Malware Report

Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:

MD5 =8bb5873fe1feb146dfe1773ac9d57ce4

Malware Report - Results

File MD5Sum	SHA1SUM	SHA256SUM	FUZZY HASH	File Size
8bb5873fe1feb146dfe1773ac9d57ce4	bc0f089f24c68aa6a3ae030b6c365f0d10cbad5a	29172a5f58224fd406a154796b401e91944390d00d410a04115c9e79a64984cd	6144:RBgh/58KGip9lmh0UwwDdxtPw13OyhFR8uHQ5fSBx:RBMmKGnhDT+JlC1Q	289186

File Results

File Name
inter%2Dsecurity.exe

SNORT Results

Snort Class	Snort Alert	Count
N/A	No snort alerts generated	0

AV Results

AV Alert	AV Vendor

Folders (Added) - ICC Results

Path	Folder Name

Files (Added) - ICC Results

Path	File Name
c:/Documents and Settings/dmc73144/Local Settings/Temp	~DF5C74.tmp
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:/WINDOWS/system32	winsys.exe
c:/WINDOWS	winrun.exe
c:	netstat_post.txt
c:	taskv_post.txt

Files (Deleted) - ICC Results

Action	Path	File Name

Files (Changed) - ICC Results

Action	Path	File Name
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP

Registry Keys (Added) - ICC Results

Action	Path

Registry Values (Added) - ICC Results

Action	Path	Val_Name	Val_Data

Registry Values (Deleted) - ICC Results

Action	Path	Val_Name	Val_Type	Mod_Val_Type	Val_Data	Mod_Val_Data

Registry Values (Changed) - ICC Results

Action	Path	Val_Name	Val_Data	Mod_Val_Data
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	D5 D8 2C E1 AD 3E D8 83 FA 61 09 10 9F 12 5D A0 B0 6B 22 33 C0 B1 78 AF B3 2C CC	FC 41 03 CA CB CF 17 74 20 87 9D 2F A9 C4 4D 70 A9 D9 67 B1 DC E2 84 DD 72 95 5
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows NT/CurrentVersion/Windows	load	""	"C

DNS Results

DNS	DNS Response

URL Results

DstIP	HTTP_HOST	HTTP_REQUEST_URI	HTTP_USER_AGENT	PROTOCOL
174.123.213.82	174.123.213.82	/~dementec/server.php	vb wininet	0x06
239.255.255.250	239.255.255.250:1900	*	--blank--	0x11

ARGUS PROTOCOL Results

PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
6	445	356	33820	45835
17	3	0	525	0

ARGUS DPORT Results

DPORT	PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
80	6	445	356	33820	45835
1900	17	3	0	525	0

ARGUS DATA Results

Time	Date	Protocol	SrcIP	DstIP	Dir	Flags	Sport	Dport	Pkts	Bytes
02:55:48	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	32	80	9	895
02:55:51	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	62	80	9	895
02:55:54	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	63	80	9	895
02:55:56	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	64	80	9	895
02:55:59	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	65	80	9	895
02:56:01	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	66	80	9	895
02:56:04	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	33	80	9	895
02:56:06	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	126	80	9	895
02:56:09	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	392	80	9	895
02:56:11	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	475	80	9	895
02:56:14	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	440	80	9	895
02:56:17	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	332	80	9	895
02:56:19	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	441	80	9	895
02:56:22	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	476	80	9	895
02:56:24	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	415	80	9	895
02:56:27	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	416	80	9	895
02:56:29	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	266	80	9	895
02:56:32	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	393	80	9	895
02:56:35	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	481	80	9	895
02:56:37	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	209	80	9	895
02:56:40	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	442	80	9	895
02:56:42	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	482	80	9	895
02:56:45	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	376	80	9	895
02:56:48	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	210	80	9	895
02:56:50	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	443	80	9	895
02:56:53	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	483	80	9	895
02:56:55	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	444	80	9	895
02:56:58	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	364	80	9	895
02:57:00	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	438	80	9	895
02:57:03	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	493	80	9	895
02:57:05	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	446	80	9	895
02:57:08	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	494	80	9	895
02:57:11	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	447	80	9	895
02:57:13	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	321	80	9	895
02:57:16	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	448	80	9	895
02:57:18	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	495	80	9	895
02:57:21	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	449	80	9	895
02:57:24	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	248	80	9	895
02:57:26	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	284	80	9	895
02:57:29	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	225	80	9	895
02:57:31	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	226	80	9	895
02:57:34	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	227	80	9	895
02:57:36	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	439	80	9	895
02:57:39	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	159	80	9	895
02:57:42	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	451	80	9	895
02:57:44	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	42	80	9	895
02:57:47	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	412	80	9	895
02:57:49	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	91	80	9	895
02:57:52	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	513	80	9	895
02:57:55	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	514	80	9	895
02:57:57	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	452	80	9	895
02:58:00	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	21	80	9	895
02:58:03	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	379	80	9	895
02:58:05	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	189	80	9	895
02:58:08	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	190	80	9	895
02:58:11	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	191	80	9	895
02:58:13	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	92	80	9	895
02:58:16	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	516	80	9	895
02:58:19	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	336	80	9	895
02:58:21	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	337	80	9	895
02:58:24	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	338	80	9	895
02:58:27	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	517	80	9	895
02:58:29	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	612	80	9	895
02:58:32	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	613	80	9	895
02:58:34	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	614	80	9	895
02:58:37	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	615	80	9	895
02:58:39	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	616	80	9	895
02:58:42	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	411	80	9	895
02:58:45	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	456	80	9	895
02:58:47	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	632	80	9	895
02:58:50	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	633	80	9	895
02:58:52	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	634	80	9	895
02:58:55	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	635	80	9	895
02:58:57	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	293	80	9	895
02:59:00	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	471	80	9	895
02:59:03	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	636	80	9	895
02:59:05	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	348	80	9	895
02:59:08	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	24	80	9	895
02:59:10	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	459	80	9	895
02:59:13	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	645	80	9	895
02:59:16	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	460	80	9	895
02:59:18	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	646	80	9	895
02:59:21	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	647	80	9	895
02:59:23	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	648	80	9	895
02:59:26	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	649	80	9	895
02:59:28	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	650	80	9	895
02:59:31	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	651	80	9	895
02:59:33	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	652	80	9	895
02:59:36	2010-06-16	6	10.10.10.7	174.123.213.82	->	e	653	80	9	895
03:01:08	2010-06-16	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
03:01:14	2010-06-16	17	10.10.10.7	239.255.255.250	->	e	8	1900	1	175

Packer Results

Packer Name

HoneyTrap Results

Honey Trap Log File Location

PTFB Results

PTFB Log File Location