File MD5Sum | SHA1SUM | SHA256SUM | FUZZY HASH | File Size |
---|---|---|---|---|
de3c6c55804be99e8de00acc82ef38c0 | 8ac2ced6b0bb781667363344a298abf1135a6f43 | 8f954f4ea82d9730fda741fe2c52c59e3e1a7829e4d0e6910e4e9f5912e077f0 | 384:dn4uowXcnm9iEhgWugRhHseyED30SqzEc:F0NWB3MWj/ | 28672 |
File Name |
---|
VIDCH000301.exe |
Snort Class | Snort Alert | Count |
---|---|---|
Potentially Bad Traffic | ET CURRENT_EVENTS HTTP Request to a Suspicious *.co.cc domain | 6 |
AV Alert | AV Vendor |
---|---|
N/A | Symantec |
Artemis!DE3C6C55804B | McAfee |
N/A | Kaspersky |
Path | Folder Name |
---|
Path | File Name |
---|---|
c:/WINDOWS/Prefetch | REG.EXE-0D2A95F7.pf |
c:/WINDOWS/Prefetch | SANDNET.EXE-2012C478.pf |
c:/WINDOWS | scrrss.exe |
c: | netstat_post.txt |
c: | taskv_post.txt |
Action | Path | File Name |
---|
Action | Path |
---|
Action | Path | Val_Name | Val_Data |
---|
Action | Path | Val_Name | Val_Type | Mod_Val_Type | Val_Data | Mod_Val_Data |
---|
Action | Path | Val_Name | Val_Data | Mod_Val_Data |
---|---|---|---|---|
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | 49 7D 64 D4 C5 37 22 E2 6F 1C BC 4E 5C 5F 68 F1 26 6D 5C 11 71 12 77 A9 BB F8 9B | BF 0B 97 D4 7F 09 4F 6D 30 02 7C 51 47 3D 75 93 7C 00 B1 F7 4E B9 B3 4B B8 7C 8 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections | SavedLegacySettings | 3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 | 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
DNS | DNS Response |
---|---|
exprimiendo.co.cc | Standard query response A 207.182.150.9 |
DstIP | HTTP_HOST | HTTP_REQUEST_URI | HTTP_USER_AGENT | PROTOCOL |
---|---|---|---|---|
207.182.150.9 | exprimiendo.co.cc | /entrada/ | vb wininet | 0x06 |
239.255.255.250 | 239.255.255.250:1900 | * | --blank-- | 0x11 |
PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|
6 | 29 | 26 | 2166 | 4029 |
17 | 2 | 0 | 350 | 0 |
DPORT | PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|---|
80 | 6 | 29 | 26 | 2166 | 4029 |
1900 | 17 | 2 | 0 | 350 | 0 |
Time | Date | Protocol | SrcIP | DstIP | Dir | Flags | Sport | Dport | Pkts | Bytes |
---|---|---|---|---|---|---|---|---|---|---|
18:01:42 | 2011-07-19 | 6 | 10.10.10.7 | 207.182.150.9 | -> | e | 142 | 80 | 9 | 886 |
18:02:22 | 2011-07-19 | 6 | 10.10.10.7 | 207.182.150.9 | -> | e | 567 | 80 | 9 | 886 |
18:03:01 | 2011-07-19 | 6 | 10.10.10.7 | 207.182.150.9 | -> | e | 604 | 80 | 9 | 886 |
18:03:41 | 2011-07-19 | 6 | 10.10.10.7 | 207.182.150.9 | -> | e | 144 | 80 | 9 | 886 |
18:04:21 | 2011-07-19 | 6 | 10.10.10.7 | 207.182.150.9 | -> | e | 756 | 80 | 9 | 886 |
18:05:00 | 2011-07-19 | 6 | 10.10.10.7 | 207.182.150.9 | -> | e d | 799 | 80 | 7 | 1039 |
18:05:10 | 2011-07-19 | 6 | 10.10.10.7 | 207.182.150.9 | -> | e | 799 | 80 | 1 | 333 |
18:06:34 | 2011-07-19 | 6 | 10.10.10.7 | 207.182.150.9 | -> | e | 799 | 80 | 2 | 393 |
18:06:34 | 2011-07-19 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 2 | 350 |
Packer Name |
---|
Honey Trap Log File Location |
---|
PTFB Log File Location |
---|