Paczki, malware, złośliwe pliki, linki itp.

[sibur]

Adware.Downware.980/Win32/InstalleRex.I.Gen ( by Conor29134)

Avira Antivirus Premium 2013wykrywa --> ADWARE/Adware.Gen


Fake flash player ( by Conor29134)

Avira Antivirus Premium 2013wykrywa --> TR/FakePlayerA.A

[celeronik]

Adware.Downware.980/Win32/InstalleRex.I.Gen

UnThreat AntiVirus Internet Security 2013
1/1


Fake flash player

UnThreat AntiVirus Internet Security 2013
0/1

[Bergo]

Bullguard
LockScreen.ABV : Trojan Generic KD 942041 block and quarantine
Adware.Downware.980/Win32/InstalleRex.I.Gen : not detected
Fake flash player : not detected

[Anonymous Network]

Anonymouse network
after update to 05v mbam detected

Adware.Downware.980/Win32/InstalleRex.I.Gen

Treść widoczna jedynie dla zarejestrowanych użytkowników

na virustotal 4/46 może to FP
MBAM:not detected

I see no danger ..
Not malware..

[Adi Cherryson]

[Aby zobaczyć linki, zarejestruj się tutaj]

LockScreen.ABV by Anonymous Network
0/1

Trojan.FakeMS by Conor29134
1/1

Adware.Downware.980/Win32/InstalleRex.I.Gen by Conor29134
0/1

Fake flash player by Conor29134
0/1

[PascalHP]

Fake flash player by Conor29134
G Data IS 2014

[Aby zobaczyć linki, zarejestruj się tutaj]

[tachion]

Adware.Downware.980/Win32/InstalleRex.I.Gen

Co się tego tyczy czytajcie i wnioskujcie co ładuje i ściąga,każdy plik posiada md5

Kod:

[ General information ]
* File name: C:\Users\tachion\Desktop\malware\DriverIdentifier\DriverIdentifier.exe
* File length: 288888 bytes
* File signature (PEiD): Nothing found [Overlay] *
* File signature (Exeinfo): Microsoft Visual C++ ver. ~6.0~7.10
* File type: EXE
* TLS hooks: NO
* File entropy: 7.95535 (99.4419%)
* ssdeep signature: 6144:RrkY6Y0JQBkQRl7174NpNUM+UHs+CRndGvHpIUV1uwi0fa3TXY2qO:RrkY63yRl1uqM+gs+K8HpIUPpi0f2RqO
* Adobe Malware Classifier: Clean
* Digital signature: Signed
* MD5 hash: 1080a3bf88bc3ec8ba487e461d8308be
* VirusTotal detections from 2013-04-13 21:47:06 UTC:
: ssdeep</h5>

