File MD5Sum | SHA1SUM | SHA256SUM | FUZZY HASH | File Size |
---|---|---|---|---|
9fcc081de0f2a75aa79ba31752b33fea | e4442cee0d22258354ab6da1eb9132c5ffa717d5 | df42068e6ed4c95393aacb0da1cc7629a836d60737c2820526c4a8e60886c62c | 12288:avkiy90NQWe1MwdLcVEA6avS1VFYGq6JDBGOsxo6JZAMSf:iyMQdA6JlYyJ9GO6g9 | 633619 |
File Name |
---|
security%2Dbaghdad.exe |
Snort Class | Snort Alert | Count |
---|---|---|
N/A | No snort alerts generated | 0 |
AV Alert | AV Vendor |
---|---|
Trojan.ADH | Symantec |
Artemis!9FCC081DE0F2 | McAfee |
Trojan.Win32.VBKrypt.elss | Kaspersky |
Action | Path | File Name |
---|
Action | Path |
---|
Action | Path | Val_Name | Val_Data |
---|
Action | Path | Val_Name | Val_Type | Mod_Val_Type | Val_Data | Mod_Val_Data |
---|
Action | Path | Val_Name | Val_Data | Mod_Val_Data |
---|---|---|---|---|
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | CB 07 DD CC 2E 15 07 49 67 16 16 5A AC 77 9E 88 84 22 93 9B 9B 2F E6 1D 38 59 36 | 54 83 8C E7 1B 85 E5 2F 60 5B 15 28 1B 34 F2 50 B9 F0 E6 72 2C 8B 61 A1 07 32 C |
modified | HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch | Epoch | 0x00000104 | 0x00000105 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch | Epoch | 0x00000104 | 0x00000105 |
modified | HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell Folders | Cookies | C:Documents and SettingsDefault UserCookies | "C |
modified | HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell Folders | Cache | C:Documents and SettingsDefault UserLocal SettingsTemporary Internet Files | "C |
modified | HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell Folders | History | C:Documents and SettingsDefault UserLocal SettingsHistory | "C |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000003 |
modified | HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell Folders | Cookies | C:Documents and SettingsDefault UserCookies | "C |
modified | HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell Folders | Cache | C:Documents and SettingsDefault UserLocal SettingsTemporary Internet Files | "C |
modified | HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell Folders | History | C:Documents and SettingsDefault UserLocal SettingsHistory | "C |
DNS | DNS Response |
---|---|
ilo.brenz.pl | Standard query response A 83.133.119.197 |
DstIP | HTTP_HOST | HTTP_REQUEST_URI | HTTP_USER_AGENT | PROTOCOL |
---|---|---|---|---|
239.255.255.250 | 239.255.255.250:1900 | * | --blank-- | 0x11 |
PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|
6 | 76 | 80 | 4854 | 4810 |
17 | 3 | 0 | 525 | 0 |
DPORT | PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|---|
65520 | 6 | 76 | 80 | 4854 | 4810 |
1900 | 17 | 3 | 0 | 525 | 0 |
Time | Date | Protocol | SrcIP | DstIP | Dir | Flags | Sport | Dport | Pkts | Bytes |
---|---|---|---|---|---|---|---|---|---|---|
11:57:04 | 2011-07-24 | 6 | 10.10.10.7 | 83.133.119.197 | -> | e | 238 | 65520 | 15 | 962 |
11:57:09 | 2011-07-24 | 6 | 10.10.10.7 | 83.133.119.197 | -> | e | 238 | 65520 | 10 | 600 |
11:57:14 | 2011-07-24 | 6 | 10.10.10.7 | 83.133.119.197 | -> | e | 238 | 65520 | 6 | 360 |
11:57:45 | 2011-07-24 | 6 | 10.10.10.7 | 83.133.119.197 | -> | e | 424 | 65520 | 16 | 1022 |
11:57:50 | 2011-07-24 | 6 | 10.10.10.7 | 83.133.119.197 | -> | e | 424 | 65520 | 10 | 600 |
11:57:55 | 2011-07-24 | 6 | 10.10.10.7 | 83.133.119.197 | -> | e | 424 | 65520 | 5 | 300 |
11:58:26 | 2011-07-24 | 6 | 10.10.10.7 | 83.133.119.197 | -> | e | 91 | 65520 | 17 | 1076 |
11:58:31 | 2011-07-24 | 6 | 10.10.10.7 | 83.133.119.197 | -> | e | 91 | 65520 | 11 | 660 |
11:58:36 | 2011-07-24 | 6 | 10.10.10.7 | 83.133.119.197 | -> | e | 91 | 65520 | 5 | 300 |
11:59:07 | 2011-07-24 | 6 | 10.10.10.7 | 83.133.119.197 | -> | e | 382 | 65520 | 15 | 962 |
11:59:12 | 2011-07-24 | 6 | 10.10.10.7 | 83.133.119.197 | -> | e | 382 | 65520 | 10 | 600 |
11:59:17 | 2011-07-24 | 6 | 10.10.10.7 | 83.133.119.197 | -> | e | 382 | 65520 | 6 | 360 |
11:59:48 | 2011-07-24 | 6 | 10.10.10.7 | 83.133.119.197 | -> | e | 49 | 65520 | 16 | 1022 |
11:59:53 | 2011-07-24 | 6 | 10.10.10.7 | 83.133.119.197 | -> | e d | 49 | 65520 | 8 | 480 |
11:59:59 | 2011-07-24 | 6 | 10.10.10.7 | 83.133.119.197 | -> | e d | 49 | 65520 | 3 | 180 |
12:00:09 | 2011-07-24 | 6 | 10.10.10.7 | 83.133.119.197 | -> | e d | 49 | 65520 | 1 | 60 |
12:00:23 | 2011-07-24 | 6 | 10.10.10.7 | 83.133.119.197 | -> | e d | 49 | 65520 | 1 | 60 |
12:00:50 | 2011-07-24 | 6 | 10.10.10.7 | 83.133.119.197 | -> | e d | 49 | 65520 | 1 | 60 |
11:55:00 | 2011-07-24 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 3625 | 1900 | 1 | 175 |
12:01:29 | 2011-07-24 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 2 | 350 |
Packer Name |
---|
Honey Trap Log File Location |
---|
PTFB Log File Location |
---|