Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =aacdc783b5681ce6d269e086e70d85de

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    aacdc783b5681ce6d269e086e70d85dede90d290a91c5b8fcc6cf90628d52ec6cd648f53e71b27edfd371f056739e64615784047960d31c0ec9c5cba2f4ac15fe35d76dd12288:5yVaekvacnivjzx5iuS/Woh5utDb/kCH3qu0B1WUakdrVAaS3:Y+bibbiuS5hwxDzWXNa4r+aS584324

    File Results

    File Name
    xxx%5Fvideo%5F836674.avi.exe
    xxx%5Fvideo%5F683.avi.exe
    www.mjsn.org.exe
    statistics.php.exe
    l.php.exe
    index.php.exe
    in.cgi%3F2.exe
    hcp.php.exe
    exe.exe
    counter.php.exe
    amor.exe

    SNORT Results

    Snort ClassSnort AlertCount
    N/ANo snort alerts generated0

    AV Results

    AV AlertAV Vendor

    Folders (Added) - ICC Results

    PathFolder Name

    Files (Added) - ICC Results

    PathFile Name
    c:/DELL/VIDEO/OUTPUTnetstat_base.txt
    c:/DELL/VIDEO/OUTPUTnetstat_post.txt
    c:/DELL/VIDEO/OUTPUTtasksvc_base.txt
    c:/DELL/VIDEO/OUTPUTtasksvc_post.txt
    c:/DELL/VIDEO/OUTPUTtaskv_base.txt
    c:/DELL/VIDEO/OUTPUTtaskv_post.txt
    c:/Documents and Settings/dmc73144/Local Settings/Tempphp1.tmp
    c:/Documents and Settings/dmc73144/Local Settings/Tempphp2.tmp
    c:/Documents and Settings/dmc73144/Local Settings/Tempphp3.tmp
    c:/WINDOWS/Prefetch7Z.EXE-1A62CD19.pf
    c:/WINDOWS/PrefetchNETSH.EXE-085CFFDE.pf
    c:/WINDOWS/PrefetchREG.EXE-0D2A95F7.pf
    c:/WINDOWS/PrefetchSVCHOTS.EXE-20933DD1.pf
    c:/DELL/VIDEO/OUTPUTnetstat_base.txt
    c:/DELL/VIDEO/OUTPUTnetstat_post.txt
    c:/DELL/VIDEO/OUTPUTtasksvc_base.txt
    c:/DELL/VIDEO/OUTPUTtasksvc_post.txt
    c:/DELL/VIDEO/OUTPUTtaskv_base.txt
    c:/DELL/VIDEO/OUTPUTtaskv_post.txt
    c:/Documents and Settings/dmc73144/Local Settings/Tempphp1.tmp
    c:/Documents and Settings/dmc73144/Local Settings/Tempphp2.tmp
    c:/Documents and Settings/dmc73144/Local Settings/Tempphp3.tmp
    c:/WINDOWS/Prefetch7Z.EXE-1A62CD19.pf
    c:/WINDOWS/PrefetchCYGRUNSRV.EXE-01BF82AE.pf
    c:/WINDOWS/PrefetchNETSH.EXE-085CFFDE.pf
    c:/WINDOWS/PrefetchREG.EXE-0D2A95F7.pf
    c:/WINDOWS/PrefetchSVCHOTS.EXE-20933DD1.pf
    c:/DELL/VIDEO/OUTPUTnetstat_base.txt
    c:/DELL/VIDEO/OUTPUTnetstat_post.txt
    c:/DELL/VIDEO/OUTPUTtasksvc_base.txt
    c:/DELL/VIDEO/OUTPUTtasksvc_post.txt
    c:/DELL/VIDEO/OUTPUTtaskv_base.txt
    c:/DELL/VIDEO/OUTPUTtaskv_post.txt
    c:/Documents and Settings/dmc73144/Local Settings/Tempphp1.tmp
    c:/Documents and Settings/dmc73144/Local Settings/Tempphp2.tmp
    c:/Documents and Settings/dmc73144/Local Settings/Tempphp3.tmp
    c:/WINDOWS/Prefetch7Z.EXE-1A62CD19.pf
    c:/WINDOWS/PrefetchNETSH.EXE-085CFFDE.pf
    c:/WINDOWS/PrefetchREG.EXE-0D2A95F7.pf
    c:/WINDOWS/PrefetchSVCHOTS.EXE-20933DD1.pf
    c:/Documents and Settings/dmc73144/Local Settings/Tempphp1.tmp