[ Changes to filesystem ]
* Creates file C:\ProgramData\InstallMate\{7A15F420-D51D-4F82-AD69-9D3FA1F6D6D6}\20130414001143.log
File length: 541475 bytes
File type: Unknown
MD5 hash: 643635b512f002b27555816fdfcf2c12
* Creates file C:\ProgramData\InstallMate\{7A15F420-D51D-4F82-AD69-9D3FA1F6D6D6}\Custom.dll
File length: 61440 bytes
File signature (PEiD): Nothing found *
File type: DLL
TLS hooks: NO
File entropy: 6.40373 (80.0467%)
ssdeep signature: 1536:sxEUyLSpLbKyoPX+GOBim596ePMaIPhMi1:sxEUjpHKyogh96ePMaI2i
Adobe Malware Classifier: Unknown
Digital signature: Unsigned
MD5 hash: ab64761dbbf2a668bd1e392f7fc40cf8
* Creates file C:\ProgramData\InstallMate\{7A15F420-D51D-4F82-AD69-9D3FA1F6D6D6}\Readme.txt
File length: 2090 bytes
File type: Unknown
MD5 hash: 0d005df1bde4593700a190d1058cf054
* Creates file C:\ProgramData\InstallMate\{7A15F420-D51D-4F82-AD69-9D3FA1F6D6D6}\Setup.dat
File length: 418120 bytes
File type: Unknown
MD5 hash: fd26bdc0f55268c7603646281578d1ff
* Creates file C:\ProgramData\InstallMate\{7A15F420-D51D-4F82-AD69-9D3FA1F6D6D6}\Setup.exe
File length: 15968 bytes
File signature (PEiD): Nothing found [Overlay] *
File type: EXE
TLS hooks: NO
File entropy: 5.96409 (74.5511%)
ssdeep signature: 192:0CQL0yPnjIn3YKDPp3MJg+h49Ul9LinZn48VAou7+wse+PjP9M3YDIQ9N:0IyPnjIIKDPp3Igj89GnBuSPLe+IQD
Adobe Malware Classifier: Clean
Digital signature: Signed
MD5 hash: e717f6ce3a7429bfa6d7f3cf66737a4b
* Creates file C:\ProgramData\InstallMate\{7A15F420-D51D-4F82-AD69-9D3FA1F6D6D6}\Setup.ico
File length: 4846 bytes
File type: Unknown
MD5 hash: c3926cef276c0940dadbc8142153cec9
* Creates file C:\ProgramData\InstallMate\{7A15F420-D51D-4F82-AD69-9D3FA1F6D6D6}\TsuDll.dll
File length: 275552 bytes
File signature (PEiD): Nothing found [Overlay] *
File type: DLL
TLS hooks: NO
File entropy: 6.42876 (80.3595%)
ssdeep signature: 6144:N/rdStrfAftBVju6v+UvrBhMo27dOQnyddk:J3y6vHvrBhLYjnydC
Adobe Malware Classifier: Clean
Digital signature: Signed
MD5 hash: af7ce801c8471c5cd19b366333c153c4
* Creates file C:\ProgramData\InstallMate\{7A15F420-D51D-4F82-AD69-9D3FA1F6D6D6}\_Setup.dll
File length: 148992 bytes
File signature (PEiD): PE Win32 DLL (0 EntryPoint)
File type: DLL
TLS hooks: NO
File entropy: 3.64489 (45.5612%)
ssdeep signature: 3072:dpRAUmHNA8YBX0NkAlRHAAMHnS9qkJUsCmOW/fpICcsRuUwZxcUdONKDNPZv8FKv:3y
Adobe Malware Classifier: Clean
Digital signature: Unsigned
MD5 hash: dcb9a8355be913b52d77c9040141cd3c
* Creates file C:\Users\tachion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDL1QJKC\5[1].txt
File length: 4040 bytes
File type: Unknown
MD5 hash: efeac483095bdac914820b2088fc12ce
* Creates file C:\Users\tachion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDL1QJKC\8[1].txt
File length: 3558 bytes
File type: Unknown
MD5 hash: b57a7cf369a9b790c5fa83a1dd5e2086
* Creates file C:\Users\tachion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDL1QJKC\driveridentifier_logo[1].jpg
File length: 9405 bytes
File type: Unknown
MD5 hash: c1e877e25c36d64e6fae2f118b5b1bca
* Creates file C:\Users\tachion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDL1QJKC\search_defender_166[1].exe
File length: 1531108 bytes
File signature (PEiD): Nullsoft PiMP Stub -> SFX [Nullsoft PiMP SFX] *
File signature (Exeinfo): Generic check : Nullsoft Install System v2.xx/ v.2.46 - http://nsis.sourceforge.net/Main_Page*ACM - Mode : Zlib Solid or unknown *Deflate
File type: EXE
TLS hooks: NO
File entropy: 7.99171 (99.8964%)
ssdeep signature: 24576:suLWEWA4WjtiDGwIklC/2dt1Qwc8XXv5dZj4NLAy7a26VOKJn5sFWEWA4WjtiDGp:yE3dpiDxIPctLcqfZsNLf7S5sUE3dpiw
Adobe Malware Classifier: Unknown
Digital signature: Unsigned
MD5 hash: 38f61d046e575971ed83c4f71accd132
* Creates file C:\Users\tachion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GHDUAQLQ\3[1].txt
File length: 6560 bytes
File type: Unknown
MD5 hash: 83e797c5edec8a7a0f940385afd6dacc
* Creates file C:\Users\tachion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GHDUAQLQ\5169d83b2c08c[1].exe
File length: 261519 bytes
File signature (PEiD): Microsoft Visual C++ 6.0 [Overlay]
File signature (Exeinfo): Microsoft Visual C++ ver 6..8 [ 7-zip SFX stub ],
