Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =a809e0d86320e5dfe61e522ee7e83598

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    a809e0d86320e5dfe61e522ee7e83598f29f98c3bad266ea93125dca0f3d936709633b7960d958074ec62d13e82dc242c1538b662b7a45da0e3455f219931c9dc11770106144:g27gCbTehEqclWYaci7TJxzdGazSDKTsmReZGVlSl55jA5PaZ8OTKbV:g27/bTehEqclr85imIZ276448

    File Results

    File Name
    Photo%2D5876.exe

    SNORT Results

    Snort ClassSnort AlertCount
    N/ANo snort alerts generated0

    AV Results

    AV AlertAV Vendor
    N/ASymantec
    N/AMcAfee
    N/AKaspersky

    Folders (Added) - ICC Results

    PathFolder Name
    c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5MSHist012011100520111006

    Files (Added) - ICC Results

    PathFile Name
    c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5/MSHist012011100520111006index.dat
    c:/Documents and Settings/dmc73144/Recent0000q0hb.jpg.lnk
    c:/Documents and Settings/dmc73144/Recentdmc73144.lnk
    c:/Documents and Settings/dmc731440000q0hb.jpg
    c:/WINDOWS/PrefetchAUTOIT3.EXE-32361418.pf
    c:/WINDOWS/PrefetchCHCP.COM-18156052.pf
    c:/WINDOWS/PrefetchREGSHOT.EXE-010A5EE6.pf
    c:/WINDOWS/PrefetchRNM.EXE-04823DAF.pf
    c:/WINDOWS/PrefetchRUNDLL32.EXE-369A6B7A.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/PrefetchTASKKILL.EXE-0A8306E3.pf
    c:/WINDOWS/SoftwareDistribution/DataStore/Logstmp.edb
    c:/WINDOWS/system32/drivers/etchlsts

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchATTRIB.EXE-39EAFB02.pf
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchDIEP.EXE-0B3E1DC8.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchWMIPRVSE.EXE-28F301A9.pf
    modifiedc:/WINDOWS/PrefetchWUAUCLT.EXE-399A8E72.pf
    modifiedc:/WINDOWS/SoftwareDistribution/DataStoreDataStore.edb
    modifiedc:/WINDOWS/SoftwareDistribution/DataStore/Logsedb.chk
    modifiedc:/WINDOWS/SoftwareDistribution/DataStore/Logsedb.log
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWSWindowsUpdate.log

    Registry Keys (Added) - ICC Results

    ActionPath
    addedHKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/WindowsUpdate/Reporting/RebootWatch
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/.jpg
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/Cache/Extensible Cache/MSHist012011100520111006
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/WinRAR SFX

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs930 00 30 00 30 00 30 00 71 00 30 00 68 00 62 00 2E 00 6A 00 70 00 67 00 00 00 58
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs1064 00 6D 00 63 00 37 00 33 00 31 00 34 00 34 00 00 00 4C 00 32 00 00 00 00 00 00
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/Folder464 00 6D 00 63 00 37 00 33 00 31 00 34 00 34 00 00 00 4C 00 32 00 00 00 00 00 00
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/.jpg030 00 30 00 30 00 30 00 71 00 30 00 68 00 62 00 2E 00 6A 00 70 00 67 00 00 00 58
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/.jpgMRUListEx00 00 00 00 FF FF FF FF
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/Cache/Extensible Cache/MSHist012011100520111006CachePath"%USERPROFILE%Local SettingsHistoryHistory.IE5MSHist012011100520111006"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/Cache/Extensible Cache/MSHist012011100520111006CachePrefix ":2011100520111006: "
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/Cache/Extensible Cache/MSHist012011100520111006CacheLimit0x00002000
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/Cache/Extensible Cache/MSHist012011100520111006CacheOptions0x0000000B
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/5.0/Cache/Extensible Cache/MSHist012011100520111006CacheRepair0x00000000
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICacheC://Documents and Settings//dmc73144//rnm.exe "rnm"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/WinRAR SFXC%%Documents and Settings%dmc73144 "C:/Documents and Settings/dmc73144"

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeedEA 9C B7 7E 03 1A 85 47 7D 09 C6 78 09 D1 C5 A4 A6 8A 43 11 26 EE 5A 22 15 12 F3A6 06 77 7E C6 9F 3A 47 12 F4 75 88 D6 D6 45 6D B2 15 32 7C 39 C3 18 A6 64 BD 41
    modifiedHKLM/SYSTEM/ControlSet001/Services/Eventlog/Application/ESENTEventMessageFile"c"C:WINDOWSsystem32ESENT.dll"
    modifiedHKLM/SYSTEM/ControlSet001/Services/Eventlog/Application/ESENTCategoryMessageFile"c"C:WINDOWSsystem32ESENT.dll"
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/Eventlog/Application/ESENTEventMessageFile"c"C:WINDOWSsystem32ESENT.dll"
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/Eventlog/Application/ESENTCategoryMessageFile"c"C:WINDOWSsystem32ESENT.dll"
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocsMRUListEx03 00 00 00 02 00 00 00 00 00 00 00 08 00 00 00 07 00 00 00 06 00 00 00 05 00 000A 00 00 00 09 00 00 00 03 00 00 00 02 00 00 00 00 00 00 00 08 00 00 00 07 00 00
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/FolderMRUListEx01 00 00 00 03 00 00 00 02 00 00 00 00 00 00 00 FF FF FF FF04 00 00 00 01 00 00 00 03 00 00 00 02 00 00 00 00 00 00 00 FF FF FF FF

    DNS Results

    DNSDNS Response

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location