Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =d0156ae1692748fea9fdebde80c7f470

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    d0156ae1692748fea9fdebde80c7f4700bc6ca8b79b92d8f46faaf75c2a1f6b638b0c7340961724abbb7e95a38ec51284d2bbc3bc6587e3fc20fe8d24ed71be22c91378a1536:weWP9f5c7G2G5nr3OxGaXeGFdQT4VVC1aCHP+DR/5v259dN:2P9f5c7G22OxGaXeGFdQTMVC12M84588

    File Results

    File Name
    Postales.exe

    SNORT Results

    Snort ClassSnort AlertCount
    N/ANo snort alerts generated0

    AV Results

    AV AlertAV Vendor
    Infostealer.BancosSymantec
    Generic.dx!zuzMcAfee
    Trojan.Win32.VBKrypt.djsqKaspersky

    Folders (Added) - ICC Results

    PathFolder Name

    Files (Added) - ICC Results

    PathFile Name
    c:/Documents and Settings/dmc73144/Local Settings/Temp~DF9283.tmp
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/system32winlogin.exe
    c:/WINDOWSwinrun.exe
    c:netstat_post.txt
    c:taskv_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed59 21 CC 51 F6 33 C5 A2 06 3D 78 58 36 D1 A7 4C EF B2 39 01 81 E5 E8 25 1C A3 83 89 D1 39 AD 07 AB EE 72 31 FB 33 5C 17 FA 9E A7 CC FB 42 10 7D 16 04 0D 4C F6 C
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows NT/CurrentVersion/Windowsload"" "C

    DNS Results

    DNSDNS Response
    www.ira.maristas.clStandard query response A 201.238.196.195

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    201.238.196.195www.ira.maristas.cl/galerias/content/2011/componentes/configuracionvb wininet0x06
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    69981818010906
    17101750

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    8069981818010906
    190017101750

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    15:33:522011-06-18610.10.10.7201.238.196.195-> e 311809927
    15:34:042011-06-18610.10.10.7201.238.196.195-> e 127809927
    15:34:152011-06-18610.10.10.7201.238.196.195-> e 189809927
    15:34:272011-06-18610.10.10.7201.238.196.195-> e 190809927
    15:34:392011-06-18610.10.10.7201.238.196.195-> e 539809927
    15:34:512011-06-18610.10.10.7201.238.196.195-> e 540809927
    15:35:032011-06-18610.10.10.7201.238.196.195-> e 46809927
    15:35:142011-06-18610.10.10.7201.238.196.195-> e 581809927
    15:35:262011-06-18610.10.10.7201.238.196.195-> e 102809927
    15:35:382011-06-18610.10.10.7201.238.196.195-> e 436809927
    15:35:502011-06-18610.10.10.7201.238.196.195-> e 49809927
    15:36:022011-06-18610.10.10.7201.238.196.195-> e 23809927
    15:36:142011-06-18610.10.10.7201.238.196.195-> e 411809927
    15:36:262011-06-18610.10.10.7201.238.196.195-> e 735809927
    15:36:382011-06-18610.10.10.7201.238.196.195-> e 736809927
    15:36:502011-06-18610.10.10.7201.238.196.195-> e 783809927
    15:37:022011-06-18610.10.10.7201.238.196.195-> e 784809927
    15:37:142011-06-18610.10.10.7201.238.196.195-> e 830809927
    15:37:252011-06-18610.10.10.7201.238.196.195-> e 831809927
    15:37:372011-06-18610.10.10.7201.238.196.195-> e d 8328071080
    15:39:112011-06-18610.10.10.7201.238.196.195-> e 832802393
    15:39:112011-06-181710.10.10.7239.255.255.250-> e 819001175

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location