Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =933bb6d8cee414557e3633153cb1f3c0

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    933bb6d8cee414557e3633153cb1f3c081749e12407ddbfbc7564f7487c77b7861f356d4e771c3f170e1a7f4d97d5a7557a8fcdb5b050cab277e03df07f965bcfb8790511536:dW9vJ7Z3247p2WI7d+rv43nYCGnm/bbxdzCOrRLj8:Q704zGcQ/Gm/reEH879528

    File Results

    File Name
    l.php.exe
    exe.exe
    %3Fc%3D917.exe

    SNORT Results

    Snort ClassSnort AlertCount
    N/ANo snort alerts generated0

    AV Results

    AV AlertAV Vendor
    N/ASymantec
    N/AMcAfee
    N/AKaspersky
    Trojan.Win32.Qhost.nsoKaspersky

    Folders (Added) - ICC Results

    PathFolder Name

    Files (Added) - ICC Results

    PathFile Name
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/system32hosts
    c:netstat_post.txt
    c:tasksvc_post.txt
    c:taskv_post.txt
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/system32hosts
    c:netstat_post.txt
    c:taskv_post.txt
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/system32hosts
    c:netstat_post.txt
    c:taskv_post.txt
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/system32hosts
    c:netstat_post.txt
    c:tasksvc_post.txt
    c:taskv_post.txt
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/system32hosts
    c:netstat_post.txt
    c:tasksvc_post.txt
    c:taskv_post.txt
    c:/DELL/VIDEO/OUTPUTnetstat_base.txt
    c:/DELL/VIDEO/OUTPUTnetstat_post.txt
    c:/DELL/VIDEO/OUTPUTtasksvc_base.txt
    c:/DELL/VIDEO/OUTPUTtasksvc_post.txt
    c:/DELL/VIDEO/OUTPUTtaskv_base.txt
    c:/DELL/VIDEO/OUTPUTtaskv_post.txt
    c:/WINDOWS/Prefetch7Z.EXE-1A62CD19.pf
    c:/WINDOWS/PrefetchCYGRUNSRV.EXE-01BF82AE.pf
    c:/WINDOWS/PrefetchNET.EXE-01A53C2F.pf
    c:/WINDOWS/PrefetchNET1.EXE-029B9DB4.pf
    c:/DELL/VIDEO/OUTPUTnetstat_base.txt
    c:/DELL/VIDEO/OUTPUTnetstat_post.txt
    c:/DELL/VIDEO/OUTPUTtasksvc_base.txt
    c:/DELL/VIDEO/OUTPUTtasksvc_post.txt
    c:/DELL/VIDEO/OUTPUTtaskv_base.txt
    c:/DELL/VIDEO/OUTPUTtaskv_post.txt
    c:/WINDOWS/Prefetch7Z.EXE-1A62CD19.pf
    c:/WINDOWS/PrefetchNET.EXE-01A53C2F.pf
    c:/WINDOWS/PrefetchNET1.EXE-029B9DB4.pf
    c:netstat_post.txt
    c:tasksvc_post.txt
    c:taskv_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/Program Files/OpenSSH/var/runsshd.pid
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/PrefetchWMIPRVSE.EXE-28F301A9.pf
    modifiedc:/WINDOWS/system32/wbem/Logswbemess.log
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/PrefetchWMIPRVSE.EXE-28F301A9.pf
    modifiedc:/WINDOWS/system32/wbem/Logswbemess.log
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/PrefetchWMIPRVSE.EXE-28F301A9.pf
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed45 72 55 20 D8 23 86 DC 85 0B 80 93 54 22 1A C6 4B 24 EE 2B AB FA 78 C3 29 F0 90 3A 4F 23 F2 89 BD 7F F7 31 CD CD 0F A7 9D AB B9 AD D7 46 D7 A8 58 CF 58 F6 9E 8
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed9F 99 E9 CD 73 33 40 FB 65 28 FB 8B F3 A2 BF A2 E3 F5 FF 74 5F 17 40 B9 FA 4D E1 26 7A 3F 11 D0 88 53 61 67 0D 4D 7C 9B 76 7F 86 59 81 BF D4 A5 31 83 38 0C DB C
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeedFC 32 65 78 EB 51 02 E7 2D D8 E3 1B 33 97 BE 0E E0 0D F5 83 F5 2B 10 34 23 72 8E 69 5B D7 89 1F 97 26 D7 27 5A 7B 9F 1D 05 90 E9 7A 20 56 54 D6 F2 FC 73 D7 74 A
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed54 4E B0 3B 57 BD 47 62 94 70 45 63 9F A2 11 B9 23 D7 F5 D4 2F 34 34 32 FB A9 3D E8 90 9F 75 C6 33 F4 A6 8C 93 DA A6 BD 18 83 27 C7 86 18 15 3D 47 43 BB 7D 23 A
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed90 53 75 F9 E5 94 14 FE 15 F5 2C FB D3 43 5C F3 42 DC DF 6C 2A F5 FC F7 07 EF FC FF C3 AB E2 9C 26 40 D8 CC 7A 24 E9 B8 4A 53 46 79 76 CA 0A B7 B0 AB 5A 77 27 1
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeedDC FB 58 40 9E AA AE 36 A2 32 99 3D 36 A5 FA 62 A1 84 3E 98 4E CF F4 60 4C 03 52 B5 3C B0 C4 B1 E8 C8 CC DF 4E 5F 79 2F C8 A9 92 FE E5 C6 94 6A CD 82 26 6C FA A
    modifiedHKLM/SYSTEM/ControlSet001/Control/ServiceCurrent0x00000009 0x0000000A
    modifiedHKLM/SYSTEM/CurrentControlSet/Control/ServiceCurrent0x00000009 0x0000000A
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed06 ED 84 FE 65 C8 33 5E F0 95 04 6C 0C 99 BC 59 36 54 18 3E D7 7C 3E A7 E6 FC 63 DC 58 04 15 1D B0 04 DE 38 DF 6F 65 E6 63 65 21 BB 05 1D C0 FE 4A 6A C8 AF 40 5
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeedC0 46 1D FC 56 91 45 5B 51 2A A6 EB D5 F9 72 D4 53 33 4B 26 EA F0 08 62 63 40 46 63 95 34 48 6F 0A 27 A9 D7 7B 85 BB CD 63 A2 DF 5F 13 71 31 56 3A 9C 2D BF D0 D
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001

    DNS Results

    DNSDNS Response

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    17305250

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    190017305250

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    13:59:222010-08-091710.10.10.7239.255.255.250-> e 819002350
    13:59:282010-08-091710.10.10.7239.255.255.250-> e 819001175
    22:26:102010-08-091710.10.10.7239.255.255.250-> e 819002350
    08:50:262010-08-101710.10.10.7239.255.255.250-> e 819002350
    01:34:492010-08-111710.10.10.7239.255.255.250-> e 819002350
    07:16:312010-08-111710.10.10.7239.255.255.250-> e 819002350
    19:12:522010-08-111710.10.10.7239.255.255.250-> e 819002350
    19:12:582010-08-111710.10.10.7239.255.255.250-> e 819001175
    07:06:512010-08-121710.10.10.7239.255.255.250-> e 819002350
    07:42:382010-08-131710.10.10.7239.255.255.250-> e 819001175

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location