File type: EXE
TLS hooks: NO
File entropy: 7.27919 (90.9899%)
ssdeep signature: 6144:h1OgDPdkBAFZWjadD4s5HSKMtITubMkJuV/OOhWR:h1OgLdaOTmyuokJu9K
Adobe Malware Classifier: Malicious
Digital signature: Unsigned
MD5 hash: a9e8a6483d9a6ac1b5eb5ccd534e5cb2
* Creates file C:\Users\tachion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GHDUAQLQ\7[1].txt
File length: 9054 bytes
File type: Unknown
MD5 hash: e4d1bb916d146e087e2a87cb6562ba95
* Creates file C:\Users\tachion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GHDUAQLQ\9[1].txt
File length: 3398 bytes
File type: Unknown
MD5 hash: 97aaee189e17aeb8654c52045374392a
* Modifies file (hidden) C:\Users\tachion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
File length: 720896 bytes
File type: Unknown
MD5 hash: cf47e1823dcf0313db57467dbdf584a0
* Creates file C:\Users\tachion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OCH4Y18N\6[1].txt
File length: 6528 bytes
File type: Unknown
MD5 hash: 3c8c79d414fdaeba5d1af2fc828f81ca
* Creates file C:\Users\tachion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OCH4Y18N\6_2[1].txt
File length: 4134 bytes
File type: Unknown
MD5 hash: 520c72ea2205be90b639498194b911a1
* Creates file C:\Users\tachion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OCH4Y18N\driveridentifier_installerex[1].exe
File length: 946424 bytes
File signature (PEiD): Borland Delphi 2.0 [Overlay]
File signature (Exeinfo): Inno Setup Module [SFX] - ver. (5.4.2) Borland Delphi - ( from Ovl: zlb) - www.innosetup.com,
File type: EXE
TLS hooks: NO
File entropy: 7.96678 (99.5847%)
ssdeep signature: 12288:+na9Fzh9d5d2QSEOlNxZQ3KcX7upgAQfpiOrVUgWSiymC24mVegc54VomXihiQYR:+na7zhTX2hO35AQIyTWkF9mXQiTp1
Adobe Malware Classifier: Unknown
Digital signature: Unsigned
MD5 hash: 9d291421e2e49e7a676cdaad3e40b848
* Creates file C:\Users\tachion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OCH4Y18N\v_grey[1].jpg
File length: 355 bytes
File type: JPG
MD5 hash: 6f3d64db5aa6e6c9b73e30412321818d
* Creates file C:\Users\tachion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YXX3RK7N\1[1].txt
File length: 5046 bytes
File type: Unknown
MD5 hash: f0fe7adfc27f73c0df32a52934b02188
* Creates file C:\Users\tachion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YXX3RK7N\4[1].txt
File length: 9094 bytes
File type: Unknown
MD5 hash: 298caebf05f873677194aa7e0e5daf09
* Creates file C:\Users\tachion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YXX3RK7N\6_1[1].txt
File length: 7918 bytes
File type: Unknown
MD5 hash: aa2df055bf71673061956e5615ea3330
* Creates file C:\Users\tachion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YXX3RK7N\search_defender_alternate_166[1].exe
File length: 1538892 bytes
File signature (PEiD): Nullsoft PiMP Stub -> SFX [Nullsoft PiMP SFX] *
File signature (Exeinfo): Generic check : Nullsoft Install System v2.xx/ v.2.46 - http://nsis.sourceforge.net/Main_Page*ACM - Mode : Zlib Solid or unknown *Deflate
File type: EXE
TLS hooks: NO
File entropy: 7.99212 (99.9015%)
ssdeep signature: 24576:suy4hjC9CClCMRoUKteLlVVFgBofNZ/7KJr/S0qVS6eLk54hO29KCk78RAUKSeCg:S4hjgCs2VCfaon7+avF54hOMKqSazZmR
Adobe Malware Classifier: Unknown
Digital signature: Unsigned
MD5 hash: 102a308197d8ff05ce2b775cf4bff0c7
* Creates file C:\Users\tachion\AppData\Local\Temp\DriverIdentifier.exe
File length: 946424 bytes
File signature (PEiD): Borland Delphi 2.0 [Overlay]
File signature (Exeinfo): Inno Setup Module [SFX] - ver. (5.4.2) Borland Delphi - ( from Ovl: zlb) - www.innosetup.com,
File type: EXE
TLS hooks: NO
File entropy: 7.96678 (99.5847%)
ssdeep signature: 12288:+na9Fzh9d5d2QSEOlNxZQ3KcX7upgAQfpiOrVUgWSiymC24mVegc54VomXihiQYR:+na7zhTX2hO35AQIyTWkF9mXQiTp1
Adobe Malware Classifier: Unknown
Digital signature: Unsigned
MD5 hash: 9d291421e2e49e7a676cdaad3e40b848
* Modifies file (hidden) C:\Users\tachion\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
File length: 49152 bytes
File type: Unknown
MD5 hash: 80130d389c9dea759d3fe2b7c57967df
* Creates file C:\Users\tachion\AppData\Roaming\Microsoft\Windows\Cookies\LF2G9Z1L.txt
File length: 226 bytes
File type: Unknown
MD5 hash: bde3523d82964e434868283f9c0896ed

