Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =f542dff8f4c1b4f968f0f28d7019f34e

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    f542dff8f4c1b4f968f0f28d7019f34e50b89a16b7e7f7cb89217c80477d6c2f4c758eef184e2a129e069e866d129a2e88b5fb210f744de234bd60963722d76884771586768:UFLJ6YQbQh7lERyv3BUtpp/fPlV//l2l:0F6tAEC36R/lVF225088

    File Results

    File Name
    xm05.css.exe

    SNORT Results

    Snort ClassSnort AlertCount
    N/ANo snort alerts generated0

    AV Results

    AV AlertAV Vendor

    Folders (Added) - ICC Results

    PathFolder Name
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5ITB2CJ0C

    Files (Added) - ICC Results

    PathFile Name
    c:/Documents and Settings/dmc73144/Local Settings/Temp126718.dll
    c:/Documents and Settings/dmc73144/Local Settings/Tempope1.tmp
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0CCount[1].asp
    c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0Cdesktop.ini
    c:/WINDOWS/Prefetch132265.EXE-099212F1.pf
    c:/WINDOWS/PrefetchAUTOIT3.EXE-32361418.pf
    c:/WINDOWS/PrefetchDIEP.EXE-0B3E1DC8.pf
    c:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    c:/WINDOWS/PrefetchREGSHOT.EXE-010A5EE6.pf
    c:/WINDOWS/PrefetchRUNDLL32.EXE-15DF7A09.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/system32132265.exe
    c:/WINDOWS/system32scvhost.exe
    c:netstat_post.txt
    c:taskv_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchNTOSBOOT-B00DFAAD.pf
    modifiedc:/WINDOWS/PrefetchSCP.EXE-174845DC.pf
    modifiedc:/WINDOWS/PrefetchSENDIT.EXE-34C997E3.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/PrefetchWMIPRVSE.EXE-28F301A9.pf
    modifiedc:/WINDOWS/PrefetchWUAUCLT.EXE-399A8E72.pf
    modifiedc:/WINDOWSSchedLgU.Txt
    modifiedc:/WINDOWS/SoftwareDistribution/DataStore/Logsedb.chk
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/configsystem.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeedEF AD D9 BB B0 E8 E9 E9 39 10 A4 36 8F AA 5A 5A 5E 7A E9 E5 E3 56 D5 06 06 05 D2 04 EF CA CF F2 A5 32 1A 2D 13 EE A8 F3 19 E0 1D 10 C4 8F B4 0D F1 43 0E F6 C3 5
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001

    DNS Results

    DNSDNS Response
    ad.wdtx.netStandard query response A 121.14.152.137
    count.wemv.netStandard query response A 122.224.7.220

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    6444129692466
    17508750

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    726302819811684
    8861413988782
    190017508750

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    20:19:302011-06-10610.10.10.7121.14.152.137-> e 1067213874
    20:19:312011-06-10610.10.10.7121.14.152.137-> e 117213871
    20:19:322011-06-10610.10.10.7122.224.7.220-> e 1158813930
    20:19:352011-06-10610.10.10.7121.14.152.137-> e 1067210600
    20:19:362011-06-10610.10.10.7121.14.152.137-> e 117210600
    20:19:372011-06-10610.10.10.7122.224.7.220-> e 1158810600
    20:19:402011-06-10610.10.10.7121.14.152.137-> e 106726360
    20:19:412011-06-10610.10.10.7121.14.152.137-> e 11726360
    20:19:422011-06-10610.10.10.7122.224.7.220-> e 115884240
    20:24:402011-06-101710.10.10.7239.255.255.250-> e 400219002350
    20:24:462011-06-101710.10.10.7239.255.255.250-> e 400219001175
    20:24:492011-06-101710.10.10.7239.255.255.250-> e 41319002350

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location