Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =e2f208c00a51dced3b7d9ed802204f43

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    e2f208c00a51dced3b7d9ed802204f439c564505aa31d5d1f3025b776e9cef6b44ba7199712cec39898852105ee049e8f9c3dffc5aff3bb13903a88b4fd4295687310d2c768:ysBIp1G4fPYSJ4PYICk/lTMDbn+HEf438p6Vpx/jNFCbr0PyI/E1FjqnbcuyD7U:ysBI1G4n4FtT41984

    File Results

    File Name
    Play%5FVideo%5FClick%5FRun.exe
    bottan.exe
    bgd2.txt.exe

    SNORT Results

    Snort ClassSnort AlertCount
    Misc AttackET RBN Known Russian Business Network IP TCP (5)4

    AV Results

    AV AlertAV Vendor
    N/ASymantec
    GenericMcAfee
    Backdoor.Win32.VB.lvnKaspersky

    Folders (Added) - ICC Results

    PathFolder Name

    Files (Added) - ICC Results

    PathFile Name
    c:/Documents and Settings/dmc73144/Local Settings/Temp5chy0.exe
    c:/Documents and Settings/dmc73144/Local Settings/Tempogunhqym.bat
    c:/Documents and Settings/dmc73144/Local Settings/Temp~DF893C.tmp
    c:/WINDOWS/Prefetch5CHY0.EXE-27E87246.pf
    c:/WINDOWS/PrefetchNET.EXE-01A53C2F.pf
    c:/WINDOWS/PrefetchNET1.EXE-029B9DB4.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/PrefetchSC.EXE-012262AF.pf
    c:/WINDOWS/system32dvmzp3j.log
    c:netstat_post.txt
    c:tasksvc_post.txt
    c:taskv_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/Documents and Settings/LocalServicentuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/configsystem.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswbemess.log

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed55 DE 75 36 24 41 E6 52 D8 6D E7 CD 0F 1A 3A 0B 07 66 EA FB 6E FA 4F 35 A4 A1 E4 A0 D3 83 BA 3D 84 33 7F 38 A0 79 FE 71 90 17 2A 36 B2 95 55 E8 63 EA 73 DF 90 C
    modifiedHKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/ProfileList/S-1-5-19RefCount0x00000002 0x00000001
    modifiedHKLM/SYSTEM/ControlSet001/Services/SharedAccessStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/ControlSet001/Services/SharedAccess/EpochEpoch0x00000104 0x00000105
    modifiedHKLM/SYSTEM/ControlSet001/Services/wscsvcStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/SharedAccessStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/EpochEpoch0x00000104 0x00000105
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/wscsvcStart0x00000002 0x00000004
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001

    DNS Results

    DNSDNS Response
    exe.perfectexe.comStandard query response A 122.224.6.48

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    6605648943368
    17508750

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    2556605648943368
    190017508750

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    16:26:132010-07-13610.10.10.7122.224.6.48-> e 11255141168
    16:26:192010-07-13610.10.10.7122.224.6.48-> e 1125510600
    16:26:242010-07-13610.10.10.7122.224.6.48-> e 112555300
    16:27:272010-07-13610.10.10.7122.224.6.48-> e 38255131104
    16:27:322010-07-13610.10.10.7122.224.6.48-> e 3825510600
    16:27:372010-07-13610.10.10.7122.224.6.48-> e 382556360
    16:28:402010-07-13610.10.10.7122.224.6.48-> e 20255131105
    16:28:452010-07-13610.10.10.7122.224.6.48-> e 2025511660
    16:28:502010-07-13610.10.10.7122.224.6.48-> e 202555300
    16:29:532010-07-13610.10.10.7122.224.6.48-> e 113255131105
    16:29:582010-07-13610.10.10.7122.224.6.48-> e 11325511660
    16:30:032010-07-13610.10.10.7122.224.6.48-> e 1132555300
    16:31:302010-07-131710.10.10.7239.255.255.250-> e 400219002350
    16:31:362010-07-131710.10.10.7239.255.255.250-> e 400219001175
    16:31:392010-07-131710.10.10.7239.255.255.250-> e 41319002350

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location