[ Changes to registry ]
* Creates value "FileTracingMask=FFFF0000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\DriverIdentifier_RASAPI32
* Creates value "ConsoleTracingMask=FFFF0000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\DriverIdentifier_RASAPI32
* Creates value "MaxFileSize=00100000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\DriverIdentifier_RASAPI32
* Creates value "FileDirectory=%windir%\tracing" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\DriverIdentifier_RASAPI32
binary data=2500770069006E0064006900720025005C00740072006100630069006E0067000000
* Creates value "FileTracingMask=FFFF0000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\DriverIdentifier_RASMANCS
* Creates value "ConsoleTracingMask=FFFF0000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\DriverIdentifier_RASMANCS
* Creates value "MaxFileSize=00100000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\DriverIdentifier_RASMANCS
* Creates value "FileDirectory=%windir%\tracing" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\DriverIdentifier_RASMANCS
binary data=2500770069006E0064006900720025005C00740072006100630069006E0067000000
* Creates value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "UninstallString=C:\PROGRA~2\INSTAL~1\{7A15F~1\Setup.exe /remove /q0" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\{E110084E-9EF0-E5E1-3478-9C66F77324A6}
binary data=43003A005C00500052004F004700520041007E0032005C0049004E005300540041004C007E0031005C007B00370041003100350046007E0031005C00530065007400750070002E0065007800650020002F00720065006D006F007600650020002F00710030000000
* Creates value "QuietUninstallString=C:\PROGRA~2\INSTAL~1\{7A15F~1\Setup.exe /remove /q" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\{E110084E-9EF0-E5E1-3478-9C66F77324A6}
binary data=43003A005C00500052004F004700520041007E0032005C0049004E005300540041004C007E0031005C007B00370041003100350046007E0031005C00530065007400750070002E0065007800650020002F00720065006D006F007600650020002F0071000000
* Creates value "Version=01000000" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\{E110084E-9EF0-E5E1-3478-9C66F77324A6}
* Creates value "VersionMajor=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\{E110084E-9EF0-E5E1-3478-9C66F77324A6}
* Creates value "Language=00000409" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\{E110084E-9EF0-E5E1-3478-9C66F77324A6}
* Creates value "TSAware=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\{E110084E-9EF0-E5E1-3478-9C66F77324A6}
* Creates value "TizPath=C:\Users\tachion\Desktop\malware\DriverIdentifier\DriverIdentifier.exe" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\{E110084E-9EF0-E5E1-3478-9C66F77324A6}
binary data=43003A005C00550073006500720073005C00740061006300680069006F006E005C004400650073006B0074006F0070005C006D0061006C0077006100720065005C004400720069007600650072004900640065006E007400690066006900650072005C004400720069007600650072004900640065006E007400690066006900650072002E006500780065000000
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\{E110084E-9EF0-E5E1-3478-9C66F77324A6}\States
* Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{bd08e057-6b93-11e2-85e5-806e6f6e6963}
old value empty
* Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{bd08e058-6b93-11e2-85e5-806e6f6e6963}
old value empty
* Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{bd08e059-6b93-11e2-85e5-806e6f6e6963}
old value empty
* Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{bd08e05a-6b93-11e2-85e5-806e6f6e6963}
old value empty
* Creates value "ReceiveTimeout=000927C0" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings
* Modifies value "SavedLegacySettings=460000002F01000009000000000000000000000000000000050000000000000003D274F8E736CE010000000000000000000000000100000002000000C0A80105000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
old value "SavedLegacySettings=460000002E01000009000000000000000000000000000000050000000000000003D274F8E736CE010000000000000000000000000100000002000000C0A80105000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
* Creates value "DriverIdentifier.exe=Installer for SoftSafe" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\tachion\Desktop\malware\DriverIdentifier
binary data=49006E007300740061006C006C0065007200200066006F007200200053006F006600740053006100660065000000
* Creates value "DriverIdentifier.exe=DriverIdentifier Setup" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\tachion\DefaultBox\user\current\AppData\Local\Temp
binary data=4400720069007600650072004900640065006E00740069006600690065007200200053006500740075007000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020000000
* Creates value "DriverIdentifier.tmp=Setup/Uninstall" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\tachion\DefaultBox\user\current\AppData\Local\Temp\is-94C1U.tmp
binary data=530065007400750070002F0055006E0069006E007300740061006C006C000000
* Creates value "cmd.exe=Procesor poleceD systemu Windows" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Windows\System32
binary data=500072006F006300650073006F007200200070006F006C0065006300650044012000730079007300740065006D0075002000570069006E0064006F00770073000000

