Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =e5623a497167d8a6c98e2e6b0293577d

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    e5623a497167d8a6c98e2e6b0293577d826cd25fd2b22e03224ab93e4de7b586e13e512e1c345270e78e267a734772afb901ea9f3290e755149dc95c3c1f1eabc644fa2e6144:EcWMJJhqryYP/daqlzV4GA3Fkk7rzPDCykQSt4lHl+BKg5MOyf:EczJJhqrVPldVzA3FB7fPDCy278866

    File Results

    File Name
    generalabbrialgroupltd.exe

    SNORT Results

    Snort ClassSnort AlertCount
    N/ANo snort alerts generated0

    AV Results

    AV AlertAV Vendor
    N/ASymantec
    N/AMcAfee
    N/AKaspersky
    Trojan.ChosSymantec
    Artemis!E5623A497167McAfee
    Trojan.Win32.FakeTest.cKaspersky
    Trojan.DropperSymantec
    GenericMcAfee
    Rootkit.Win32.Tent.cosKaspersky
    Backdoor.TrojanSymantec
    Backdoor.Win32.VB.nimKaspersky
    WS.Reputation.1Symantec

    Folders (Added) - ICC Results

    PathFolder Name
    c:/Documents and Settings/dmc73144test
    c:/Documents and Settings/dmc73144test

    Files (Added) - ICC Results

    PathFile Name
    c:/Documents and Settings/dmc73144/Desktoptest2.exe.lnk
    c:/Documents and Settings/dmc73144/testtest.ini
    c:/Documents and Settings/dmc73144/testtest2.exe
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/PrefetchTEST2.EXE-30015B16.pf
    c:netstat_post.txt
    c:taskv_post.txt
    c:/Documents and Settings/dmc73144/Desktoptest2.exe.lnk
    c:/Documents and Settings/dmc73144/testtest.ini
    c:/Documents and Settings/dmc73144/testtest2.exe
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/PrefetchTEST2.EXE-30015B16.pf
    c:netstat_post.txt
    c:tasksvc_post.txt
    c:taskv_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING1.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed65 91 16 73 28 F4 EC DD 5B 9D 46 08 B6 D8 40 3A 04 FC 6F E1 96 1C 8C A4 6D E5 F3 B9 48 EA 16 8D F2 EA 16 92 9E 2A 24 E2 3C E6 68 FA 80 69 94 E0 20 1C 2A C1 A9 9
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000003
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed77 7B CA 17 FC 16 8F 21 38 4E 36 D3 64 D0 99 F8 C9 97 46 DE B9 0C 49 83 28 10 07 88 93 A4 A7 AA 92 EE 71 F6 1A EE 66 B5 8E BA EB 2F ED B2 AB 42 06 30 D1 36 AA 6

    DNS Results

    DNSDNS Response

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    17203500

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    190017203500

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    20:09:152011-02-261710.10.10.7239.255.255.250-> e 819002350
    13:27:582011-03-081710.10.10.7239.255.255.250-> e 819002350

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location