Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =a561358bd48572bec97042a3326731be

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    a561358bd48572bec97042a3326731befc0837b38e1040a3e01b04dc108ece7f4cc4997ad9a62a25b5fb2c952309169795ff981670a03e1a34321e617e1258d848b87a9f6144:EcWMJJhqryYP/daqlzAFV9X3J5+qNBEA0HAcjdQ5YQFXCdwvZh:EczJJhqrVPldApX55+qzEBA7281268

    File Results

    File Name
    targetmarketgroupllc.exe

    SNORT Results

    Snort ClassSnort AlertCount
    N/ANo snort alerts generated0

    AV Results

    AV AlertAV Vendor
    N/ASymantec
    Artemis!212F78522E8EMcAfee
    Trojan.Win32.FakeTest.gKaspersky
    GenericMcAfee
    Artemis!1A36A985830CMcAfee
    Trojan-Downloader.Win32.CodecPack.ancwKaspersky
    FakesurveySymantec

    Folders (Added) - ICC Results

    PathFolder Name
    c:/Documents and Settings/dmc73144test
    c:/Documents and Settings/dmc73144test

    Files (Added) - ICC Results

    PathFile Name
    c:/DELL/VIDEO/OUTPUTnetstat_base.txt
    c:/DELL/VIDEO/OUTPUTnetstat_post.txt
    c:/DELL/VIDEO/OUTPUTtasksvc_base.txt
    c:/DELL/VIDEO/OUTPUTtasksvc_post.txt
    c:/DELL/VIDEO/OUTPUTtaskv_base.txt
    c:/DELL/VIDEO/OUTPUTtaskv_post.txt
    c:/Documents and Settings/dmc73144/Desktoptest2.exe.lnk
    c:/Documents and Settings/dmc73144/testtest.ini
    c:/Documents and Settings/dmc73144/testtest2.exe
    c:/WINDOWS/Prefetch7Z.EXE-1A62CD19.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/PrefetchTEST2.EXE-30015B16.pf
    c:/DELL/VIDEO/OUTPUTnetstat_base.txt
    c:/DELL/VIDEO/OUTPUTnetstat_post.txt
    c:/DELL/VIDEO/OUTPUTtasksvc_base.txt
    c:/DELL/VIDEO/OUTPUTtasksvc_post.txt
    c:/DELL/VIDEO/OUTPUTtaskv_base.txt
    c:/DELL/VIDEO/OUTPUTtaskv_post.txt
    c:/Documents and Settings/dmc73144/Desktoptest2.exe.lnk
    c:/Documents and Settings/dmc73144/testtest.ini
    c:/Documents and Settings/dmc73144/testtest2.exe
    c:/WINDOWS/Prefetch7Z.EXE-1A62CD19.pf
    c:/WINDOWS/PrefetchNET.EXE-01A53C2F.pf
    c:/WINDOWS/PrefetchNET1.EXE-029B9DB4.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/PrefetchTEST2.EXE-30015B16.pf
    c:/WINDOWS/Prefetch7Z.EXE-1A62CD19.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:netstat_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/PrefetchWMIPRVSE.EXE-28F301A9.pf
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswbemess.log
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING1.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/PrefetchWMIPRVSE.EXE-28F301A9.pf
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswbemess.log
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING1.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/PrefetchWMIPRVSE.EXE-28F301A9.pf
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed08 65 E2 95 19 47 1B 91 A2 02 3E B8 E0 66 C4 80 A0 95 6F 0D 91 0B D5 2B EF 84 6A 20 8F F4 85 E3 90 86 3B BC 72 2A 22 27 B0 CA 73 4C DE 4D D2 CD 17 84 25 34 6A 5
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeedC3 08 B6 5B 7B C0 3B C5 0E A7 38 9A 9B 39 7B C4 91 6D 28 A7 48 6F A8 3C 27 DE 31 C2 65 E0 12 49 2E D4 99 33 BC 13 F8 05 45 F0 0C AE DE 38 73 7F 0E 3E 42 DA A8 E
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeedFD D1 C0 DD C8 0A BB 8E 3B 18 19 50 A4 5F D2 CB 7B D7 C5 2D 95 EA 45 9C 9E 35 E5 D8 96 A8 C4 43 6B 0B 59 FF 0B 7A 10 6E 67 9F 2F E3 3B E7 04 E5 68 57 65 6C 52 E
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001

    DNS Results

    DNSDNS Response

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    17101750

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    190017101750

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    01:15:152011-03-241710.10.10.7239.255.255.250-> e 400219001175

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location