[ Network services ]
* Looks for an Internet connection.
* Queries DNS "c1.installbox1.info".
* Queries DNS "r1.reportbox1.info".
* Queries DNS "i1.installbox1.info".
* Queries DNS "thequickdownloads.info".
* Queries DNS "www.driveridentifier.com".
* Queries DNS "api.copy.com".
* C:\Users\tachion\Desktop\malware\DriverIdentifier\DriverIdentifier.exe Connects to "198.7.61.120" on port 80 (TCP - HTTP).
* C:\Users\tachion\Desktop\malware\DriverIdentifier\DriverIdentifier.exe Connects to "198.7.61.119" on port 80 (TCP - HTTP).
* C:\Users\tachion\Desktop\malware\DriverIdentifier\DriverIdentifier.exe Connects to "46.19.138.158" on port 80 (TCP - HTTP).
* C:\Users\tachion\Desktop\malware\DriverIdentifier\DriverIdentifier.exe Connects to "5.9.8.206" on port 80 (TCP - HTTP).
* Downloads file from "r1.reportbox1.info /?report_version=5&".
* Downloads file from "c1.installbox1.info/?step_id=1&installer_id=1028046232&publisher_id=918&source_id=0&page_id=0&country_code=PL&locale=EN&browser_id=4&download_id=2802542955&external_id=0&session_id=3238107268&hardware_id=20551434&uuid=%2A".
* Downloads file from "i1.installbox1.info/images/driveridentifier_logo.jpg".
* Downloads file from "i1.installbox1.info/images/v_grey.jpg".
* Downloads file from "c1.installbox1.info/?step_id=3&installer_id=1028046232&publisher_id=918&source_id=0&page_id=0&country_code=PL&locale=EN&browser_id=4&download_id=2802542955&external_id=0&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&uuid=%2A".
* Downloads file from "c1.installbox1.info/?step_id=4&installer_id=1028046232&publisher_id=918&source_id=0&page_id=0&country_code=PL&locale=EN&browser_id=4&download_id=2802542955&external_id=0&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&uuid=%2A".
* Downloads file from "c1.installbox1.info/?step_id=5&installer_id=1028046232&publisher_id=918&source_id=0&page_id=0&country_code=PL&locale=EN&browser_id=4&download_id=2802542955&external_id=0&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&uuid=%2A".
* Downloads file from "c1.installbox1.info/?step_id=6&installer_id=1028046232&publisher_id=918&source_id=0&page_id=0&country_code=PL&locale=EN&browser_id=4&download_id=2802542955&external_id=0&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&uuid=%2A".
* Downloads file from "thequickdownloads.info/?e=btos&publisher=918&country=PL&ind=1028046232&exid=0&ssd=3238107268&hid=20551434&osid=601&channel=0&category_name=BrowseToSave&install_date=20120414".
* Downloads file from "c1.installbox1.info/?step_id=6_1&installer_id=1028046232&publisher_id=918&source_id=0&page_id=0&country_code=PL&locale=EN&browser_id=4&download_id=2802542955&external_id=0&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&uuid=%2A".
* Downloads file from "i1.installbox1.info/addons/dfndr/search_defender_166.exe".
* Downloads file from "c1.installbox1.info/?step_id=6_2&installer_id=1028046232&publisher_id=918&source_id=0&page_id=0&country_code=PL&locale=EN&browser_id=4&download_id=2802542955&external_id=0&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&uuid=%2A".
* Downloads file from "c1.installbox1.info/?step_id=7&installer_id=1028046232&publisher_id=918&source_id=0&page_id=0&country_code=PL&locale=EN&browser_id=4&download_id=2802542955&external_id=0&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&uuid=%2A".
* Downloads file from "i1.installbox1.info/addons/dfndr/search_defender_alternate_166.exe".
* Downloads file from "c1.installbox1.info/?step_id=8&installer_id=1028046232&publisher_id=918&source_id=0&page_id=0&country_code=PL&locale=EN&browser_id=4&download_id=2802542955&external_id=0&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&uuid=%2A".
* Downloads file from "www.driveridentifier.com/files/driveridentifier_installerex.exe".
* Downloads file from "c1.installbox1.info/?step_id=9&installer_id=1028046232&publisher_id=918&source_id=0&page_id=0&country_code=PL&locale=EN&browser_id=4&download_id=2802542955&external_id=0&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&session_id=3238107268&hardware_id=20551434&uuid=%2A".
* Uses POST methods in HTTP.

