Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =8786c4ee5eab3d45cf751bae299a6142

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    8786c4ee5eab3d45cf751bae299a6142f27e889b540cbf12543448fd4cb3cc7aa32b6f0b5ab42849f2642e10561a3d70aea0131e3d617664286d59a07c9fd4757d8db7676144:lhR2+yf2/X9iSHCQCly3AcyAIsgmAj3Nt9OA:y2/X9iECDgHppXkOA216570

    File Results

    File Name
    QvodSetupPlusGwA1.exe

    SNORT Results

    Snort ClassSnort AlertCount
    Misc activityICMP Destination Unreachable Port Unreachable2
    A Network Trojan was detectedET USER_AGENTS QVOD Related Spyware/Malware User-Agent (Qvod)1

    AV Results

    AV AlertAV Vendor
    TrojanSymantec
    Artemis!8786C4EE5EABMcAfee
    Trojan-Downloader.Win32.Geral.vnkKaspersky

    Folders (Added) - ICC Results

    PathFolder Name
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5ITB2CJ0C

    Files (Added) - ICC Results

    PathFile Name
    c:/DELL/VIDEO/OUTPUTnetstat_base.txt
    c:/DELL/VIDEO/OUTPUTnetstat_post.txt
    c:/DELL/VIDEO/OUTPUTtasksvc_base.txt
    c:/DELL/VIDEO/OUTPUTtasksvc_post.txt
    c:/DELL/VIDEO/OUTPUTtaskv_base.txt
    c:/DELL/VIDEO/OUTPUTtaskv_post.txt
    c:/Documents and Settings/dmc73144/Local Settings/Temp156468.dll
    c:/Documents and Settings/dmc73144/Local Settings/Tempope2.tmp
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0CCount[1].asp
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0Cdesktop.ini
    c:/WINDOWS/Prefetch165171.EXE-19A670E1.pf
    c:/WINDOWS/Prefetch7Z.EXE-1A62CD19.pf
    c:/WINDOWS/PrefetchGWA1.EXE-25D6508F.pf
    c:/WINDOWS/PrefetchNET.EXE-01A53C2F.pf
    c:/WINDOWS/PrefetchNET1.EXE-029B9DB4.pf
    c:/WINDOWS/PrefetchQVODSETUP.EXE-14EDF353.pf
    c:/WINDOWS/PrefetchRUNDLL32.EXE-33B34BC9.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/system32165171.exe
    c:/WINDOWS/system32scvhost.exe
    c:QvodSetup.exe

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/PrefetchWMIPRVSE.EXE-28F301A9.pf
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/configsystem.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswbemess.log
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING1.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed1A 53 30 8D 42 C9 D8 9B 97 84 4E 68 F0 07 BE 42 48 CD CF 6B 91 3C A2 6C 6A 6A 85 33 C2 9C 53 33 77 EC CB C0 B7 C6 4C 13 B0 05 C4 DE A1 DF BB DA 2E 3B 14 88 7A 7
    modifiedHKLM/SYSTEM/ControlSet001/Services/SharedAccess/EpochEpoch0x00000104 0x00000105
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/EpochEpoch0x00000104 0x00000105
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000003

    DNS Results

    DNSDNS Response
    update.qvod.comStandard query response A 122.225.115.152
    track.qvod.comStandard query response A 122.225.115.135 A 122.225.115.138 A 122.225.115.141 A 122.225.115.132
    stun.qvod.comStandard query response A 61.139.219.210
    stun01.sipphone.comStandard query response A 198.65.166.165
    agent.qvod.comStandard query response A 122.225.115.155
    ad.3cg5.comStandard query response A 121.14.151.72
    count.3cg5.comStandard query response A 122.224.32.220
    track.qvod.comStandard query response A 122.225.115.132 A 122.225.115.135 A 122.225.115.138 A 122.225.115.141

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    122.225.115.152update.qvod.com/qd.jpgQvodDown0x06
    10.10.10.1239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    117012070
    62973411965090655
    1789300699218000

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    233131604260
    230571503550
    320311201420
    322871402840
    726302819811684
    8062533001668188189
    8861413988782
    801743248335414880
    1900174206981200
    347817423229401920

