Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =ddc6c46af5f67f3bb44abec39fdc589d

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    ddc6c46af5f67f3bb44abec39fdc589db52e1c0d4b0f944c3507f997aa98394ed11d6d8f01daea6dccf1c44cc4e0a12e35fbb303f9c9a4560af40f2d3791c16147ed37233072:WGYGpO/QN/iR7zcMbqC2CU7CM1ujutoZrrx1/L+XGJ0a2efaZKHjrbAx:WpCO/o/iR8MbqwUYju154112

    File Results

    File Name
    load.php%3Fspl%3Dmdac.exe

    SNORT Results

    Snort ClassSnort AlertCount
    N/ANo snort alerts generated0

    AV Results

    AV AlertAV Vendor
    N/ASymantec
    N/AMcAfee
    N/AKaspersky

    Folders (Added) - ICC Results

    PathFolder Name
    c:/Documents and Settings/dmc73144/Application DataAntiVirus Plus
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE587IMY4XV
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5ITB2CJ0C
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5WO4JPI86

    Files (Added) - ICC Results

    PathFile Name
    c:/DELL/VIDEO/OUTPUTnetstat_base.txt
    c:/DELL/VIDEO/OUTPUTnetstat_post.txt
    c:/DELL/VIDEO/OUTPUTtasksvc_base.txt
    c:/DELL/VIDEO/OUTPUTtasksvc_post.txt
    c:/DELL/VIDEO/OUTPUTtaskv_base.txt
    c:/DELL/VIDEO/OUTPUTtaskv_post.txt
    c:/Documents and Settings/dmc73144/Application Data/AntiVirus PlusAntiVirus Plus.555051.dll
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/87IMY4XVdesktop.ini
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/87IMY4XVreal[1].htm
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0Cdesktop.ini
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0Cwindowsupdate.microsoft[1].htm
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/WO4JPI86avplus[1].htm
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/WO4JPI86desktop.ini
    c:/WINDOWS/Prefetch7Z.EXE-1A62CD19.pf
    c:/WINDOWS/PrefetchRUNDLL32.EXE-31CBD310.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/system32/configsystem.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswbemess.log
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed31 27 1D 1B 63 94 44 AC CD 58 AA B0 1A A3 D4 40 D9 FF D5 30 1E 0E 24 D2 3C 1F 1A D9 6E 92 2E AB A5 EA E2 75 64 58 ED 66 40 BF 8E 65 7B EC A7 38 57 E6 56 CC 27 C
    modifiedHKLM/SYSTEM/ControlSet001/Services/wscsvcStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/wscsvcStart0x00000002 0x00000004
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0

    DNS Results

    DNSDNS Response
    windowsupdate.microsoft.comStandard query response CNAME windowsupdate.microsoft.nsatc.net A 207.46.18.94
    myantivirus-plus.orgStandard query response A 91.188.60.3

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    207.46.18.94windowsupdate.microsoft.com/Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)0x06
    91.188.60.3myantivirus-plus.org/install/avplus.dllMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)0x06
    91.188.60.3myantivirus-plus.org/cb/real.php?id=555051Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)0x06
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    6151214861545
    17203500

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    806151214861545
    190017203500

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    15:11:072010-05-13610.10.10.7207.46.18.94-> e 1058091002
    15:11:082010-05-13610.10.10.791.188.60.3-> e 278091013
    15:11:102010-05-13610.10.10.791.188.60.3-> e 3138091016
    15:16:462010-05-131710.10.10.7239.255.255.250-> e 819002350

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location