**** Malware_Report_-_Results ****
This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
MD5 =c94211cc8fd1d3494f774a63d865e090

**** Malware_Report_-_Results ****
 ____________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|File_MD5Sum_____________________|SHA1SUM_________________________________|SHA256SUM_______________________________________________________|FUZZY_HASH_____________________________________________________________________|File_Size|
|c94211cc8fd1d3494f774a63d865e090|5b7163f78883729b4f5a2e78ea8e19911d5b6b4e|9de8b2c1bc0ec944e5af221097851cc07ffa6a1caad811049f54d820a2adc080|1536:Ks0isU3UHPRYRdqgohnAM2PgMHcIOmHcJqOrVhZnveftyha9:Ks0is62WRsHIpAqghZnveVyha|70224____|
**** File_Results ****
 _____________
|File_Name____|
|setup2683.exe|
**** SNORT_Results ****
 ___________________________________________
|Snort_Class|Snort_Alert______________|Count|
|N/A________|No_snort_alerts_generated|0____|
**** AV_Results ****
 _________________________________________
|AV_Alert_______________________|AV_Vendor|
|Trojan.ADH_____________________|Symantec_|
|W32/Bamital.p__________________|McAfee___|
|Backdoor.Win32.Shiz.djl________|Kaspersky|
|Trojan.Gen_____________________|Symantec_|
|PWS-Banker!gvk_________________|McAfee___|
|Trojan-Banker.Win32.Banker.bkee|Kaspersky|
|N/A____________________________|Symantec_|
|Generic.bfr!bu_________________|McAfee___|
|N/A____________________________|Kaspersky|
|Packed-AA!3B98D3D0A19E_________|McAfee___|
|Trojan-Banker.Win32.Banker.auzi|Kaspersky|
|Artemis!C94211CC8FD1___________|McAfee___|
|Trojan.Win32.Menti.gena________|Kaspersky|
**** Folders_(Added)_-_ICC_Results ****
 ________________
|Path|Folder_Name|
**** Files_(Added)_-_ICC_Results ****
 _____________________________________________________________________
|Path_________________________________________|File_Name______________|
|c:/Documents_and_Settings/All_Users/Documents|19792079_______________|
|c:/Documents_and_Settings/All_Users/Documents|dll____________________|
|c:/WINDOWS/Prefetch__________________________|7Z.EXE-1A62CD19.pf_____|
|c:/WINDOWS/Prefetch__________________________|SANDNET.EXE-2012C478.pf|
|c:/WINDOWS/system32__________________________|dll____________________|
|c:/WINDOWS/system32__________________________|w.dll__________________|
|c:/WINDOWS/Temp______________________________|explorer.dat___________|
|c:/WINDOWS/Temp______________________________|winlogon.dat___________|
|c:___________________________________________|netstat_post.txt_______|
|c:___________________________________________|tasksvc_post.txt_______|
|c:___________________________________________|taskv_post.txt_________|
|c:/Documents_and_Settings/All_Users/Documents|19792079_______________|
|c:/Documents_and_Settings/All_Users/Documents|dll____________________|
|c:/WINDOWS/Prefetch__________________________|SANDNET.EXE-2012C478.pf|
|c:/WINDOWS/system32__________________________|dll____________________|
|c:/WINDOWS/system32__________________________|w.dll__________________|
|c:/WINDOWS/Temp______________________________|explorer.dat___________|
|c:/WINDOWS/Temp______________________________|winlogon.dat___________|
|c:___________________________________________|netstat_post.txt_______|
|c:___________________________________________|taskv_post.txt_________|
**** Files_(Deleted)_-_ICC_Results ****
 _____________________
|Action|Path|File_Name|
**** Files_(Changed)_-_ICC_Results ****
 ________________________________________________________________________
|Action__|Path__________________________________|File_Name_______________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/config____________|system.LOG______________|
|modified|c:/WINDOWS/system32/drivers/etc_______|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/system32/config____________|system.LOG______________|
|modified|c:/WINDOWS/system32/drivers/etc_______|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
**** Registry_Keys_(Added)_-_ICC_Results ****
 ___________
|Action|Path|
**** Registry_Values_(Added)_-_ICC_Results ****
 _____________________________
|Action|Path|Val_Name|Val_Data|
**** Registry_Values_(Deleted)_-_ICC_Results ****
 ________________________________________________________________
|Action|Path|Val_Name|Val_Type|Mod_Val_Type|Val_Data|Mod_Val_Data|
**** Registry_Values_(Changed)_-_ICC_Results ****
 __________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action__|Path_______________________________________________________________|Val_Name____|Val_Data________________________________________________________________________|Mod_Val_Data___________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|2A_13_5C_EB_9A_5B_07_E0_2B_2D_58_59_7E_3D_DB_53_6C_E4_4F_2B_2D_74_96_2A_47_39_DE|10_08_81_95_0D_D7_DB_E9_80_C4_CB_3F_68_7A_9B_DD_42_9B_AD_FF_91_C1_FF_D7_DE_D0_0|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|7D_3D_98_3A_7E_F5_B0_17_F7_97_39_B3_1A_97_0D_78_D2_08_26_D6_E7_DE_0F_CA_86_4E_1F|64_39_0F_B4_CB_3F_B6_7A_E9_E7_A5_6D_9B_C3_10_F5_D8_51_63_7C_37_5A_41_BD_79_B1_7|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
**** DNS_Results ****
 ________________
|DNS|DNS_Response|
**** URL_Results ****
 ______________________________________________________________________________
|DstIP__________|HTTP_HOST___________|HTTP_REQUEST_URI|HTTP_USER_AGENT|PROTOCOL|
|239.255.255.250|239.255.255.250:1900|*_______________|--blank--______|0x11____|
**** ARGUS_PROTOCOL_Results ****
 ______________________________________________
|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|17______|1_______|0_______|175______|0________|
**** ARGUS_DPORT_Results ****
 ____________________________________________________
|DPORT|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|1900_|17______|1_______|0_______|175______|0________|
**** ARGUS_DATA_Results ****
 ________________________________________________________________________________________
|Time____|Date______|Protocol|SrcIP_____|DstIP__________|Dir|Flags|Sport|Dport|Pkts|Bytes|
|04:58:47|2011-04-28|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|1___|175__|
**** Packer_Results ****
 ___________
|Packer_Name|
**** HoneyTrap_Results ****
 ____________________________
|Honey_Trap_Log_File_Location|
**** PTFB_Results ****
 ______________________
|PTFB_Log_File_Location|