Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =9fcc081de0f2a75aa79ba31752b33fea

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    9fcc081de0f2a75aa79ba31752b33feae4442cee0d22258354ab6da1eb9132c5ffa717d5df42068e6ed4c95393aacb0da1cc7629a836d60737c2820526c4a8e60886c62c12288:avkiy90NQWe1MwdLcVEA6avS1VFYGq6JDBGOsxo6JZAMSf:iyMQdA6JlYyJ9GO6g9633619

    File Results

    File Name
    security%2Dbaghdad.exe

    SNORT Results

    Snort ClassSnort AlertCount
    N/ANo snort alerts generated0

    AV Results

    AV AlertAV Vendor
    Trojan.ADHSymantec
    Artemis!9FCC081DE0F2McAfee
    Trojan.Win32.VBKrypt.elssKaspersky

    Folders (Added) - ICC Results

    PathFolder Name
    c:/Documents and Settings/dmc73144/Local Settings/Application DataXenocode
    c:/Documents and Settings/dmc73144/Local Settings/Application Data/XenocodeSandbox
    c:/Documents and Settings/dmc73144/Local Settings/Application Data/Xenocode/SandboxNEW DESIGN
    c:/Documents and Settings/dmc73144/Local Settings/Application Data/Xenocode/Sandbox/NEW DESIGN2.0.1.1
    c:/Documents and Settings/dmc73144/Local Settings/Application Data/Xenocode/Sandbox/NEW DESIGN/2.0.1.12011.07.21T21.49
    c:/Documents and Settings/dmc73144/Local Settings/Application Data/Xenocode/Sandbox/NEW DESIGN/2.0.1.1/2011.07.21T21.49Native
    c:/Documents and Settings/dmc73144/Local Settings/Application Data/Xenocode/Sandbox/NEW DESIGN/2.0.1.1/2011.07.21T21.49/NativeSTUBEXE
    c:/Documents and Settings/dmc73144/Local Settings/Application Data/Xenocode/Sandbox/NEW DESIGN/2.0.1.1/2011.07.21T21.49/Native/STUBEXE@PROFILE@
    c:/Documents and Settings/dmc73144/Local Settings/Application Data/Xenocode/Sandbox/NEW DESIGN/2.0.1.1/2011.07.21T21.49/Native/STUBEXE/@PROFILE@Local Settings
    c:/Documents and Settings/dmc73144/Local Settings/Application Data/Xenocode/Sandbox/NEW DESIGN/2.0.1.1/2011.07.21T21.49/Native/STUBEXE/@PROFILE@/Local SettingsTEMP
    c:/Documents and Settings/dmc73144/Local Settings/Application Data/Xenocode/Sandbox/NEW DESIGN/2.0.1.1/2011.07.21T21.49/Native/STUBEXE/@PROFILE@/Local Settings/TempIXP000.TMP
    c:/Documents and Settings/dmc73144/Local Settings/Application Data/Xenocode/Sandbox/NEW DESIGN/2.0.1.1/2011.07.21T21.49Virtual
    c:/Documents and Settings/dmc73144/Local Settings/Application Data/Xenocode/Sandbox/NEW DESIGN/2.0.1.1/2011.07.21T21.49/VirtualSTUBEXE
    c:/Documents and Settings/dmc73144/Local Settings/Application Data/Xenocode/Sandbox/NEW DESIGN/2.0.1.1/2011.07.21T21.49/Virtual/STUBEXE@SYSTEM@
    c:/Documents and Settings/dmc73144/Local Settings/Application Data/Xenocode/Sandbox/NEW DESIGN/2.0.1.1/2011.07.21T21.49/VirtualSXS
    c:/Documents and Settings/dmc73144/Local Settings/Application Data/Xenocode/Sandbox/NEW DESIGN/2.0.1.1/2011.07.21T21.49/Virtual/SXSManifests
    c:/Documents and Settings/dmc73144/Local Settings/Application Data/Xenocode/Sandbox/NEW DESIGN/2.0.1.1/2011.07.21T21.49/Virtual/SXSwextract@1.0.0.0
    c:/Documents and Settings/dmc73144/Local Settings/TempIXP000.TMP

