File MD5Sum | SHA1SUM | SHA256SUM | FUZZY HASH | File Size |
---|---|---|---|---|
cbc51ed4b0d5d55bfe0ef487f03c0b81 | cfae8bab224a62bb926336721583108460a75215 | b65384650379383cbbb924a5915facd8ed8af496bb945464142fd0238cdeb6e2 | 768:JNfH5SlBV8qPl0CD6jjEwRLzmk0juaqs2o+4ZH98iZhifZ/0FM:rfZwGqd0y6nEwRLSk0bqLuH98 | 37376 |
File Name |
---|
ml1.txt.exe |
Snort Class | Snort Alert | Count |
---|---|---|
Misc Attack | ET RBN Known Russian Business Network IP TCP (289) | 4 |
Misc Attack | ET DROP Spamhaus DROP Listed Traffic Inbound | 1 |
AV Alert | AV Vendor |
---|---|
Backdoor.Trojan | Symantec |
N/A | McAfee |
Backdoor.Win32.VB.njo | Kaspersky |
Trojan.Dropper | Symantec |
Generic | McAfee |
Rootkit.Win32.Tent.cos | Kaspersky |
Artemis!CBC51ED4B0D5 | McAfee |
Path | Folder Name |
---|
Action | Path | File Name |
---|
Action | Path |
---|
Action | Path | Val_Name | Val_Data |
---|
Action | Path | Val_Name | Val_Type | Mod_Val_Type | Val_Data | Mod_Val_Data |
---|
Action | Path | Val_Name | Val_Data | Mod_Val_Data |
---|---|---|---|---|
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | 85 81 82 98 01 41 B5 5F 02 C0 08 85 26 D0 3B 77 0B 15 0C E5 11 DC 17 C1 A0 67 D7 | 8D 26 40 A8 73 50 30 B7 4E 0C D0 D4 F5 D5 71 E9 82 46 45 6B 15 A4 03 7A A1 84 F |
modified | HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/ProfileList/S-1-5-19 | RefCount | 0x00000002 | 0x00000001 |
modified | HKLM/SYSTEM/ControlSet001/Services/SharedAccess | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch | Epoch | 0x00000104 | 0x00000105 |
modified | HKLM/SYSTEM/ControlSet001/Services/wscsvc | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch | Epoch | 0x00000104 | 0x00000105 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/wscsvc | Start | 0x00000002 | 0x00000004 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections | SavedLegacySettings | 3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 | 3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
DNS | DNS Response |
---|---|
justoldleft.ru | Standard query response A 91.213.29.174 |
PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|
6 | 20 | 16 | 2427 | 2060 |
DPORT | PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|---|
80 | 6 | 20 | 16 | 2427 | 2060 |
Time | Date | Protocol | SrcIP | DstIP | Dir | Flags | Sport | Dport | Pkts | Bytes |
---|---|---|---|---|---|---|---|---|---|---|
10:32:04 | 2011-03-25 | 6 | 10.10.10.7 | 91.213.29.174 | -> | e | 43 | 80 | 9 | 1122 |
10:33:10 | 2011-03-25 | 6 | 10.10.10.7 | 91.213.29.174 | -> | e | 578 | 80 | 9 | 1122 |
10:34:19 | 2011-03-25 | 6 | 10.10.10.7 | 91.213.29.174 | -> | e | 111 | 80 | 9 | 1121 |
10:35:23 | 2011-03-25 | 6 | 10.10.10.7 | 91.213.29.174 | -> | e | 770 | 80 | 9 | 1122 |
Packer Name |
---|
Honey Trap Log File Location |
---|
PTFB Log File Location |
---|