Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =fd6c07a166e91a17432e00c844c21229

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    fd6c07a166e91a17432e00c844c2122967d3b84a906278557c2290b15902349993e9d5aa69c4913ff3cf3818cca02bad32516b231a0c0b86019285e28242fde27ed707843072:0cKHbAK0ShMF5/JT6JturegyGpHAdbNuASvQv/hQhUvL2duNB+Gw17MV:oe58JturegyPx2Qv6N225312

    File Results

    File Name
    janh.exe

    SNORT Results

    Snort ClassSnort AlertCount
    N/ANo snort alerts generated0

    AV Results

    AV AlertAV Vendor
    Backdoor.TrojanSymantec
    N/AMcAfee
    Trojan.Win32.Midgare.amrdKaspersky

    Folders (Added) - ICC Results

    PathFolder Name
    c:/Program Files/Common Files/Systemsystems

    Files (Added) - ICC Results

    PathFile Name
    c:/Program Files/Common Files/System/Systemspinks.dll
    c:/Program Files/Common Files/System/SystemsSysWindows.exe
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/PrefetchSYSWINDOWS.EXE-290D9BCC.pf
    c:netstat_post.txt
    c:taskv_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeedDF 3B 55 20 B0 97 56 46 B8 95 0A C2 B1 CD 63 CE B1 FE 0A 67 C4 2E 07 69 27 27 6F FD B4 62 FE C3 74 24 E5 94 E7 DF EB F4 5D E4 EA AB C6 E5 95 24 D8 01 A4 82 49 B
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001

    DNS Results

    DNSDNS Response
    cp.rigotax.infoStandard query response CNAME web-forward.dnsexit.com A 67.214.175.92

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    67.214.175.92cp.rigotax.info/0x06
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    62392231523657092
    17508750

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    8062392231523657092
    190017508750

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    17:02:092010-05-06610.10.10.767.214.175.92-> e 9680131930
    17:02:142010-05-06610.10.10.767.214.175.92-> e 9680112298
    17:02:192010-05-06610.10.10.767.214.175.92-> e 96805300
    17:02:232010-05-06610.10.10.767.214.175.92-> e 9480131930
    17:02:282010-05-06610.10.10.767.214.175.92-> e 9480112298
    17:02:342010-05-06610.10.10.767.214.175.92-> e 94805300
    17:02:382010-05-06610.10.10.767.214.175.92-> e 5380131930
    17:02:432010-05-06610.10.10.767.214.175.92-> e 5380101965
    17:02:482010-05-06610.10.10.767.214.175.92-> e 53806633
    17:02:532010-05-06610.10.10.767.214.175.92-> e 5480131930
    17:02:582010-05-06610.10.10.767.214.175.92-> e 5480112298
    17:03:042010-05-06610.10.10.767.214.175.92-> e 54805300
    17:03:082010-05-06610.10.10.767.214.175.92-> e 8080142263
    17:03:142010-05-06610.10.10.767.214.175.92-> e 8080112025
    17:03:192010-05-06610.10.10.767.214.175.92-> e 80804240
    17:03:232010-05-06610.10.10.767.214.175.92-> e 8180131930
    17:03:282010-05-06610.10.10.767.214.175.92-> e 8180112298
    17:03:342010-05-06610.10.10.767.214.175.92-> e 81805300
    17:03:382010-05-06610.10.10.767.214.175.92-> e 21180131930
    17:03:432010-05-06610.10.10.767.214.175.92-> e 21180101965
    17:03:482010-05-06610.10.10.767.214.175.92-> e 211806633
    17:03:532010-05-06610.10.10.767.214.175.92-> e 1680131930
    17:03:582010-05-06610.10.10.767.214.175.92-> e 1680101965
    17:04:032010-05-06610.10.10.767.214.175.92-> e 16804513
    17:04:082010-05-06610.10.10.767.214.175.92-> e 49780142263
    17:04:082010-05-06610.10.10.767.214.175.92-> e 16802120
    17:04:142010-05-06610.10.10.767.214.175.92-> e 49780112025
    17:04:192010-05-06610.10.10.767.214.175.92-> e 497804240
    17:04:242010-05-06610.10.10.767.214.175.92-> e 45180131930
    17:04:292010-05-06610.10.10.767.214.175.92-> e 45180112298
    17:04:352010-05-06610.10.10.767.214.175.92-> e 451805300
    17:04:392010-05-06610.10.10.767.214.175.92-> e 41280131930
    17:04:442010-05-06610.10.10.767.214.175.92-> e 41280112298
    17:04:492010-05-06610.10.10.767.214.175.92-> e 412805300
    17:04:542010-05-06610.10.10.767.214.175.92-> e 60880131930
    17:04:592010-05-06610.10.10.767.214.175.92-> e 60880101965
    17:05:042010-05-06610.10.10.767.214.175.92-> e 608806633
    17:05:092010-05-06610.10.10.767.214.175.92-> e 2280131930
    17:05:142010-05-06610.10.10.767.214.175.92-> e 2280101965
    17:05:192010-05-06610.10.10.767.214.175.92-> e 22806633
    17:05:242010-05-06610.10.10.767.214.175.92-> e 11080131930
    17:05:292010-05-06610.10.10.767.214.175.92-> e 11080101965
    17:05:342010-05-06610.10.10.767.214.175.92-> e 110806633
    17:05:392010-05-06610.10.10.767.214.175.92-> e 16580142263
    17:05:442010-05-06610.10.10.767.214.175.92-> e 16580101965
    17:05:492010-05-06610.10.10.767.214.175.92-> e 165805300
    17:05:542010-05-06610.10.10.767.214.175.92-> e 11280131930
    17:05:592010-05-06610.10.10.767.214.175.92-> e 11280112298
    17:06:042010-05-06610.10.10.767.214.175.92-> e 112803180
    17:07:322010-05-061710.10.10.7239.255.255.250-> e 400219002350
    17:07:382010-05-061710.10.10.7239.255.255.250-> e 400219001175
    17:07:412010-05-061710.10.10.7239.255.255.250-> e 41319002350

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location