[ Process/window/string information ]
* Gets user name information.
* Gets system default language ID.
* Gets volume information.
* Checks for debuggers.
* Checks if user is admin.
* Creates a mutex "{EDE942BA-5481-42F4-A01F-1CA3360A604C}".
* Creates a mutex "Local\RstrMgr3887CAB8-533F-4C85-B0DC-3E5639F8D511".
* Creates a mutex "Local\RstrMgr-3887CAB8-533F-4C85-B0DC-3E5639F8D511-Session0000".
* Lists all entry names in a remote access phone book.
* Opens a service named "Sens".
* Opens a service named "rasman".
* Creates an event named "OleDfRootC5AAFEEFDC65545B".
* Enumerates running processes.
* Creates process "C:\Users\tachion\AppData\Local\Temp\{7A15F420-D51D-4F82-AD69-9D3FA1F6D6D6}\Addons\browser_addon_setup.exe, "C:\Users\tachion\AppData\Local\Temp\{7A15F420-D51D-4F82-AD69-9D3FA1F6D6D6}\Addons\browser_addon_setup.exe" /S , C:\Users\tachion\AppData\Local\Temp\{7A15F420-D51D-4F82-AD69-9D3FA1F6D6D6}\Addons".
* Creates process "C:\Users\tachion\AppData\Local\Temp\{7A15F420-D51D-4F82-AD69-9D3FA1F6D6D6}\Addons\assistant_v3.exe, "C:\Users\tachion\AppData\Local\Temp\{7A15F420-D51D-4F82-AD69-9D3FA1F6D6D6}\Addons\assistant_v3.exe" /close /path "BrowseToSave" /section "SearchDefenderUpdater" /stealth:ie /stealth:ff /op:ext /dispname "BrowseToSave 1.74" /product "BrowseToSave" /config "C:\ProgramData\InstallMate\168BA5C7\cfg\6_1.ini" /iid "1028046232" /sid "3238107268" /hid "20551434" /pid "918" /aid "" /xid "0" /idate 20120414 /category "BrowseToSave" /ent 30 /report "http://cybeitrapp.info/get/" /rfield "file_crc" "2385103131" , C:\Users\tachion\AppData\Local\Temp\{7A15F420-D51D-4F82-AD69-9D3FA1F6D6D6}\Addons".
* Creates process "C:\Users\tachion\AppData\Local\Temp\{7A15F420-D51D-4F82-AD69-9D3FA1F6D6D6}\Addons\web_assistant_v2.exe, "C:\Users\tachion\AppData\Local\Temp\{7A15F420-D51D-4F82-AD69-9D3FA1F6D6D6}\Addons\web_assistant_v2.exe" /close /path "WebSearch" /section "SearchDefender2" /stealth:ie /stealth:ff /op:ext /dispname "Search Assistant WebSearch 1.74" /product "Search Assistant WebSearch" /config "C:\ProgramData\InstallMate\168BA5C7\cfg\7.ini" /iid "1028046232" /sid "3238107268" /hid "20551434" /pid "918" /aid "" /xid "0" /idate 20120414 /category "WebSearch" /ent 30 /report "http://cybeitrapp.info/get/" /rfield "file_crc" "27251504, C:\Users\tachion\AppData\Local\Temp\{7A15F420-D51D-4F82-AD69-9D3FA1F6D6D6}\Addons".
* Creates process "null, "C:\Users\tachion\AppData\Local\Temp\is-94C1U.tmp\DriverIdentifier.tmp" /SL5="$80A04,698719,62976,C:\Users\tachion\AppData\Local\Temp\DriverIdentifier.exe" /verysilent , null".
* Injects code into process "C:\Sandbox\tachion\DefaultBox\user\current\AppData\Local\Temp\is-94C1U.tmp\DriverIdentifier.tmp".
* Creates process "C:\Windows\system32\cmd.exe, "C:\Windows\system32\cmd.exe" /c "C:\Users\tachion\AppData\Local\Temp\_tinC098.bat", C:\Windows\system32".
* Injects code into process "C:\Windows\System32\cmd.exe".
* Creates process "C:\Windows\system32\cmd.exe, "C:\Windows\system32\cmd.exe" /c "C:\Users\tachion\AppData\Local\Temp\_tin52EC.bat", C:\Windows\system32".
* Sleeps 60 seconds.

