**** Malware_Report_-_Results ****
This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
MD5 =fd6c07a166e91a17432e00c844c21229

**** Malware_Report_-_Results ****
 _____________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|File_MD5Sum_____________________|SHA1SUM_________________________________|SHA256SUM_______________________________________________________|FUZZY_HASH______________________________________________________________________|File_Size|
|fd6c07a166e91a17432e00c844c21229|67d3b84a906278557c2290b15902349993e9d5aa|69c4913ff3cf3818cca02bad32516b231a0c0b86019285e28242fde27ed70784|3072:0cKHbAK0ShMF5/JT6JturegyGpHAdbNuASvQv/hQhUvL2duNB+Gw17MV:oe58JturegyPx2Qv6N|225312___|
**** File_Results ****
 _________
|File_Name|
|janh.exe_|
**** SNORT_Results ****
 ___________________________________________
|Snort_Class|Snort_Alert______________|Count|
|N/A________|No_snort_alerts_generated|0____|
**** AV_Results ****
 ___________________________________
|AV_Alert_________________|AV_Vendor|
|Backdoor.Trojan__________|Symantec_|
|N/A______________________|McAfee___|
|Trojan.Win32.Midgare.amrd|Kaspersky|
**** Folders_(Added)_-_ICC_Results ****
 ________________________________________________
|Path________________________________|Folder_Name|
|c:/Program_Files/Common_Files/System|systems____|
**** Files_(Added)_-_ICC_Results ****
 _______________________________________________________________________
|Path________________________________________|File_Name_________________|
|c:/Program_Files/Common_Files/System/Systems|pinks.dll_________________|
|c:/Program_Files/Common_Files/System/Systems|SysWindows.exe____________|
|c:/WINDOWS/Prefetch_________________________|SANDNET.EXE-2012C478.pf___|
|c:/WINDOWS/Prefetch_________________________|SYSWINDOWS.EXE-290D9BCC.pf|
|c:__________________________________________|netstat_post.txt__________|
|c:__________________________________________|taskv_post.txt____________|
**** Files_(Deleted)_-_ICC_Results ****
 _____________________
|Action|Path|File_Name|
**** Files_(Changed)_-_ICC_Results ****
 _______________________________________________________________________
|Action__|Path__________________________________|File_Name______________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf____|
|modified|c:/WINDOWS/Prefetch___________________|HSTART.EXE-221D72BF.pf_|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf__|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf_|
|modified|c:/WINDOWS/system32/config____________|software.LOG___________|
|modified|c:/WINDOWS/system32/drivers/etc_______|hosts__________________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP___________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP____________|
**** Registry_Keys_(Added)_-_ICC_Results ****
 ___________
|Action|Path|
**** Registry_Values_(Added)_-_ICC_Results ****
 _____________________________
|Action|Path|Val_Name|Val_Data|
**** Registry_Values_(Deleted)_-_ICC_Results ****
 ________________________________________________________________
|Action|Path|Val_Name|Val_Type|Mod_Val_Type|Val_Data|Mod_Val_Data|
**** Registry_Values_(Changed)_-_ICC_Results ****
 __________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action__|Path_______________________________________________________________|Val_Name____|Val_Data________________________________________________________________________|Mod_Val_Data___________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|DF_3B_55_20_B0_97_56_46_B8_95_0A_C2_B1_CD_63_CE_B1_FE_0A_67_C4_2E_07_69_27_27_6F|FD_B4_62_FE_C3_74_24_E5_94_E7_DF_EB_F4_5D_E4_EA_AB_C6_E5_95_24_D8_01_A4_82_49_B|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
**** DNS_Results ****
 _____________________________________________________________________________________
|DNS____________|DNS_Response_________________________________________________________|
|cp.rigotax.info|Standard_query_response_CNAME_web-forward.dnsexit.com_A_67.214.175.92|
**** URL_Results ****
 ______________________________________________________________________________
|DstIP__________|HTTP_HOST___________|HTTP_REQUEST_URI|HTTP_USER_AGENT|PROTOCOL|
|67.214.175.92__|cp.rigotax.info_____|/_______________|_______________|0x06____|
|239.255.255.250|239.255.255.250:1900|*_______________|--blank--______|0x11____|
**** ARGUS_PROTOCOL_Results ****
 ______________________________________________
|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|6_______|239_____|223_____|15236____|57092____|
|17______|5_______|0_______|875______|0________|
**** ARGUS_DPORT_Results ****
 ____________________________________________________
|DPORT|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|80___|6_______|239_____|223_____|15236____|57092____|
|1900_|17______|5_______|0_______|875______|0________|
