Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =de3c6c55804be99e8de00acc82ef38c0

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    de3c6c55804be99e8de00acc82ef38c08ac2ced6b0bb781667363344a298abf1135a6f438f954f4ea82d9730fda741fe2c52c59e3e1a7829e4d0e6910e4e9f5912e077f0384:dn4uowXcnm9iEhgWugRhHseyED30SqzEc:F0NWB3MWj/28672

    File Results

    File Name
    VIDCH000301.exe

    SNORT Results

    Snort ClassSnort AlertCount
    Potentially Bad TrafficET CURRENT_EVENTS HTTP Request to a Suspicious *.co.cc domain6

    AV Results

    AV AlertAV Vendor
    N/ASymantec
    Artemis!DE3C6C55804BMcAfee
    N/AKaspersky

    Folders (Added) - ICC Results

    PathFolder Name

    Files (Added) - ICC Results

    PathFile Name
    c:/WINDOWS/PrefetchREG.EXE-0D2A95F7.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWSscrrss.exe
    c:netstat_post.txt
    c:taskv_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed49 7D 64 D4 C5 37 22 E2 6F 1C BC 4E 5C 5F 68 F1 26 6D 5C 11 71 12 77 A9 BB F8 9B BF 0B 97 D4 7F 09 4F 6D 30 02 7C 51 47 3D 75 93 7C 00 B1 F7 4E B9 B3 4B B8 7C 8
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001

    DNS Results

    DNSDNS Response
    exprimiendo.co.ccStandard query response A 207.182.150.9

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    207.182.150.9exprimiendo.co.cc/entrada/vb wininet0x06
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    6292621664029
    17203500

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    806292621664029
    190017203500

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    18:01:422011-07-19610.10.10.7207.182.150.9-> e 142809886
    18:02:222011-07-19610.10.10.7207.182.150.9-> e 567809886
    18:03:012011-07-19610.10.10.7207.182.150.9-> e 604809886
    18:03:412011-07-19610.10.10.7207.182.150.9-> e 144809886
    18:04:212011-07-19610.10.10.7207.182.150.9-> e 756809886
    18:05:002011-07-19610.10.10.7207.182.150.9-> e d 7998071039
    18:05:102011-07-19610.10.10.7207.182.150.9-> e 799801333
    18:06:342011-07-19610.10.10.7207.182.150.9-> e 799802393
    18:06:342011-07-191710.10.10.7239.255.255.250-> e 819002350

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location