Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =aace14d4c38b07dc8827129ab2b0c23f

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    aace14d4c38b07dc8827129ab2b0c23fc8f94b6b2f7a1041935b96de830c3da5cf285c12d76fd3c508c209722975f0be0a1ca081b63b573015cfda23ae20f28027205ba83072:VS8vGITBqvXFicGJ+40u32F1TsrUJLiB4KdvDO3LcKpXhnabtqP7fSOVrd0JourN:kZvX/GOUrm280576

    File Results

    File Name
    AdobeFlashPlayer.exe

    SNORT Results

    Snort ClassSnort AlertCount
    access to a potentially vulnerable web applicationWEB-MISC net attempt2
    A Network Trojan was detectedET TROJAN Banker.OT Checkin1
    A Network Trojan was detectedET TROJAN Banker.OT Checkin (2 packet)1

    AV Results

    AV AlertAV Vendor
    Trojan.GenSymantec
    PWS-Banker!gkuMcAfee
    Trojan-Downloader.Win32.Agent.dnctKaspersky
    Suspicious.InsightSymantec
    N/AMcAfee
    N/AKaspersky

    Folders (Added) - ICC Results

    PathFolder Name
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE587IMY4XV
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5ITB2CJ0C
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5WO4JPI86

    Files (Added) - ICC Results

    PathFile Name
    c:/Documents and Settings/All Users/Start Menu/Programs/Startupctfmonx.exe
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/87IMY4XVdesktop.ini
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0Cdesktop.ini
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/WO4JPI86desktop.ini
    c:/Program FilesPKSDTbrp.ini
    c:/WINDOWS/PrefetchNTVDM.EXE-1A10A423.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/system32Acessados.txt
    c:/WINDOWS/system32ctfmonx.exe
    c:/WINDOWS/system32OnLine.txt
    c:/WINDOWSAdobeReader.exe
    c:/WINDOWSibguardrw.exe
    c:netstat_post.txt
    c:taskv_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING1.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed8F 96 BE 7A 3E 57 4C 91 29 19 19 30 C9 4A 46 1F 11 9A C7 26 39 27 02 41 42 EC 0B 00 E7 3F D7 6F 62 3E 0F E1 C3 8A 2F 3A A1 60 75 0D AC 85 77 B4 C6 58 0F 6B 01 7
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0

    DNS Results

    DNSDNS Response
    22bin.com.plStandard query response A 195.88.51.11
    safety.corna.comStandard query response A 74.4.26.138
    www.globalmapperforum.comStandard query response CNAME globalmapperforum.com A 174.132.158.8
    lekpharm.comStandard query response A 85.17.53.150

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    195.88.51.1122bin.com.pl/plugins/system/k.exesandnet.exe0x06
    74.4.26.138safety.corna.com/cz/tu.jpgsandnet.exe0x06
    174.132.158.8www.globalmapperforum.com//components/index.phpMozilla/3.0 (compatible; Indy Library)0x06
    85.17.53.150lekpharm.com/plugins/system/smart.txtMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)0x06
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    63002453025132565
    17305250

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    8063002453025132565
    190017305250