    Files (Added) - ICC Results

    PathFile Name
    c:/Documents and Settings/dmc73144/Local Settings/Application Data/Xenocode/Sandbox/NEW DESIGN/2.0.1.1/2011.07.21T21.49/Native/STUBEXE/@PROFILE@/Local Settings/Temp/IXP000.TMPserver.exe
    c:/Documents and Settings/dmc73144/Local Settings/Application Data/Xenocode/Sandbox/NEW DESIGN/2.0.1.1/2011.07.21T21.49/Virtual/STUBEXE/@SYSTEM@Newfile.exe
    c:/Documents and Settings/dmc73144/Local Settings/Application Data/Xenocode/Sandbox/NEW DESIGN/2.0.1.1/2011.07.21T21.49/Virtual/SXS/Manifestsnewfile.EXE_0x44fadbf5dbc1d112b60b1daed36dce63.1.manifest
    c:/Documents and Settings/dmc73144/Local Settings/Application Data/Xenocode/Sandbox/NEW DESIGN/2.0.1.1/2011.07.21T21.49/Virtual/SXS/wextract@1.0.0.0wextract.manifest
    c:/Documents and Settings/dmc73144/Local Settings/Application Data/Xenocode/Sandbox/NEW DESIGN/2.0.1.1/2011.07.21T21.49/Virtual/SXS/wextract@1.0.0.0wextract@1.0.0.0.manifest
    c:/Documents and Settings/dmc73144/Local Settings/Temp/IXP000.TMPerror.exe
    c:/Documents and Settings/dmc73144/Local Settings/Temp/IXP000.TMPserver.exe
    c:/WINDOWS/PrefetchERROR.EXE-018B5F67.pf
    c:/WINDOWS/PrefetchNEWFILE.EXE-34DD2F82.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/PrefetchSERVER.EXE-355DDC44.pf
    c:netstat_post.txt
    c:taskv_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/Program Files/OpenSSH/binsh.exe
    modifiedc:/Program Files/OpenSSH/binswitch.exe
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/SoftwareDistribution/DataStore/Logsedb.chk
    modifiedc:/WINDOWS/system32/configdefault.LOG
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32netstat.exe
    modifiedc:/WINDOWS/system32tasklist.exe
    modifiedc:/WINDOWS/system32userinit.exe
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeedCB 07 DD CC 2E 15 07 49 67 16 16 5A AC 77 9E 88 84 22 93 9B 9B 2F E6 1D 38 59 36 54 83 8C E7 1B 85 E5 2F 60 5B 15 28 1B 34 F2 50 B9 F0 E6 72 2C 8B 61 A1 07 32 C
    modifiedHKLM/SYSTEM/ControlSet001/Services/SharedAccess/EpochEpoch0x00000104 0x00000105
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/EpochEpoch0x00000104 0x00000105
    modifiedHKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersCookiesC:Documents and SettingsDefault UserCookies "C
    modifiedHKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersCacheC:Documents and SettingsDefault UserLocal SettingsTemporary Internet Files "C
    modifiedHKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersHistoryC:Documents and SettingsDefault UserLocal SettingsHistory "C
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000003
    modifiedHKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersCookiesC:Documents and SettingsDefault UserCookies "C
    modifiedHKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersCacheC:Documents and SettingsDefault UserLocal SettingsTemporary Internet Files "C
    modifiedHKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersHistoryC:Documents and SettingsDefault UserLocal SettingsHistory "C

    DNS Results

    DNSDNS Response
    ilo.brenz.plStandard query response A 83.133.119.197

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    6768048544810
    17305250

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    655206768048544810
    190017305250

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    11:57:042011-07-24610.10.10.783.133.119.197-> e 2386552015962
    11:57:092011-07-24610.10.10.783.133.119.197-> e 2386552010600
    11:57:142011-07-24610.10.10.783.133.119.197-> e 238655206360
    11:57:452011-07-24610.10.10.783.133.119.197-> e 42465520161022
    11:57:502011-07-24610.10.10.783.133.119.197-> e 4246552010600
    11:57:552011-07-24610.10.10.783.133.119.197-> e 424655205300
    11:58:262011-07-24610.10.10.783.133.119.197-> e 9165520171076
    11:58:312011-07-24610.10.10.783.133.119.197-> e 916552011660
    11:58:362011-07-24610.10.10.783.133.119.197-> e 91655205300
    11:59:072011-07-24610.10.10.783.133.119.197-> e 3826552015962
    11:59:122011-07-24610.10.10.783.133.119.197-> e 3826552010600
    11:59:172011-07-24610.10.10.783.133.119.197-> e 382655206360
    11:59:482011-07-24610.10.10.783.133.119.197-> e 4965520161022
    11:59:532011-07-24610.10.10.783.133.119.197-> e d 49655208480
    11:59:592011-07-24610.10.10.783.133.119.197-> e d 49655203180
    12:00:092011-07-24610.10.10.783.133.119.197-> e d 4965520160
    12:00:232011-07-24610.10.10.783.133.119.197-> e d 4965520160
    12:00:502011-07-24610.10.10.783.133.119.197-> e d 4965520160
    11:55:002011-07-241710.10.10.7239.255.255.250-> e 362519001175
    12:01:292011-07-241710.10.10.7239.255.255.250-> e 819002350

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location