C2 C0 C0 2C 80 F1 5A E7 F4 A1 2E B3 75 69 A6 BD 1C 24 55 31 51	60 BF C3 FF 0B 43 3D A0 C9 F7 CD D8 00 56 12 73 CB EB F2 0B CE 41 A4 CD DC AA 4
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Explorer/UserAssist/{5E6AB780-7743-11CF-A12B-00AA004AE837}/Count	HRZR_PGYFRFFVBA	89 C3 53 0E 0D 00 00 00	A6 69 62 0E 0E 00 00 00
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}/iexplore	Count	0x00000007	0x00000008
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Ext/Stats/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}/iexplore	Time	D9 07 0C 00 03 00 09 00 03 00 0C 00 36 00 51 02	DB 07 07 00 04 00 1C 00 0E 00 2C 00 04 00 60 03
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/BagMRU	MRUListEx	01 00 00 00 00 00 00 00 02 00 00 00 04 00 00 00 03 00 00 00 FF FF FF FF	00 00 00 00 01 00 00 00 02 00 00 00 04 00 00 00 03 00 00 00 FF FF FF FF

DNS Results

DNS	DNS Response

URL Results

DstIP	HTTP_HOST	HTTP_REQUEST_URI	HTTP_USER_AGENT	PROTOCOL
124.197.128.13	124.197.128.13	/redirect2.html	Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)	0x06
239.255.255.250	239.255.255.250:1900	*	--blank--	0x11

ARGUS PROTOCOL Results

PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
6	5	4	512	515
17	1	0	175	0

ARGUS DPORT Results

DPORT	PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
80	6	5	4	512	515
1900	17	1	0	175	0

ARGUS DATA Results

Time	Date	Protocol	SrcIP	DstIP	Dir	Flags	Sport	Dport	Pkts	Bytes
10:44:05	2011-07-28	6	10.10.10.7	124.197.128.13	->	e	42	80	9	1027
10:49:34	2011-07-28	17	10.10.10.7	239.255.255.250	->	e	8	1900	1	175

Packer Results

Packer Name

HoneyTrap Results

Honey Trap Log File Location

PTFB Results

PTFB Log File Location