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    14:53:432011-04-08110.10.10.761.139.219.210-> e 4007233136426
    14:53:432011-04-08110.10.10.761.139.219.210-> e 4007230575355
    14:53:462011-04-08110.10.10.7198.65.166.165-> e 4007320312142
    14:53:462011-04-08110.10.10.7198.65.166.165-> e 4007322874284
    14:53:382011-04-08610.10.10.7122.225.115.152-> e d 8980142416
    14:53:442011-04-08610.10.10.7122.225.115.152-> e 8980101965
    14:53:482011-04-08610.10.10.7122.225.115.155-> e 41780152299
    14:53:492011-04-08610.10.10.7122.225.115.152-> e 89804513
    14:53:532011-04-08610.10.10.7122.225.115.155-> e 41780122388
    14:53:552011-04-08610.10.10.7121.14.151.72-> e 1197213871
    14:53:552011-04-08610.10.10.7122.224.32.220-> e 3788813930
    14:53:582011-04-08610.10.10.7122.225.115.155-> e 41780111782
    14:54:012011-04-08610.10.10.7121.14.151.72-> e 1197210600
    14:54:012011-04-08610.10.10.7122.224.32.220-> e 3788810600
    14:54:032011-04-08610.10.10.7122.225.115.155-> e 41780122388
    14:54:062011-04-08610.10.10.7121.14.151.72-> e 119726360
    14:54:062011-04-08610.10.10.7122.224.32.220-> e 378884240
    14:54:092011-04-08610.10.10.7122.225.115.155-> e 41780112055
    14:54:142011-04-08610.10.10.7122.225.115.155-> e 41780122115
    14:54:192011-04-08610.10.10.7122.225.115.155-> e 41780122388
    14:54:252011-04-08610.10.10.7122.225.115.155-> e 41780112055
    14:54:302011-04-08610.10.10.7122.225.115.155-> e 41780122115
    14:54:352011-04-08610.10.10.7122.225.115.155-> e 41780112055
    14:54:412011-04-08610.10.10.7122.225.115.155-> e 41780112055
    14:54:462011-04-08610.10.10.7122.225.115.155-> e 41780122388
    14:54:512011-04-08610.10.10.7122.225.115.155-> e 41780122115
    14:54:572011-04-08610.10.10.7122.225.115.155-> e 41780132448
    14:55:032011-04-08610.10.10.7122.225.115.155-> e 41780122115
    14:53:402011-04-081710.10.10.761.139.219.210<-> eU 30413478161030
    14:53:402011-04-081710.10.10.761.139.219.210<-> eU 30423478271760
    14:53:432011-04-081710.10.10.7198.65.166.165<-> eU 5481347810670
    14:53:432011-04-081710.10.10.7198.65.166.165<-> eU 54823478211400
    14:53:452011-04-081710.10.10.710.10.10.1<-> e 5031900131238
    14:53:482011-04-081710.10.10.7122.225.115.135<-> e 4001806378
    14:53:512011-04-081710.10.10.710.10.10.1<- e 503190011660
    14:53:532011-04-081710.10.10.7122.225.115.135<-> e 4001807438
    14:53:582011-04-081710.10.10.7122.225.115.135<-> e 4001805318
    14:54:032011-04-081710.10.10.7122.225.115.135<-> e 4001807438
    14:54:092011-04-081710.10.10.7122.225.115.135<-> e 4001806378
    14:54:142011-04-081710.10.10.7122.225.115.135<-> e 4001807438
    14:54:202011-04-081710.10.10.7122.225.115.135<-> e 4001806378
    14:54:252011-04-081710.10.10.7122.225.115.135<-> e 4001806378
    14:54:302011-04-081710.10.10.7122.225.115.135<-> e 4001807438
    14:54:362011-04-081710.10.10.7122.225.115.135<-> e 4001805318
    14:54:422011-04-081710.10.10.7122.225.115.135<-> e 4001807456
    14:54:482011-04-081710.10.10.7122.225.115.135<-> e 4001807438
    14:54:542011-04-081710.10.10.7122.225.115.135<-> e 4001807438
    14:55:002011-04-081710.10.10.7122.225.115.135<-> e 4001806378
    14:55:052011-04-081710.10.10.7122.225.115.135<-> e 4001805318
    14:55:082011-04-08610.10.10.7122.225.115.155-> e 41780112055
    14:55:132011-04-08610.10.10.7122.225.115.155-> e 41780142538
    14:55:192011-04-08610.10.10.7122.225.115.155-> e 41780101965
    14:55:242011-04-08610.10.10.7122.225.115.155-> e 41780142538
    14:55:302011-04-08610.10.10.7122.225.115.155-> e 41780112055
    14:55:352011-04-08610.10.10.7122.225.115.155-> e 41780132448
    14:55:412011-04-08610.10.10.7122.225.115.155-> e 41780132448
    14:55:472011-04-08610.10.10.7122.225.115.155-> e 41780101965
