Malware Report

Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:

MD5 =ce48c3c03aa847ca3028436600d37415

Malware Report - Results

File MD5Sum	SHA1SUM	SHA256SUM	FUZZY HASH	File Size
ce48c3c03aa847ca3028436600d37415	50236d6e8a3f82e96c34f6eab35753b8276536e8	0e5c0381d38c412e64cd4c75d42f8f8df91b4255da6264439949ba2d595a83df	768:bVS7w7A0Kn1Jz1F1IpX4aa4vdh65tbmbzM1bgZvi63xnbcuyD7U:E7w7jX4aZvdhitiXMJg9i63x	41472

File Results

File Name
dgh4.txt.exe

SNORT Results

Snort Class	Snort Alert	Count
Misc Attack	ET RBN Known Russian Business Network IP TCP (25)	4
Misc Attack	ET DROP Spamhaus DROP Listed Traffic Inbound	1

AV Results

AV Alert	AV Vendor
Backdoor.Trojan	Symantec
Generic	McAfee
Backdoor.Win32.VB.lvn	Kaspersky
N/A	Symantec
N/A	McAfee
Trojan-Ransom.Win32.XBlocker.aok	Kaspersky

Folders (Added) - ICC Results

Path	Folder Name

Files (Added) - ICC Results

Path	File Name
c:/Documents and Settings/dmc73144/Local Settings/Temp	64cucen.exe
c:/Documents and Settings/dmc73144/Local Settings/Temp	a2ga3dk8.bat
c:/Documents and Settings/dmc73144/Local Settings/Temp	~DF8C0E.tmp
c:/WINDOWS/Prefetch	64CUCEN.EXE-24E04B4D.pf
c:/WINDOWS/Prefetch	NET.EXE-01A53C2F.pf
c:/WINDOWS/Prefetch	NET1.EXE-029B9DB4.pf
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:/WINDOWS/Prefetch	SC.EXE-012262AF.pf
c:/WINDOWS/system32	ljwsah6.log
c:	netstat_post.txt
c:	tasksvc_post.txt
c:	taskv_post.txt

Files (Deleted) - ICC Results

Action	Path	File Name

Files (Changed) - ICC Results

Action	Path	File Name
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/Documents and Settings/LocalService	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/system32/config	software.LOG
modified	c:/WINDOWS/system32/config	system.LOG
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Logs	wbemess.log
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log

Registry Keys (Added) - ICC Results

Action	Path

Registry Values (Added) - ICC Results

Action	Path	Val_Name	Val_Data

Registry Values (Deleted) - ICC Results

Action	Path	Val_Name	Val_Type	Mod_Val_Type	Val_Data	Mod_Val_Data

Registry Values (Changed) - ICC Results

Action	Path	Val_Name	Val_Data	Mod_Val_Data
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	7C 02 F0 97 68 E7 07 C1 12 BC 81 79 A4 89 1B 81 9E 58 B5 78 69 C8 AA 79 6C 20 A9	56 05 17 7B 78 16 B9 DD CE EE B9 47 07 F7 DA 4B B1 9B 96 56 F0 93 1A FA 2C B7 2
modified	HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/ProfileList/S-1-5-19	RefCount	0x00000002	0x00000001
modified	HKLM/SYSTEM/ControlSet001/Services/SharedAccess	Start	0x00000002	0x00000004
modified	HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch	Epoch	0x00000104	0x00000105
modified	HKLM/SYSTEM/ControlSet001/Services/wscsvc	Start	0x00000002	0x00000004
modified	HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess	Start	0x00000002	0x00000004
modified	HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch	Epoch	0x00000104	0x00000105
modified	HKLM/SYSTEM/CurrentControlSet/Services/wscsvc	Start	0x00000002	0x00000004
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 18 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001

DNS Results

DNS	DNS Response
mskla.com	Standard query response A 193.105.207.31

URL Results

DstIP	HTTP_HOST	HTTP_REQUEST_URI	HTTP_USER_AGENT	PROTOCOL
193.105.207.31	mskla.com	/list.php?c=637B5483A711A8046A8DC5EDFCB9EF3E029BF6CDC0F2E24AAAE8BAED862E99B6AD937C61215668069BE2DD47BAFFA98BF9039E691F66BCED384CC16A&v=2&t=0.3598139	Mozilla/4.0 (compatible; MSIE 6.0.2900.2180; Windows NT 5.1.2600)	0x06
193.105.207.31	mskla.com	/list.php?c=6B73568175C365C9E106F4DCD491DA0B039A4B70DDEFD870094B7E29B9112A059EA05B4687F0C7A9F18829B30C49B09209F3A156A6DF1C4D582C3A91&v=2&t=0.8878443	Mozilla/4.0 (compatible; MSIE 6.0.2900.2180; Windows NT 5.1.2600)	0x06
193.105.207.31	mskla.com	/list.php?c=9189DE09E650F4588D6AE9C10B4EF42578E19FA4C3F17FD70446BDEA68C0D2FD81BF1F02F88F4729F68F8218C5803517708A8F786E1711409AEE15BE&v=2&t=0.6916315	Mozilla/4.0 (compatible; MSIE 6.0.2900.2180; Windows NT 5.1.2600)	0x06
193.105.207.31	mskla.com	/list.php?c=F7EF23F4D6608824C4230A227D38C716AD349BA020121BB33D7F8ADDB71F6A45506E918C2057EE80C8B15CC66E2B391B817BA35484FD772686F2953E&v=2&t=0.314068	Mozilla/4.0 (compatible; MSIE 6.0.2900.2180; Windows NT 5.1.2600)	0x06
239.255.255.250	239.255.255.250:1900	*	--blank--	0x11

ARGUS PROTOCOL Results

PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
6	20	16	2423	2060
17	2	0	350	0

ARGUS DPORT Results

DPORT	PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
80	6	20	16	2423	2060
1900	17	2	0	350	0

ARGUS DATA Results

Time	Date	Protocol	SrcIP	DstIP	Dir	Flags	Sport	Dport	Pkts	Bytes
05:04:06	2010-07-07	6	10.10.10.7	193.105.207.31	->	e	122	80	9	1121
05:05:09	2010-07-07	6	10.10.10.7	193.105.207.31	->	e	410	80	9	1121
05:06:18	2010-07-07	6	10.10.10.7	193.105.207.31	->	e	91	80	9	1121
05:07:22	2010-07-07	6	10.10.10.7	193.105.207.31	->	e	616	80	9	1120
05:09:29	2010-07-07	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350

Packer Results

Packer Name

HoneyTrap Results

Honey Trap Log File Location

PTFB Results

PTFB Log File Location