Malware Report

Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:

MD5 =e497a664d20455ed2261de1da60a2eb7

Malware Report - Results

File MD5Sum	SHA1SUM	SHA256SUM	FUZZY HASH	File Size
e497a664d20455ed2261de1da60a2eb7	eb3a4a8a0e8adf74d2763902a940437a33755ffb	799841002332fe9766c11853886dbb86500fb8d01d384178f3967ddcccfc14e0	6144:+8U2qy6rRZb7jxGYKSTJDPM83llq9v+evY56asFmd+Upwt:gzy6rRxE8UOlwvVvY5homd+X	278906

File Results

File Name
1289137%5Fx352fsd.640x480.exe

SNORT Results

Snort Class	Snort Alert	Count
A Network Trojan was Detected	SPYWARE-PUT Trojan.Win32.Karagany.A contact to server attempt	1
Misc Attack	ET RBN Known Russian Business Network IP TCP (62)	1

AV Results

AV Alert	AV Vendor
Suspicious.Cloud.5	Symantec
Artemis!E497A664D204	McAfee
Trojan-Spy.Win32.SpyEyes.htg	Kaspersky

Folders (Added) - ICC Results

Path	Folder Name

Files (Added) - ICC Results

Path	File Name
c:/WINDOWS/Prefetch	ADOBEUTIL.EXE-27EA9B9F.pf
c:/WINDOWS/Prefetch	B2E.EXE-0B089C36.pf
c:/WINDOWS/Prefetch	FILE.EXE-18E9700F.pf
c:/WINDOWS/Prefetch	RUNDLL32.EXE-1D33A546.pf
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:/WINDOWS/Prefetch	START1.EXE-2DDDAD76.pf
c:/WINDOWS/system32/drivers/etc	127014_128820_f_640x480.jpg
c:/WINDOWS/system32/drivers/etc	err.log145156
c:/WINDOWS/system32/drivers/etc	file.exe
c:/WINDOWS/system32/drivers/etc	h?sts
c:/WINDOWS/system32/drivers/etc	start1.exe

Files (Deleted) - ICC Results

Action	Path	File Name

Files (Changed) - ICC Results

Action	Path	File Name
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/system32/config	system.LOG
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP

Registry Keys (Added) - ICC Results

Action	Path

Registry Values (Added) - ICC Results

Action	Path	Val_Name	Val_Data

Registry Values (Deleted) - ICC Results

Action	Path	Val_Name	Val_Type	Mod_Val_Type	Val_Data	Mod_Val_Data

Registry Values (Changed) - ICC Results

Action	Path	Val_Name	Val_Data	Mod_Val_Data
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	0F 51 8B 3E 9B 41 D0 70 C9 E5 23 C2 11 F9 92 CC 21 D8 A7 BF 56 20 D4 91 98 41 1B	B0 9C 91 85 25 97 61 9D 9E 93 BA 42 F0 9B 4C 02 72 63 CB 79 7F 25 BA B9 16 43 0
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs	MRUListEx	03 00 00 00 02 00 00 00 00 00 00 00 08 00 00 00 07 00 00 00 06 00 00 00 05 00 00	0A 00 00 00 09 00 00 00 03 00 00 00 02 00 00 00 00 00 00 00 08 00 00 00 07 00 0
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/Folder	MRUListEx	01 00 00 00 03 00 00 00 02 00 00 00 00 00 00 00 FF FF FF FF	04 00 00 00 01 00 00 00 03 00 00 00 02 00 00 00 00 00 00 00 FF FF FF FF
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000003

DNS Results

DNS	DNS Response
adobe.com	Standard query response A 192.150.16.117
data-fold.org	Standard query response A 193.107.16.43

URL Results

DstIP	HTTP_HOST	HTTP_REQUEST_URI	HTTP_USER_AGENT	PROTOCOL
192.150.16.117	adobe.com	/geo/productid.php	Opera/10.80 Pesto/2.2.30	0x06
193.107.16.43	data-fold.org	/kadabra/xgate.php	Opera/10.60 Presto/2.2.30	0x06
239.255.255.250	239.255.255.250:1900	*	--blank--	0x11

ARGUS PROTOCOL Results

PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
6	10	8	953	1030
17	2	0	350	0

ARGUS DPORT Results

DPORT	PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
80	6	10	8	953	1030
1900	17	2	0	350	0

ARGUS DATA Results

Time	Date	Protocol	SrcIP	DstIP	Dir	Flags	Sport	Dport	Pkts	Bytes
10:17:26	2011-05-27	6	10.10.10.7	192.150.16.117	->	e	422	80	9	989
10:17:27	2011-05-27	6	10.10.10.7	193.107.16.43	->	e	311	80	9	994
10:23:00	2011-05-27	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350

Packer Results

Packer Name

HoneyTrap Results

Honey Trap Log File Location

PTFB Results

PTFB Log File Location