Malware Report

Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:

MD5 =bfa7d446a16b40dca9cd5a68c18f1493

Malware Report - Results

File MD5Sum	SHA1SUM	SHA256SUM	FUZZY HASH	File Size
bfa7d446a16b40dca9cd5a68c18f1493	e6f8660a7cc2907a3dbfb940707bd1d53c408879	69b716fcd33d40df6901630e84d4976508d657c49d318fcb8079054bdb6d32cd	6144:8cg0hxPbO+G4l9hWQF3VsBwPioMXc12PgJAc3iSCO8/eldXvqtOuyxyPQa9lpB7y:zxPbO+G49W	500224

File Results

File Name
comprovante.scr.exe

SNORT Results

Snort Class	Snort Alert	Count
N/A	No snort alerts generated	0

AV Results

AV Alert	AV Vendor
N/A	Symantec
PWS-Banker!gxx	McAfee
Trojan.Win32.Buzus.hrgl	Kaspersky
WS.Reputation.1	Symantec
Artemis!C8F916CBFC43	McAfee
N/A	Kaspersky

Folders (Added) - ICC Results

Path	Folder Name

Files (Added) - ICC Results

Path	File Name
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:	capslock.bmp
c:	netstat_post.txt
c:	taskv_post.txt

Files (Deleted) - ICC Results

Action	Path	File Name

Files (Changed) - ICC Results

Action	Path	File Name
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP

Registry Keys (Added) - ICC Results

Action	Path

Registry Values (Added) - ICC Results

Action	Path	Val_Name	Val_Data

Registry Values (Deleted) - ICC Results

Action	Path	Val_Name	Val_Type	Mod_Val_Type	Val_Data	Mod_Val_Data

Registry Values (Changed) - ICC Results

Action	Path	Val_Name	Val_Data	Mod_Val_Data
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	67 C5 49 4B 70 F5 F1 70 A1 79 32 F6 B1 3D B4 9B 33 C4 45 E5 CF 45 5D B8 FE AB 44	3A 50 99 C1 E3 30 B7 D6 4C 72 6A 14 EF 15 DD 86 09 D7 93 BD EF BA E8 B1 AF 80 0

DNS Results

DNS	DNS Response

URL Results

DstIP	HTTP_HOST	HTTP_REQUEST_URI	HTTP_USER_AGENT	PROTOCOL
204.188.221.210	204.188.221.210	/capslock.txt	Mozilla/3.0 (compatible; Indy Library)	0x06
204.188.221.210	204.188.221.210	/capslock.php	Mozilla/3.0 (compatible; Indy Library)	0x06
239.255.255.250	239.255.255.250:1900	*	--blank--	0x11

ARGUS PROTOCOL Results

PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
6	10	8	900	1030
17	1	0	175	0

ARGUS DPORT Results

DPORT	PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
80	6	10	8	900	1030
1900	17	1	0	175	0

ARGUS DATA Results

Time	Date	Protocol	SrcIP	DstIP	Dir	Flags	Sport	Dport	Pkts	Bytes
08:35:34	2011-06-08	6	10.10.10.7	204.188.221.210	->	e	246	80	9	965
08:35:35	2011-06-08	6	10.10.10.7	204.188.221.210	->	e	6	80	9	965
08:41:07	2011-06-08	17	10.10.10.7	239.255.255.250	->	e	8	1900	1	175

Packer Results

Packer Name

HoneyTrap Results

Honey Trap Log File Location

PTFB Results

PTFB Log File Location