Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =cd7e03c43ee0e7eb1ff3e8be0f83ca12

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    cd7e03c43ee0e7eb1ff3e8be0f83ca12ce24b4681bb8997b7ffcb37a3c0835948c226638574bf2b7fda2190aedfe8c03ebe00454c1dcfdc2445263f1ec687fdf8d02e4ef6144:Cu2urzh9xu/Xkaun+ngy3tQX6SwbNTLOd8udHh1:Cutrzh9xOXkkl2XY1vQ1249789

    File Results

    File Name
    index.html.exe

    SNORT Results

    Snort ClassSnort AlertCount
    A Network Trojan was DetectedSPYWARE-PUT Backdoor.Win32.Darkness contact to server attempt1

    AV Results

    AV AlertAV Vendor
    Suspicious.IRCBoSymantec
    Artemis!2AAAAB739123McAfee
    HEUR:Trojan.Win32.GenericKaspersky

    Folders (Added) - ICC Results

    PathFolder Name
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5ITB2CJ0C

    Files (Added) - ICC Results

    PathFile Name
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0Cdesktop.ini
    c:/Documents and Settings/dmc73144/Start Menu/Programs/StartupMicrosoft Update.exe
    c:/Documents and Settings/LocalService/Local Settings/Temporary Internet Files/Content.IE5/19FBBWXLindex[1].htm
    c:/WINDOWS/Prefetch7Z.EXE-1A62CD19.pf
    c:/WINDOWS/PrefetchDWM.EXE-04164222.pf
    c:/WINDOWS/PrefetchFILE1.EXE-03B2F7D2.pf
    c:/WINDOWS/PrefetchFILE2.EXE-0FB11BD9.pf
    c:/WINDOWS/PrefetchFILE3.EXE-2A1A7267.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/PrefetchSC.EXE-012262AF.pf
    c:/WINDOWS/PrefetchSTART.EXE-31104AA4.pf
    c:/WINDOWS/PrefetchSVCHOST.EXE-3530F672.pf
    c:/WINDOWS/systemdwm.exe
    c:/WINDOWS/system32/drivers/etcFile1.exe
    c:/WINDOWS/system32/drivers/etcFile2.exe
    c:/WINDOWS/system32/drivers/etcfile3.exe
    c:/WINDOWS/system32/drivers/etch?sts
    c:/WINDOWS/system32/drivers/etcstart.exe
    c:/WINDOWS/Tempddid
    c:netstat_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/Documents and Settings/LocalService/Cookiesindex.dat
    modifiedc:/Documents and Settings/LocalService/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/LocalService/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/SoftwareDistribution/DataStoreDataStore.edb
    modifiedc:/WINDOWS/SoftwareDistribution/DataStore/Logsedb.chk
    modifiedc:/WINDOWS/SoftwareDistribution/DataStore/Logsedb.log
    modifiedc:/WINDOWS/system32/configdefault.LOG
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/configsystem.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswbemess.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING1.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeedD4 E6 76 46 DF AE E0 18 C2 30 26 DE BC 3B 5C DE 3C 7C 09 C3 B2 16 07 8F B2 8F 8B D6 76 B4 52 8F 0D 3E 76 DC B7 B2 78 62 97 A0 D3 ED 2E 8D CB 7F C8 8C 2C EA 46 4
    modifiedHKLM/SYSTEM/ControlSet001/Control/ServiceCurrent0x00000009 0x0000000A
    modifiedHKLM/SYSTEM/ControlSet001/Services/SharedAccess/EpochEpoch0x00000104 0x00000105
    modifiedHKLM/SYSTEM/CurrentControlSet/Control/ServiceCurrent0x00000009 0x0000000A
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/EpochEpoch0x00000104 0x00000105
    modifiedHKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersCookiesC:Documents and SettingsDefault UserCookies "C
    modifiedHKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersCacheC:Documents and SettingsDefault UserLocal SettingsTemporary Internet Files "C
    modifiedHKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersHistoryC:Documents and SettingsDefault UserLocal SettingsHistory "C
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
    modifiedHKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersCookiesC:Documents and SettingsDefault UserCookies "C
    modifiedHKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersCacheC:Documents and SettingsDefault UserLocal SettingsTemporary Internet Files "C
    modifiedHKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersHistoryC:Documents and SettingsDefault UserLocal SettingsHistory "C

    DNS Results

    DNSDNS Response
    boooot.ruStandard query response A 77.109.85.227
    kvazimoder.comStandard query response A 92.38.209.207

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    77.109.85.227boooot.ru/index.php?uid=283187&ver=6m%20XPMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Avant Browser [avantbrowser.com]; iOpus-I-M; QXW03416; .NET CLR 1.1.4322)0x06
    92.38.209.207kvazimoder.com/sky/gate.php?v=2&b=0&r=10x06
    92.38.209.207kvazimoder.com/sky/gate.php?v=2&b=0&r=20x06
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    6151212871545
    17203500

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    806151212871545
    190017203500

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    05:34:142011-08-27610.10.10.777.109.85.227-> e 3168091034
    05:34:452011-08-27610.10.10.792.38.209.207-> e 191809899
    05:34:462011-08-27610.10.10.792.38.209.207-> e 515809899
    05:39:412011-08-271710.10.10.7239.255.255.250-> e 819002350

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location