**** Malware_Report_-_Results ****
This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
MD5 =ad4b72edbcdcbd8838f1a6539fa8b833

**** Malware_Report_-_Results ****
 _____________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|File_MD5Sum_____________________|SHA1SUM_________________________________|SHA256SUM_______________________________________________________|FUZZY_HASH______________________________________________________________________|File_Size|
|ad4b72edbcdcbd8838f1a6539fa8b833|4aece1aed3232435e1cc9a5836313a03d272081b|13b4fa0287d66a75bdca2471e1153bbb75cfb47cde3caa295c48fd4280fd4e88|12288:wyT3F5HiGooxjUMQ7iyeBsxA5TR6BI6n/3bpXg1u2SvUvz8M1:ZJ4oxjUB7NeKxO96B1n/qBSv|688128___|
**** File_Results ****
 _______________
|File_Name______|
|logoinf.jpg.exe|
**** SNORT_Results ****
 __________________________________________________________________________
|Snort_Class__________________|Snort_Alert___________________________|Count|
|A_Network_Trojan_was_detected|ET_TROJAN_Banker.OT_Checkin___________|1____|
|A_Network_Trojan_was_detected|ET_TROJAN_Banker.OT_Checkin_(2_packet)|1____|
**** AV_Results ****
 __________________
|AV_Alert|AV_Vendor|
**** Folders_(Added)_-_ICC_Results ****
 __________________________________________________________________________________________________
|Path__________________________________________________________________________________|Folder_Name|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|87IMY4XV___|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|ITB2CJ0C___|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|MILJGV5B___|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|WO4JPI86___|
**** Files_(Added)_-_ICC_Results ****
 _______________________________________________________________________________________________________________________
|Path___________________________________________________________________________________________|File_Name______________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5/87IMY4XV|apx[1].htm_____________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5/87IMY4XV|desktop.ini____________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5/ITB2CJ0C|darknigh[1].htm________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5/ITB2CJ0C|desktop.ini____________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5/ITB2CJ0C|oracle[1].htm__________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5/MILJGV5B|desktop.ini____________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5/MILJGV5B|readme[1].htm__________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5/WO4JPI86|apache[1].htm__________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5/WO4JPI86|desktop.ini____________|
|c:/WINDOWS/Prefetch____________________________________________________________________________|NTVDM.EXE-1A10A423.pf__|
|c:/WINDOWS/Prefetch____________________________________________________________________________|SANDNET.EXE-2012C478.pf|
|c:/WINDOWS/system32____________________________________________________________________________|bios_setup91208.txt____|
|c:/WINDOWS/system32____________________________________________________________________________|shacrypt.exe___________|
|c:_____________________________________________________________________________________________|netstat_post.txt_______|
|c:_____________________________________________________________________________________________|taskv_post.txt_________|
**** Files_(Deleted)_-_ICC_Results ****
 _____________________
|Action|Path|File_Name|
**** Files_(Changed)_-_ICC_Results ****
 ________________________________________________________________________________________________________________________
|Action__|Path__________________________________________________________________________________|File_Name_______________|
|modified|c:/Documents_and_Settings/dmc73144/Cookies____________________________________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/History/History.IE5_________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144____________________________________________________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/config____________________________________________________________|software.LOG____________|
|modified|c:/WINDOWS/system32/drivers/etc_______________________________________________________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|OBJECTS.MAP_____________|
**** Registry_Keys_(Added)_-_ICC_Results ****
 ___________
|Action|Path|
**** Registry_Values_(Added)_-_ICC_Results ****
 _____________________________
|Action|Path|Val_Name|Val_Data|
**** Registry_Values_(Deleted)_-_ICC_Results ****
 ________________________________________________________________
|Action|Path|Val_Name|Val_Type|Mod_Val_Type|Val_Data|Mod_Val_Data|
