File MD5Sum | SHA1SUM | SHA256SUM | FUZZY HASH | File Size |
---|---|---|---|---|
e497a664d20455ed2261de1da60a2eb7 | eb3a4a8a0e8adf74d2763902a940437a33755ffb | 799841002332fe9766c11853886dbb86500fb8d01d384178f3967ddcccfc14e0 | 6144:+8U2qy6rRZb7jxGYKSTJDPM83llq9v+evY56asFmd+Upwt:gzy6rRxE8UOlwvVvY5homd+X | 278906 |
File Name |
---|
1289137%5Fx352fsd.640x480.exe |
Snort Class | Snort Alert | Count |
---|---|---|
A Network Trojan was Detected | SPYWARE-PUT Trojan.Win32.Karagany.A contact to server attempt | 1 |
Misc Attack | ET RBN Known Russian Business Network IP TCP (62) | 1 |
AV Alert | AV Vendor |
---|---|
Suspicious.Cloud.5 | Symantec |
Artemis!E497A664D204 | McAfee |
Trojan-Spy.Win32.SpyEyes.htg | Kaspersky |
Path | Folder Name |
---|
Action | Path | File Name |
---|
Action | Path |
---|
Action | Path | Val_Name | Val_Data |
---|
Action | Path | Val_Name | Val_Type | Mod_Val_Type | Val_Data | Mod_Val_Data |
---|
Action | Path | Val_Name | Val_Data | Mod_Val_Data |
---|---|---|---|---|
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | 0F 51 8B 3E 9B 41 D0 70 C9 E5 23 C2 11 F9 92 CC 21 D8 A7 BF 56 20 D4 91 98 41 1B | B0 9C 91 85 25 97 61 9D 9E 93 BA 42 F0 9B 4C 02 72 63 CB 79 7F 25 BA B9 16 43 0 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs | MRUListEx | 03 00 00 00 02 00 00 00 00 00 00 00 08 00 00 00 07 00 00 00 06 00 00 00 05 00 00 | 0A 00 00 00 09 00 00 00 03 00 00 00 02 00 00 00 00 00 00 00 08 00 00 00 07 00 0 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/Folder | MRUListEx | 01 00 00 00 03 00 00 00 02 00 00 00 00 00 00 00 FF FF FF FF | 04 00 00 00 01 00 00 00 03 00 00 00 02 00 00 00 00 00 00 00 FF FF FF FF |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000003 |
DNS | DNS Response |
---|---|
adobe.com | Standard query response A 192.150.16.117 |
data-fold.org | Standard query response A 193.107.16.43 |
DstIP | HTTP_HOST | HTTP_REQUEST_URI | HTTP_USER_AGENT | PROTOCOL |
---|---|---|---|---|
192.150.16.117 | adobe.com | /geo/productid.php | Opera/10.80 Pesto/2.2.30 | 0x06 |
193.107.16.43 | data-fold.org | /kadabra/xgate.php | Opera/10.60 Presto/2.2.30 | 0x06 |
239.255.255.250 | 239.255.255.250:1900 | * | --blank-- | 0x11 |
PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|
6 | 10 | 8 | 953 | 1030 |
17 | 2 | 0 | 350 | 0 |
DPORT | PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|---|
80 | 6 | 10 | 8 | 953 | 1030 |
1900 | 17 | 2 | 0 | 350 | 0 |
Time | Date | Protocol | SrcIP | DstIP | Dir | Flags | Sport | Dport | Pkts | Bytes |
---|---|---|---|---|---|---|---|---|---|---|
10:17:26 | 2011-05-27 | 6 | 10.10.10.7 | 192.150.16.117 | -> | e | 422 | 80 | 9 | 989 |
10:17:27 | 2011-05-27 | 6 | 10.10.10.7 | 193.107.16.43 | -> | e | 311 | 80 | 9 | 994 |
10:23:00 | 2011-05-27 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 2 | 350 |
Packer Name |
---|
Honey Trap Log File Location |
---|
PTFB Log File Location |
---|