File MD5Sum | SHA1SUM | SHA256SUM | FUZZY HASH | File Size |
---|---|---|---|---|
e2f208c00a51dced3b7d9ed802204f43 | 9c564505aa31d5d1f3025b776e9cef6b44ba7199 | 712cec39898852105ee049e8f9c3dffc5aff3bb13903a88b4fd4295687310d2c | 768:ysBIp1G4fPYSJ4PYICk/lTMDbn+HEf438p6Vpx/jNFCbr0PyI/E1FjqnbcuyD7U:ysBI1G4n4FtT | 41984 |
File Name |
---|
Play%5FVideo%5FClick%5FRun.exe |
bottan.exe |
bgd2.txt.exe |
Snort Class | Snort Alert | Count |
---|---|---|
Misc Attack | ET RBN Known Russian Business Network IP TCP (5) | 4 |
AV Alert | AV Vendor |
---|---|
N/A | Symantec |
Generic | McAfee |
Backdoor.Win32.VB.lvn | Kaspersky |
Path | Folder Name |
---|
Action | Path | File Name |
---|
Action | Path |
---|
Action | Path | Val_Name | Val_Data |
---|
Action | Path | Val_Name | Val_Type | Mod_Val_Type | Val_Data | Mod_Val_Data |
---|
Action | Path | Val_Name | Val_Data | Mod_Val_Data |
---|---|---|---|---|
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | 55 DE 75 36 24 41 E6 52 D8 6D E7 CD 0F 1A 3A 0B 07 66 EA FB 6E FA 4F 35 A4 A1 E4 | A0 D3 83 BA 3D 84 33 7F 38 A0 79 FE 71 90 17 2A 36 B2 95 55 E8 63 EA 73 DF 90 C |
modified | HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/ProfileList/S-1-5-19 | RefCount | 0x00000002 | 0x00000001 |
modified | HKLM/SYSTEM/ControlSet001/Services/SharedAccess | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch | Epoch | 0x00000104 | 0x00000105 |
modified | HKLM/SYSTEM/ControlSet001/Services/wscsvc | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch | Epoch | 0x00000104 | 0x00000105 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/wscsvc | Start | 0x00000002 | 0x00000004 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections | SavedLegacySettings | 3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 | 3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
DNS | DNS Response |
---|---|
exe.perfectexe.com | Standard query response A 122.224.6.48 |
DstIP | HTTP_HOST | HTTP_REQUEST_URI | HTTP_USER_AGENT | PROTOCOL |
---|---|---|---|---|
239.255.255.250 | 239.255.255.250:1900 | * | --blank-- | 0x11 |
PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|
6 | 60 | 56 | 4894 | 3368 |
17 | 5 | 0 | 875 | 0 |
DPORT | PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|---|
255 | 6 | 60 | 56 | 4894 | 3368 |
1900 | 17 | 5 | 0 | 875 | 0 |
Time | Date | Protocol | SrcIP | DstIP | Dir | Flags | Sport | Dport | Pkts | Bytes |
---|---|---|---|---|---|---|---|---|---|---|
16:26:13 | 2010-07-13 | 6 | 10.10.10.7 | 122.224.6.48 | -> | e | 11 | 255 | 14 | 1168 |
16:26:19 | 2010-07-13 | 6 | 10.10.10.7 | 122.224.6.48 | -> | e | 11 | 255 | 10 | 600 |
16:26:24 | 2010-07-13 | 6 | 10.10.10.7 | 122.224.6.48 | -> | e | 11 | 255 | 5 | 300 |
16:27:27 | 2010-07-13 | 6 | 10.10.10.7 | 122.224.6.48 | -> | e | 38 | 255 | 13 | 1104 |
16:27:32 | 2010-07-13 | 6 | 10.10.10.7 | 122.224.6.48 | -> | e | 38 | 255 | 10 | 600 |
16:27:37 | 2010-07-13 | 6 | 10.10.10.7 | 122.224.6.48 | -> | e | 38 | 255 | 6 | 360 |
16:28:40 | 2010-07-13 | 6 | 10.10.10.7 | 122.224.6.48 | -> | e | 20 | 255 | 13 | 1105 |
16:28:45 | 2010-07-13 | 6 | 10.10.10.7 | 122.224.6.48 | -> | e | 20 | 255 | 11 | 660 |
16:28:50 | 2010-07-13 | 6 | 10.10.10.7 | 122.224.6.48 | -> | e | 20 | 255 | 5 | 300 |
16:29:53 | 2010-07-13 | 6 | 10.10.10.7 | 122.224.6.48 | -> | e | 113 | 255 | 13 | 1105 |
16:29:58 | 2010-07-13 | 6 | 10.10.10.7 | 122.224.6.48 | -> | e | 113 | 255 | 11 | 660 |
16:30:03 | 2010-07-13 | 6 | 10.10.10.7 | 122.224.6.48 | -> | e | 113 | 255 | 5 | 300 |
16:31:30 | 2010-07-13 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 4002 | 1900 | 2 | 350 |
16:31:36 | 2010-07-13 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 4002 | 1900 | 1 | 175 |
16:31:39 | 2010-07-13 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 413 | 1900 | 2 | 350 |
Packer Name |
---|
Honey Trap Log File Location |
---|
PTFB Log File Location |
---|