Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =8ed76ce9d20e747cbd221602ade4cace

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    8ed76ce9d20e747cbd221602ade4cace7d3628a7e3e2211255ccc901f9c00e52faa656de9fbf23e37d7fa462e7493e6cd466c12d5b24ce721949396c3395ead81f5828b012288:znlNzzaIItLfIJllLVcqoLqHrqoWqviqeLqgTnfUAT1Iqm6U3VOj46ONCEYv5zZf:5NpIBsllV505595

    File Results

    File Name
    fotos%5FJPG.exe

    SNORT Results

    Snort ClassSnort AlertCount
    N/ANo snort alerts generated0

    AV Results

    AV AlertAV Vendor
    N/ASymantec
    Suspect-AJ!8ED76CE9D20EMcAfee
    Virus.Win32.Induc.aKaspersky

    Folders (Added) - ICC Results

    PathFolder Name

    Files (Added) - ICC Results

    PathFile Name
    c:/Program Files/Common Filessafemode
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:netstat_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed70 B2 F5 E3 32 83 95 C1 E2 E5 5D A5 08 95 66 DA EE C8 EF 8B 76 86 99 F1 27 4C FD 9A AD 37 2A 55 CF 7C E5 11 D1 6B D2 62 6C F4 98 9C BE 69 91 1F B8 01 DD 82 4E 5

    DNS Results

    DNSDNS Response
    www.segurancavg.comStandard query response A 72.249.105.199

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    109.169.0.64109.169.0.64/secret.phpMozilla/3.0 (compatible; Indy Library)0x06
    72.249.105.199www.segurancavg.com/server.txtMozilla/3.0 (compatible; Indy Library)0x06
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    611916561090
    17203500

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    80611916561090
    190017203500

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    21:53:152011-06-21610.10.10.7109.169.0.64-> e 24980111731
    21:53:162011-06-21610.10.10.772.249.105.199-> e 3118091015
    21:58:502011-06-211710.10.10.7239.255.255.250-> e 819002350

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location