**** Registry_Values_(Changed)_-_ICC_Results ****
 ______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action__|Path____________________________________________________________________________________________________________________|Val_Name___________|Val_Data________________________________________________________________________|Mod_Val_Data___________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG________________________________________________________________________________|Seed_______________|C9_5D_44_E7_19_6E_65_E6_C0_81_79_BD_D9_E5_61_70_8A_83_8A_08_B7_10_89_E3_19_F6_4B|A3_9B_0E_4A_77_92_15_4F_34_FE_1F_A9_03_68_C0_54_0E_57_3A_69_9E_37_95_36_3D_AD_D|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Connections|SavedLegacySettings|3C_00_00_00_15_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_00|3C_00_00_00_16_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_0|
**** DNS_Results ****
 ______________________________________________________________________________________________________
|DNS___________________________|DNS_Response___________________________________________________________|
|www.tropicalivefishecuador.com|Standard_query_response_CNAME_tropicalivefishecuador.com_A_69.16.208.58|
|prmifgfgd.dnsdojo.org_________|Standard_query_response_A_64.158.56.57_A_206.112.100.154_______________|
**** URL_Results ****
 _______________________________________________________________________________________________________________________________________________________
|DstIP__________|HTTP_HOST_____________________|HTTP_REQUEST_URI_______________________|HTTP_USER_AGENT________________________________________|PROTOCOL|
|69.16.208.58___|www.tropicalivefishecuador.com|/plugins/system/appss.php______________|Mozilla/3.0_(compatible;_Indy_Library)_________________|0x06____|
|64.158.56.57___|prmifgfgd.dnsdojo.org_________|/.../darknigh.exe______________________|Mozilla/4.0_(compatible;_MSIE_6.0;_Windows_NT_5.1;_SV1)|0x06____|
|203.135.164.79_|203.135.164.79________________|/images/manual/apx.txt_________________|Mozilla/4.0_(compatible;_MSIE_6.0;_Windows_NT_5.1;_SV1)|0x06____|
|211.227.233.242|211.227.233.242_______________|/images/apache.txt_____________________|Mozilla/4.0_(compatible;_MSIE_6.0;_Windows_NT_5.1;_SV1)|0x06____|
|222.66.209.98__|222.66.209.98_________________|/netanalyst/images/readme.txt__________|Mozilla/4.0_(compatible;_MSIE_6.0;_Windows_NT_5.1;_SV1)|0x06____|
|222.24.94.19___|222.24.94.19__________________|/default/index/images/manual/oracle.txt|Mozilla/4.0_(compatible;_MSIE_6.0;_Windows_NT_5.1;_SV1)|0x06____|
|239.255.255.250|239.255.255.250:1900__________|*______________________________________|--blank--______________________________________________|0x11____|
**** ARGUS_PROTOCOL_Results ****
 ______________________________________________
|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|6_______|90______|76______|7643_____|18503____|
|17______|2_______|0_______|350______|0________|
**** ARGUS_DPORT_Results ****
 ____________________________________________________
|DPORT|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|80___|6_______|90______|76______|7643_____|18503____|
|1900_|17______|2_______|0_______|350______|0________|
**** ARGUS_DATA_Results ****
 ________________________________________________________________________________________
|Time____|Date______|Protocol|SrcIP_____|DstIP__________|Dir|Flags|Sport|Dport|Pkts|Bytes|
|03:21:01|2011-03-09|6_______|10.10.10.7|69.16.208.58___|->_|e____|122__|80___|11__|1385_|
|03:21:03|2011-03-09|6_______|10.10.10.7|64.158.56.57___|->_|e____|31___|80___|9___|1012_|
|03:21:04|2011-03-09|6_______|10.10.10.7|203.135.164.79_|->_|e____|32___|80___|14__|2402_|
|03:21:09|2011-03-09|6_______|10.10.10.7|203.135.164.79_|->_|e____|32___|80___|6___|906__|
|03:21:12|2011-03-09|6_______|10.10.10.7|203.135.164.79_|->_|e____|62___|80___|13__|2069_|
|03:21:17|2011-03-09|6_______|10.10.10.7|203.135.164.79_|->_|e____|62___|80___|8___|1572_|
|03:21:20|2011-03-09|6_______|10.10.10.7|211.227.233.242|->_|e____|64___|80___|13__|2066_|
|03:21:25|2011-03-09|6_______|10.10.10.7|211.227.233.242|->_|e____|64___|80___|8___|1572_|
|03:21:28|2011-03-09|6_______|10.10.10.7|222.66.209.98__|->_|e____|124__|80___|10__|1076_|
|03:21:29|2011-03-09|6_______|10.10.10.7|222.24.94.19___|->_|e____|126__|80___|13__|2084_|
|03:21:34|2011-03-09|6_______|10.10.10.7|222.24.94.19___|->_|e____|126__|80___|9___|1632_|
|03:26:28|2011-03-09|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
**** Packer_Results ****
 ___________
|Packer_Name|
**** HoneyTrap_Results ****
 ____________________________
|Honey_Trap_Log_File_Location|
**** PTFB_Results ****
 ______________________
|PTFB_Log_File_Location|