    14:55:522011-04-08610.10.10.7122.225.115.155-> e 41780112055
    14:55:572011-04-08610.10.10.7122.225.115.155-> e 41780112055
    14:56:022011-04-08610.10.10.7122.225.115.155-> e 41780112055
    14:56:072011-04-08610.10.10.7122.225.115.155-> e 41780122388
    14:56:122011-04-08610.10.10.7122.225.115.155-> e 41780112055
    14:56:172011-04-08610.10.10.7122.225.115.155-> e 41780122115
    14:56:232011-04-08610.10.10.7122.225.115.155-> e 41780112055
    14:56:282011-04-08610.10.10.7122.225.115.155-> e 41780112055
    14:56:332011-04-08610.10.10.7122.225.115.155-> e 41780122388
    14:56:392011-04-08610.10.10.7122.225.115.155-> e 41780112055
    14:56:442011-04-08610.10.10.7122.225.115.155-> e 41780112055
    14:56:492011-04-08610.10.10.7122.225.115.155-> e 41780112055
    14:56:542011-04-08610.10.10.7122.225.115.155-> e 41780122115
    14:56:592011-04-08610.10.10.7122.225.115.155-> e 41780101965
    14:57:042011-04-08610.10.10.7122.225.115.155-> e 41780112055
    14:57:092011-04-08610.10.10.7122.225.115.155-> e 41780122388
    14:57:152011-04-08610.10.10.7122.225.115.155-> e 41780112055
    14:57:202011-04-08610.10.10.7122.225.115.155-> e 41780122115
    14:57:252011-04-08610.10.10.7122.225.115.155-> e 41780122388
    14:57:312011-04-08610.10.10.7122.225.115.155-> e 41780112055
    14:57:362011-04-08610.10.10.7122.225.115.155-> e 41780112055
    14:57:412011-04-08610.10.10.7122.225.115.155-> e d 4178081845
    14:57:462011-04-08610.10.10.7122.225.115.155-> e d 4178032115
    14:57:542011-04-08610.10.10.7122.225.115.155-> e d 417801333
    14:59:092011-04-08610.10.10.7122.225.115.155-> e d 417801333
    14:55:102011-04-081710.10.10.7122.225.115.135<-> e 4001807438
    14:55:162011-04-081710.10.10.7122.225.115.135<-> e 4001807438
    14:55:222011-04-081710.10.10.7122.225.115.135<-> e 40018010618
    14:55:282011-04-081710.10.10.7122.225.115.135<-> e 40018012738
    14:55:342011-04-081710.10.10.7122.225.115.135<-> e 4001807438
    14:55:392011-04-081710.10.10.7122.225.115.135<-> e 4001806378
    14:55:452011-04-081710.10.10.7122.225.115.135<-> e 4001807438
    14:55:512011-04-081710.10.10.7122.225.115.135<- e 4001805300
    14:55:522011-04-081710.10.10.7122.225.115.132<-> e 4001805318
    14:55:562011-04-081710.10.10.7122.225.115.135<- e 400180160
    14:55:572011-04-081710.10.10.7122.225.115.132<-> e 4001806378
    14:56:022011-04-081710.10.10.7122.225.115.132<-> e 4001806378
    14:56:072011-04-081710.10.10.7122.225.115.132<-> e 4001807438
    14:56:132011-04-081710.10.10.7122.225.115.132<-> e 4001806378
    14:56:182011-04-081710.10.10.7122.225.115.132<-> e 4001806378
    14:56:232011-04-081710.10.10.7122.225.115.132<-> e 4001807438
    14:56:292011-04-081710.10.10.7122.225.115.132<-> e 4001806378
    14:56:342011-04-081710.10.10.7122.225.115.132<-> e 4001806378
    14:56:392011-04-081710.10.10.7122.225.115.132<-> e 4001805318
    14:56:442011-04-081710.10.10.7122.225.115.132<-> e 4001806378
    14:56:492011-04-081710.10.10.7122.225.115.132<-> e 4001806378
    14:56:542011-04-081710.10.10.7122.225.115.132<-> e 4001807438
    14:57:002011-04-081710.10.10.7122.225.115.132<-> e 4001806378
    14:57:052011-04-081710.10.10.7122.225.115.132<- e 4001805300
    14:57:112011-04-081710.10.10.7122.225.115.132<-> e 4001807438
    14:57:162011-04-081710.10.10.7122.225.115.132<-> e 4001807438
    14:57:222011-04-081710.10.10.7122.225.115.132<-> e 4001808516
    14:57:292011-04-081710.10.10.7122.225.115.132<-> e 4001807438
    14:57:352011-04-081710.10.10.7122.225.115.132<-> e 4001807438
    14:57:412011-04-081710.10.10.7122.225.115.132<- e 4001806360
    14:57:462011-04-081710.10.10.7122.225.115.132<- e 4001803180

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location