Malware Report

Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:

MD5 =b45bbcf509e3d12e21b96721cc925ee9

Malware Report - Results

File MD5Sum	SHA1SUM	SHA256SUM	FUZZY HASH	File Size
b45bbcf509e3d12e21b96721cc925ee9	63b28610bd3f8f2da947055f5977ca1639d33977	7378d8e91759a85338138887f9f84f7d5b703fee6af970c803749493342f6589	384:Fu5G29hZ831mlPgXssWHl2wacL+yWjIJQ281JoiMQaqLZp:ID9osjTBiHjAE1JoBqLZp	32768

File Results

File Name
updateset.exe

SNORT Results

Snort Class	Snort Alert	Count
N/A	No snort alerts generated	0

AV Results

AV Alert	AV Vendor
N/A	Symantec
Generic.dx!tui	McAfee
N/A	Kaspersky

Folders (Added) - ICC Results

Path	Folder Name

Files (Added) - ICC Results

Path	File Name
c:/WINDOWS/Prefetch	AUTOIT3.EXE-32361418.pf
c:/WINDOWS/Prefetch	REGSHOT.EXE-010A5EE6.pf
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:/WINDOWS/SoftwareDistribution/DataStore/Logs	tmp.edb
c:/WINDOWS/system32/drivers/etc	hosts

Files (Deleted) - ICC Results

Action	Path	File Name
deleted	c:/WINDOWS/system32/drivers/etc/hosts

Files (Changed) - ICC Results

Action	Path	File Name
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	DIEP.EXE-0B3E1DC8.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/Prefetch	WUAUCLT.EXE-399A8E72.pf
modified	c:/WINDOWS/SoftwareDistribution/DataStore	DataStore.edb
modified	c:/WINDOWS/SoftwareDistribution/DataStore/Logs	edb.chk
modified	c:/WINDOWS/SoftwareDistribution/DataStore/Logs	edb.log
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS	WindowsUpdate.log

Registry Keys (Added) - ICC Results

Action	Path
added	HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/WindowsUpdate/Reporting/RebootWatch

Registry Values (Added) - ICC Results

Action	Path	Val_Name	Val_Data
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache	C://windows//system32//sandnet.exe	"UpdateSet"

Registry Values (Deleted) - ICC Results

Action	Path	Val_Name	Val_Type	Mod_Val_Type	Val_Data	Mod_Val_Data

Registry Values (Changed) - ICC Results

Action	Path	Val_Name	Val_Data	Mod_Val_Data
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	98 70 18 EF CB 41 5D 7C 36 64 7B 26 78 2B 6D 23 77 F7 E9 9A BB FC 8A 4A 0F 99 14	00 F6 83 10 DA E1 09 77 11 29 47 6F D7 E7 B3 DB C5 B0 7B 87 F0 5D 6C 87 BD 89 FC
modified	HKLM/SYSTEM/ControlSet001/Services/Eventlog/Application/ESENT	EventMessageFile	"c	"C:WINDOWSsystem32ESENT.dll"
modified	HKLM/SYSTEM/ControlSet001/Services/Eventlog/Application/ESENT	CategoryMessageFile	"c	"C:WINDOWSsystem32ESENT.dll"
modified	HKLM/SYSTEM/CurrentControlSet/Services/Eventlog/Application/ESENT	EventMessageFile	"c	"C:WINDOWSsystem32ESENT.dll"
modified	HKLM/SYSTEM/CurrentControlSet/Services/Eventlog/Application/ESENT	CategoryMessageFile	"c	"C:WINDOWSsystem32ESENT.dll"

DNS Results

DNS	DNS Response

URL Results

DstIP	HTTP_HOST	HTTP_REQUEST_URI	HTTP_USER_AGENT	PROTOCOL

ARGUS PROTOCOL Results

PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES

ARGUS DPORT Results

DPORT	PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES

ARGUS DATA Results

Time	Date	Protocol	SrcIP	DstIP	Dir	Flags	Sport	Dport	Pkts	Bytes

Packer Results

Packer Name

HoneyTrap Results

Honey Trap Log File Location

PTFB Results

PTFB Log File Location