**** ARGUS_DATA_Results ****
 ________________________________________________________________________________________
|Time____|Date______|Protocol|SrcIP_____|DstIP__________|Dir|Flags|Sport|Dport|Pkts|Bytes|
|17:02:09|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|96___|80___|13__|1930_|
|17:02:14|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|96___|80___|11__|2298_|
|17:02:19|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|96___|80___|5___|300__|
|17:02:23|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|94___|80___|13__|1930_|
|17:02:28|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|94___|80___|11__|2298_|
|17:02:34|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|94___|80___|5___|300__|
|17:02:38|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|53___|80___|13__|1930_|
|17:02:43|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|53___|80___|10__|1965_|
|17:02:48|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|53___|80___|6___|633__|
|17:02:53|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|54___|80___|13__|1930_|
|17:02:58|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|54___|80___|11__|2298_|
|17:03:04|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|54___|80___|5___|300__|
|17:03:08|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|80___|80___|14__|2263_|
|17:03:14|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|80___|80___|11__|2025_|
|17:03:19|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|80___|80___|4___|240__|
|17:03:23|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|81___|80___|13__|1930_|
|17:03:28|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|81___|80___|11__|2298_|
|17:03:34|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|81___|80___|5___|300__|
|17:03:38|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|211__|80___|13__|1930_|
|17:03:43|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|211__|80___|10__|1965_|
|17:03:48|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|211__|80___|6___|633__|
|17:03:53|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|16___|80___|13__|1930_|
|17:03:58|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|16___|80___|10__|1965_|
|17:04:03|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|16___|80___|4___|513__|
|17:04:08|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|497__|80___|14__|2263_|
|17:04:08|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|16___|80___|2___|120__|
|17:04:14|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|497__|80___|11__|2025_|
|17:04:19|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|497__|80___|4___|240__|
|17:04:24|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|451__|80___|13__|1930_|
|17:04:29|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|451__|80___|11__|2298_|
|17:04:35|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|451__|80___|5___|300__|
|17:04:39|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|412__|80___|13__|1930_|
|17:04:44|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|412__|80___|11__|2298_|
|17:04:49|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|412__|80___|5___|300__|
|17:04:54|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|608__|80___|13__|1930_|
|17:04:59|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|608__|80___|10__|1965_|
|17:05:04|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|608__|80___|6___|633__|
|17:05:09|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|22___|80___|13__|1930_|
|17:05:14|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|22___|80___|10__|1965_|
|17:05:19|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|22___|80___|6___|633__|
|17:05:24|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|110__|80___|13__|1930_|
|17:05:29|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|110__|80___|10__|1965_|
|17:05:34|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|110__|80___|6___|633__|
|17:05:39|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|165__|80___|14__|2263_|
|17:05:44|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|165__|80___|10__|1965_|
|17:05:49|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|165__|80___|5___|300__|
|17:05:54|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|112__|80___|13__|1930_|
|17:05:59|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|112__|80___|11__|2298_|
|17:06:04|2010-05-06|6_______|10.10.10.7|67.214.175.92__|->_|e____|112__|80___|3___|180__|
|17:07:32|2010-05-06|17______|10.10.10.7|239.255.255.250|->_|e____|4002_|1900_|2___|350__|
|17:07:38|2010-05-06|17______|10.10.10.7|239.255.255.250|->_|e____|4002_|1900_|1___|175__|
|17:07:41|2010-05-06|17______|10.10.10.7|239.255.255.250|->_|e____|413__|1900_|2___|350__|
**** Packer_Results ****
 ___________
|Packer_Name|
**** HoneyTrap_Results ****
 ____________________________
|Honey_Trap_Log_File_Location|
**** PTFB_Results ****
 ______________________
|PTFB_Log_File_Location|