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    19:23:112010-05-02610.10.10.7195.88.51.11-> e 52809894
    19:23:122010-05-02610.10.10.774.4.26.138-> e 63809887
    19:23:132010-05-02610.10.10.7174.132.158.8-> e 6480111863
    19:23:172010-05-02610.10.10.785.17.53.150-> e 668091011
    19:23:212010-05-02610.10.10.785.17.53.150-> e 338091011
    19:23:252010-05-02610.10.10.785.17.53.150-> e 678091011
    19:23:292010-05-02610.10.10.785.17.53.150-> e 1348091011
    19:23:332010-05-02610.10.10.785.17.53.150-> e 1358091011
    19:23:372010-05-02610.10.10.785.17.53.150-> e 4158091011
    19:23:412010-05-02610.10.10.785.17.53.150-> e 4168091011
    19:23:462010-05-02610.10.10.785.17.53.150-> e 2668091011
    19:23:502010-05-02610.10.10.785.17.53.150-> e 4778091011
    19:23:542010-05-02610.10.10.785.17.53.150-> e 2018091011
    19:23:582010-05-02610.10.10.785.17.53.150-> e 4788091011
    19:24:022010-05-02610.10.10.785.17.53.150-> e 3878091011
    19:24:062010-05-02610.10.10.785.17.53.150-> e 2108091011
    19:24:112010-05-02610.10.10.785.17.53.150-> e 4438091011
    19:24:152010-05-02610.10.10.785.17.53.150-> e 4838091011
    19:24:192010-05-02610.10.10.785.17.53.150-> e 4448091011
    19:24:232010-05-02610.10.10.785.17.53.150-> e 4848091011
    19:24:272010-05-02610.10.10.785.17.53.150-> e 4458091011
    19:24:312010-05-02610.10.10.785.17.53.150-> e 4948091011
    19:24:352010-05-02610.10.10.785.17.53.150-> e 4478091011
    19:24:392010-05-02610.10.10.785.17.53.150-> e 3218091011
    19:24:442010-05-02610.10.10.785.17.53.150-> e 4488091011
    19:24:482010-05-02610.10.10.785.17.53.150-> e 4958091011
    19:24:522010-05-02610.10.10.785.17.53.150-> e 4498091011
    19:24:562010-05-02610.10.10.785.17.53.150-> e 2258091011
    19:25:002010-05-02610.10.10.785.17.53.150-> e 2268091011
    19:25:042010-05-02610.10.10.785.17.53.150-> e 2278091011
    19:25:082010-05-02610.10.10.785.17.53.150-> e 4398091011
    19:25:122010-05-02610.10.10.785.17.53.150-> e 1598091011
    19:25:162010-05-02610.10.10.785.17.53.150-> e 4518091011
    19:25:212010-05-02610.10.10.785.17.53.150-> e 5038091011
    19:25:252010-05-02610.10.10.785.17.53.150-> e 5138091011
    19:25:322010-05-02610.10.10.785.17.53.150-> e 5148091011
    19:25:362010-05-02610.10.10.785.17.53.150-> e 218091011
    19:25:402010-05-02610.10.10.785.17.53.150-> e 3798091011
    19:25:442010-05-02610.10.10.785.17.53.150-> e 1908091011
    19:25:482010-05-02610.10.10.785.17.53.150-> e 5398091011
    19:25:522010-05-02610.10.10.785.17.53.150-> e 498091011
    19:25:562010-05-02610.10.10.785.17.53.150-> e 238091011
    19:26:012010-05-02610.10.10.785.17.53.150-> e 78091011
    19:26:052010-05-02610.10.10.785.17.53.150-> e 2218091011
    19:26:092010-05-02610.10.10.785.17.53.150-> e 4118091011
    19:26:132010-05-02610.10.10.785.17.53.150-> e 2618091011
    19:26:172010-05-02610.10.10.785.17.53.150-> e 248091011
    19:26:212010-05-02610.10.10.785.17.53.150-> e 1038091011
    19:26:252010-05-02610.10.10.785.17.53.150-> e 4668091011
    19:26:292010-05-02610.10.10.785.17.53.150-> e 2948091011
    19:26:332010-05-02610.10.10.785.17.53.150-> e 2318091011
    19:26:372010-05-02610.10.10.785.17.53.150-> e 2328091011
    19:26:412010-05-02610.10.10.785.17.53.150-> e 6658091011
    19:26:452010-05-02610.10.10.785.17.53.150-> e 6668091011
    19:26:492010-05-02610.10.10.785.17.53.150-> e 6678091011
    19:26:532010-05-02610.10.10.785.17.53.150-> e 2978091011
    19:26:582010-05-02610.10.10.785.17.53.150-> e 2988091011
    19:27:022010-05-02610.10.10.785.17.53.150-> e 2998091011
    19:27:062010-05-02610.10.10.785.17.53.150-> e 3008091011
    19:27:102010-05-02610.10.10.785.17.53.150-> e d 3018071164
    19:27:202010-05-02610.10.10.785.17.53.150-> e 301801333
    19:27:322010-05-02610.10.10.785.17.53.150-> e 301801333
    19:27:562010-05-02610.10.10.785.17.53.150-> e 301801333
    19:28:442010-05-02610.10.10.785.17.53.150-> e 301802393
    19:28:432010-05-021710.10.10.7239.255.255.250-> e 819002350
    19:28:492010-05-021710.10.10.7239.255.255.250-> e 819001175

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location