Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =c83eb7b82a4d449ab8f83afe3c82fd29

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    c83eb7b82a4d449ab8f83afe3c82fd29dee21c2f09539234ebf36cbf7a897a9351f796bb54718f6f99c52a92cf33ed70ea9d6b120bc0fb2252bbec716097d3d2d9711f256144:azC/rHU6TxyrLMgAzKjQQiOvH4E6MB/xW+gR974FEGJ0pEl1SOr4Lpllb7f4ub:n/7U6grSsYE6437252

    File Results

    File Name
    server.exe

    SNORT Results

    Snort ClassSnort AlertCount
    Misc AttackET DROP Spamhaus DROP Listed Traffic Inbound1
    A Network Trojan was DetectedET DROP Known Bot C&C Server Traffic TCP (group 63) 1

    AV Results

    AV AlertAV Vendor
    W32.Virut.CFSymantec
    W32/Virut.n.genMcAfee
    Virus.Win32.Virut.ceKaspersky

    Folders (Added) - ICC Results

    PathFolder Name

    Files (Added) - ICC Results

    PathFile Name
    c:/WINDOWS/Prefetch7Z.EXE-1A62CD19.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:netstat_post.txt
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:netstat_post.txt
    c:taskv_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Program Files/7-Zip7z.exe
    modifiedc:/Program Files/OpenSSH/binsh.exe
    modifiedc:/Program Files/OpenSSH/binswitch.exe
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/PrefetchWMIPRVSE.EXE-28F301A9.pf
    modifiedc:/WINDOWS/system32/configdefault.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32net.exe
    modifiedc:/WINDOWS/system32net1.exe
    modifiedc:/WINDOWS/system32netstat.exe
    modifiedc:/WINDOWS/system32tasklist.exe
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING1.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Program Files/OpenSSH/binsh.exe
    modifiedc:/Program Files/OpenSSH/binswitch.exe
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/system32netstat.exe
    modifiedc:/WINDOWS/system32tasklist.exe
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING1.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed88 66 21 13 BA 31 7C 5F EC DF 81 06 E8 C8 6B 23 91 00 77 33 06 6C 98 B8 0C 53 53 4D 8C 8C 54 E6 59 93 BD 99 69 C0 A4 F1 A7 17 51 CC 91 CF CE CF 71 2D 19 2A D8 0
    modifiedHKLM/SYSTEM/ControlSet001/Services/SharedAccess/EpochEpoch0x00000104 0x00000105
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/EpochEpoch0x00000104 0x00000105
    modifiedHKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersCookiesC:Documents and SettingsDefault UserCookies "C
    modifiedHKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersCacheC:Documents and SettingsDefault UserLocal SettingsTemporary Internet Files "C
    modifiedHKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersHistoryC:Documents and SettingsDefault UserLocal SettingsHistory "C
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000003
    modifiedHKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersCookiesC:Documents and SettingsDefault UserCookies "C
    modifiedHKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersCacheC:Documents and SettingsDefault UserLocal SettingsTemporary Internet Files "C
    modifiedHKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersHistoryC:Documents and SettingsDefault UserLocal SettingsHistory "C
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed2A 09 3E 06 C9 2D 68 01 5D 6F 12 D5 AA F2 4D EC 3A A3 5F E8 C9 61 4F EA 9D 0C 73 A9 50 12 FF 30 76 76 3F CA 26 38 EF 2D 9C 59 C9 36 A6 A3 9C E2 CC 17 DF DE C3 3
    modifiedHKLM/SYSTEM/ControlSet001/Services/SharedAccess/EpochEpoch0x00000104 0x00000105
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/EpochEpoch0x00000104 0x00000105
    modifiedHKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersCookiesC:Documents and SettingsDefault UserCookies "C
    modifiedHKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersCacheC:Documents and SettingsDefault UserLocal SettingsTemporary Internet Files "C
    modifiedHKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersHistoryC:Documents and SettingsDefault UserLocal SettingsHistory "C
    modifiedHKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersCookiesC:Documents and SettingsDefault UserCookies "C
    modifiedHKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersCacheC:Documents and SettingsDefault UserLocal SettingsTemporary Internet Files "C
    modifiedHKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersHistoryC:Documents and SettingsDefault UserLocal SettingsHistory "C

    DNS Results

    DNSDNS Response
    ilo.brenz.plStandard query response A 60.190.222.139
    ilo.brenz.plStandard query response A 91.193.194.67
    ilo.brenz.plStandard query response A 83.133.119.197

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    66962453113835

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    8066962453113835

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    00:20:042011-03-24610.10.10.760.190.222.139-> e 22280182500
    00:20:092011-03-24610.10.10.760.190.222.139-> e 22280101965
    00:20:142011-03-24610.10.10.760.190.222.139-> e 222805300
    00:20:452011-03-24610.10.10.760.190.222.139-> e 51480152051
    00:21:192011-03-24610.10.10.760.190.222.139-> e 53480131658
    00:21:522011-03-24610.10.10.760.190.222.139-> e 39080152051
    00:22:262011-03-24610.10.10.760.190.222.139-> e 62580172167
    00:22:312011-03-24610.10.10.760.190.222.139-> e 6258081572
    00:23:042011-03-24610.10.10.760.190.222.139-> e 67880152051
    00:23:382011-03-24610.10.10.791.193.194.67-> e 76680152051
    20:06:512011-03-25610.10.10.791.193.194.67-> e 43980111265
    20:07:232011-03-25610.10.10.791.193.194.67-> e 28680172444
    20:07:582011-03-25610.10.10.791.193.194.67-> e 55780172167
    20:08:322011-03-25610.10.10.791.193.194.67-> e 60280152051
    20:08:372011-03-25610.10.10.791.193.194.67-> e 602802393
    20:09:072011-03-25610.10.10.791.193.194.67-> e 25880172167
    20:09:122011-03-25610.10.10.791.193.194.67-> e 258802393
    20:09:432011-03-25610.10.10.791.193.194.67-> e 63880172167
    20:09:482011-03-25610.10.10.791.193.194.67-> e 63880101965
    20:09:532011-03-25610.10.10.791.193.194.67-> e 638802393
    20:10:232011-03-25610.10.10.783.133.119.197-> e 80580152051
    20:10:282011-03-25610.10.10.783.133.119.197-> e 80580101965
    20:10:332011-03-25610.10.10.783.133.119.197-> e 805806633

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location