    c:/Documents and Settings/dmc73144/Local Settings/Tempphp2.tmp
    c:/Documents and Settings/dmc73144/Local Settings/Tempphp3.tmp
    c:/WINDOWS/PrefetchNET.EXE-01A53C2F.pf
    c:/WINDOWS/PrefetchNET1.EXE-029B9DB4.pf
    c:/WINDOWS/PrefetchNETSH.EXE-085CFFDE.pf
    c:/WINDOWS/PrefetchREG.EXE-0D2A95F7.pf
    c:/WINDOWS/PrefetchSVCHOTS.EXE-20933DD1.pf
    c:/WINDOWS/PrefetchWSCRIPT.EXE-32960AB9.pf
    c:netstat_post.txt
    c:taskv_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/PrefetchWMIPRVSE.EXE-28F301A9.pf
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswbemess.log
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchNET.EXE-01A53C2F.pf
    modifiedc:/WINDOWS/PrefetchNET1.EXE-029B9DB4.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/PrefetchWMIPRVSE.EXE-28F301A9.pf
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswbemess.log
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchNET.EXE-01A53C2F.pf
    modifiedc:/WINDOWS/PrefetchNET1.EXE-029B9DB4.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/PrefetchWMIPRVSE.EXE-28F301A9.pf
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswbemess.log
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING1.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed98 0D 56 B1 C2 97 75 EE 62 1F B6 71 C8 09 E5 2F B8 DC 1C 5D 4E 40 FF CA 46 7D 9A 63 F6 AB D7 6D 49 E2 D4 55 3A A3 F6 E6 78 43 9D CE 67 6D 46 87 7A 21 A5 B0 00 3
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed6E 6C D6 F4 54 E7 82 07 FF 78 4F 81 5F 07 4D C4 8C 97 A6 2D DF 85 75 A7 41 5C 9A C6 21 9C 42 95 46 9C 9A 12 A7 EF 57 79 98 1A 66 C8 E0 90 FC 26 F0 0C A4 BE 04 5
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed55 5F D9 7A C9 02 34 7D 3A 9E 62 35 45 71 1D 05 CA C1 D7 3B 54 A6 96 4F 9D 18 0D BF 0D 21 42 1C BF 87 E2 0A 24 01 80 3A 05 B0 97 AA A4 67 EE 87 6E 31 DD 85 B1 9
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeedED 03 53 B8 A0 81 22 21 1C AA AC FE 74 AE 9F 15 FB 90 1E F0 B7 95 2C 8C 2C C2 2F F6 74 8A 71 E0 0D 99 CD 24 27 A1 75 EC 4B 96 4B 22 6B 1A 87 F0 9D 0A 0E CD FA 2
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001

    DNS Results

    DNSDNS Response
    multiserviciosblackcat.co.ccStandard query response A 72.14.253.104
    multiserviciosblackcat.co.ccStandard query response A 209.51.159.34

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    17203500

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    190017203500

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    17:17:152010-08-171710.10.10.7239.255.255.250-> e 819002350
    22:40:482010-08-171710.10.10.7239.255.255.250-> e 819002350
    09:36:572010-08-181710.10.10.7239.255.255.250-> e 819002350
    03:11:172010-08-191710.10.10.7239.255.255.250-> e 819002350

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location