Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =c94211cc8fd1d3494f774a63d865e090

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    c94211cc8fd1d3494f774a63d865e0905b7163f78883729b4f5a2e78ea8e19911d5b6b4e9de8b2c1bc0ec944e5af221097851cc07ffa6a1caad811049f54d820a2adc0801536:Ks0isU3UHPRYRdqgohnAM2PgMHcIOmHcJqOrVhZnveftyha9:Ks0is62WRsHIpAqghZnveVyha70224

    File Results

    File Name
    setup2683.exe

    SNORT Results

    Snort ClassSnort AlertCount
    N/ANo snort alerts generated0

    AV Results

    AV AlertAV Vendor
    Trojan.ADHSymantec
    W32/Bamital.pMcAfee
    Backdoor.Win32.Shiz.djlKaspersky
    Trojan.GenSymantec
    PWS-Banker!gvkMcAfee
    Trojan-Banker.Win32.Banker.bkeeKaspersky
    N/ASymantec
    Generic.bfr!buMcAfee
    N/AKaspersky
    Packed-AA!3B98D3D0A19EMcAfee
    Trojan-Banker.Win32.Banker.auziKaspersky
    Artemis!C94211CC8FD1McAfee
    Trojan.Win32.Menti.genaKaspersky

    Folders (Added) - ICC Results

    PathFolder Name

    Files (Added) - ICC Results

    PathFile Name
    c:/Documents and Settings/All Users/Documents19792079
    c:/Documents and Settings/All Users/Documentsdll
    c:/WINDOWS/Prefetch7Z.EXE-1A62CD19.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/system32dll
    c:/WINDOWS/system32w.dll
    c:/WINDOWS/Tempexplorer.dat
    c:/WINDOWS/Tempwinlogon.dat
    c:netstat_post.txt
    c:tasksvc_post.txt
    c:taskv_post.txt
    c:/Documents and Settings/All Users/Documents19792079
    c:/Documents and Settings/All Users/Documentsdll
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/system32dll
    c:/WINDOWS/system32w.dll
    c:/WINDOWS/Tempexplorer.dat
    c:/WINDOWS/Tempwinlogon.dat
    c:netstat_post.txt
    c:taskv_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/PrefetchWMIPRVSE.EXE-28F301A9.pf
    modifiedc:/WINDOWS/system32/configsystem.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/system32/configsystem.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed2A 13 5C EB 9A 5B 07 E0 2B 2D 58 59 7E 3D DB 53 6C E4 4F 2B 2D 74 96 2A 47 39 DE 10 08 81 95 0D D7 DB E9 80 C4 CB 3F 68 7A 9B DD 42 9B AD FF 91 C1 FF D7 DE D0 0
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed7D 3D 98 3A 7E F5 B0 17 F7 97 39 B3 1A 97 0D 78 D2 08 26 D6 E7 DE 0F CA 86 4E 1F 64 39 0F B4 CB 3F B6 7A E9 E7 A5 6D 9B C3 10 F5 D8 51 63 7C 37 5A 41 BD 79 B1 7
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001

    DNS Results

    DNSDNS Response

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    17101750

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    190017101750

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    04:58:472011-04-281710.10.10.7239.255.255.250-> e 819001175

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location