File MD5Sum | SHA1SUM | SHA256SUM | FUZZY HASH | File Size |
---|---|---|---|---|
aace14d4c38b07dc8827129ab2b0c23f | c8f94b6b2f7a1041935b96de830c3da5cf285c12 | d76fd3c508c209722975f0be0a1ca081b63b573015cfda23ae20f28027205ba8 | 3072:VS8vGITBqvXFicGJ+40u32F1TsrUJLiB4KdvDO3LcKpXhnabtqP7fSOVrd0JourN:kZvX/GOUrm | 280576 |
File Name |
---|
AdobeFlashPlayer.exe |
Snort Class | Snort Alert | Count |
---|---|---|
access to a potentially vulnerable web application | WEB-MISC net attempt | 2 |
A Network Trojan was detected | ET TROJAN Banker.OT Checkin | 1 |
A Network Trojan was detected | ET TROJAN Banker.OT Checkin (2 packet) | 1 |
AV Alert | AV Vendor |
---|---|
Trojan.Gen | Symantec |
PWS-Banker!gku | McAfee |
Trojan-Downloader.Win32.Agent.dnct | Kaspersky |
Suspicious.Insight | Symantec |
N/A | McAfee |
N/A | Kaspersky |
Action | Path | File Name |
---|
Action | Path |
---|
Action | Path | Val_Name | Val_Data |
---|
Action | Path | Val_Name | Val_Type | Mod_Val_Type | Val_Data | Mod_Val_Data |
---|
Action | Path | Val_Name | Val_Data | Mod_Val_Data |
---|---|---|---|---|
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | 8F 96 BE 7A 3E 57 4C 91 29 19 19 30 C9 4A 46 1F 11 9A C7 26 39 27 02 41 42 EC 0B | 00 E7 3F D7 6F 62 3E 0F E1 C3 8A 2F 3A A1 60 75 0D AC 85 77 B4 C6 58 0F 6B 01 7 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections | SavedLegacySettings | 3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 | 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0 |
DNS | DNS Response |
---|---|
22bin.com.pl | Standard query response A 195.88.51.11 |
safety.corna.com | Standard query response A 74.4.26.138 |
www.globalmapperforum.com | Standard query response CNAME globalmapperforum.com A 174.132.158.8 |
lekpharm.com | Standard query response A 85.17.53.150 |
PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|
6 | 300 | 245 | 30251 | 32565 |
17 | 3 | 0 | 525 | 0 |
DPORT | PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|---|
80 | 6 | 300 | 245 | 30251 | 32565 |
1900 | 17 | 3 | 0 | 525 | 0 |
Time | Date | Protocol | SrcIP | DstIP | Dir | Flags | Sport | Dport | Pkts | Bytes |
---|---|---|---|---|---|---|---|---|---|---|
19:23:11 | 2010-05-02 | 6 | 10.10.10.7 | 195.88.51.11 | -> | e | 52 | 80 | 9 | 894 |
19:23:12 | 2010-05-02 | 6 | 10.10.10.7 | 74.4.26.138 | -> | e | 63 | 80 | 9 | 887 |
19:23:13 | 2010-05-02 | 6 | 10.10.10.7 | 174.132.158.8 | -> | e | 64 | 80 | 11 | 1863 |
19:23:17 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 66 | 80 | 9 | 1011 |
19:23:21 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 33 | 80 | 9 | 1011 |
19:23:25 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 67 | 80 | 9 | 1011 |
19:23:29 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 134 | 80 | 9 | 1011 |
19:23:33 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 135 | 80 | 9 | 1011 |
19:23:37 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 415 | 80 | 9 | 1011 |
19:23:41 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 416 | 80 | 9 | 1011 |
19:23:46 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 266 | 80 | 9 | 1011 |
19:23:50 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 477 | 80 | 9 | 1011 |
19:23:54 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 201 | 80 | 9 | 1011 |
19:23:58 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 478 | 80 | 9 | 1011 |
19:24:02 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 387 | 80 | 9 | 1011 |
19:24:06 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 210 | 80 | 9 | 1011 |
19:24:11 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 443 | 80 | 9 | 1011 |
19:24:15 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 483 | 80 | 9 | 1011 |
19:24:19 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 444 | 80 | 9 | 1011 |
19:24:23 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 484 | 80 | 9 | 1011 |
19:24:27 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 445 | 80 | 9 | 1011 |
19:24:31 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 494 | 80 | 9 | 1011 |
19:24:35 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 447 | 80 | 9 | 1011 |
19:24:39 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 321 | 80 | 9 | 1011 |
19:24:44 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 448 | 80 | 9 | 1011 |
19:24:48 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 495 | 80 | 9 | 1011 |
19:24:52 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 449 | 80 | 9 | 1011 |
19:24:56 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 225 | 80 | 9 | 1011 |
19:25:00 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 226 | 80 | 9 | 1011 |
19:25:04 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 227 | 80 | 9 | 1011 |
19:25:08 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 439 | 80 | 9 | 1011 |
19:25:12 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 159 | 80 | 9 | 1011 |
19:25:16 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 451 | 80 | 9 | 1011 |
19:25:21 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 503 | 80 | 9 | 1011 |
19:25:25 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 513 | 80 | 9 | 1011 |
19:25:32 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 514 | 80 | 9 | 1011 |
19:25:36 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 21 | 80 | 9 | 1011 |
19:25:40 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 379 | 80 | 9 | 1011 |
19:25:44 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 190 | 80 | 9 | 1011 |
19:25:48 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 539 | 80 | 9 | 1011 |
19:25:52 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 49 | 80 | 9 | 1011 |
19:25:56 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 23 | 80 | 9 | 1011 |
19:26:01 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 7 | 80 | 9 | 1011 |
19:26:05 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 221 | 80 | 9 | 1011 |
19:26:09 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 411 | 80 | 9 | 1011 |
19:26:13 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 261 | 80 | 9 | 1011 |
19:26:17 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 24 | 80 | 9 | 1011 |
19:26:21 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 103 | 80 | 9 | 1011 |
19:26:25 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 466 | 80 | 9 | 1011 |
19:26:29 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 294 | 80 | 9 | 1011 |
19:26:33 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 231 | 80 | 9 | 1011 |
19:26:37 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 232 | 80 | 9 | 1011 |
19:26:41 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 665 | 80 | 9 | 1011 |
19:26:45 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 666 | 80 | 9 | 1011 |
19:26:49 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 667 | 80 | 9 | 1011 |
19:26:53 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 297 | 80 | 9 | 1011 |
19:26:58 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 298 | 80 | 9 | 1011 |
19:27:02 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 299 | 80 | 9 | 1011 |
19:27:06 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 300 | 80 | 9 | 1011 |
19:27:10 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e d | 301 | 80 | 7 | 1164 |
19:27:20 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 301 | 80 | 1 | 333 |
19:27:32 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 301 | 80 | 1 | 333 |
19:27:56 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 301 | 80 | 1 | 333 |
19:28:44 | 2010-05-02 | 6 | 10.10.10.7 | 85.17.53.150 | -> | e | 301 | 80 | 2 | 393 |
19:28:43 | 2010-05-02 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 2 | 350 |
19:28:49 | 2010-05-02 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 1 | 175 |
Packer Name |
---|
Honey Trap Log File Location |
---|
PTFB Log File Location |
---|