[net9]

ESS 6.0

Backdoor.Win32.PMax.rmu (0Access):detected
Adware.Downware.980/Win32/InstalleRex.I.Gen: detected
Fake flash player: not detected
LockScreen.ABV: detected
Malware from Skype:detected
Trojan.FakeMS: detected

[Conor29134]

Wnioskuje że zwykły adware dociągając kolejnych kolegów

tworzy search_defender_166[1] .exe
w\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDL1QJKC\
Który jest kolejnym "Protectorem" przeglądarek
dodatkowo dorzuca już znanego web asistanta który ładuje się jako usluga systemowa a także instaluje mase śmieci typu browse to save ładuje pliczek bat przez cmd o zawartosci "nie wiem jakiej :E "
łączy sie ze stronami:
* Queries DNS "c1.installbox1.info".-szkodliwa MBAM blokuje
* Queries DNS "r1.reportbox1.info".-szkodliwa MBAM blokuje
* Queries DNS "i1.installbox1.info".-szkodliwa MBAM blokuje
* Queries DNS "thequickdownloads.info".-ładuje sie jako justplug.it MBAM blokuje WOT-powiadomienie szkodliwa strona
* Queries DNS "www.driveridentifier.com".
* Queries DNS "api.copy.com".-raczej bezpieczna usługa przechowywania plikóww chmurze
Z tego co wychodzi to że strona wymaga rejestrowania się pokazując na stronie drivery które niby mają a przy instalacji tego softu ładowana jest tona śmieciowego softu czyli można uznać że plik szkodliwy
pliki pisane w Visual c++ /delphi
Nie wszystkie md5 znalazłem
Można by bardzej się rozpisać
tachion ty sie nadajesz na analityka
w filemedicu szukają :E

[celeronik]

Avast! Premier 8

Trojan.FakeMS
1/1


Adware.Downware.980/Win32/InstalleRex.I.Gen
0/1


Fake flash player
1/1


UnThreat AntiVirus Internet Security 2013

Fake flash player
1/1

[tommyklab]

435 malwares pack 2013.04.14 by tommy:

Treść widoczna jedynie dla zarejestrowanych użytkowników

13k malware URLs 2013.04.14:

Treść widoczna jedynie dla zarejestrowanych użytkowników

[Bergo]

435 malwares pack 2013.04.14 by tommy:

Treść widoczna jedynie dla zarejestrowanych użytkowników

13k malware URLs 2013.04.14:

Treść widoczna jedynie dla zarejestrowanych użytkowników

Bullguard
393/435 (90.34%)

[Skom4]

435 malwares pack 2013.04.14 by tommy:

Treść widoczna jedynie dla zarejestrowanych użytkowników

EAM= 408/435 = 93.79%

[Konto usunięte]

435 malwares pack 2013.04.14 by tommy:

Norton IS 2013:
366 / 435 = 78,71%

[myciu1974]

435 malwares pack 2013.04.14 by tommy:

Emsi 413/435 (94,94%)

[celeronik]

435 malwares pack 2013.04.14 by tommy

Avast! Premier 8
376/435 86,43%

[gr83]

435 malwares pack 2013.04.14 by tommy:

TP2013
411/435 (94,48%)

[sibur]

435 malwares pack 2013.04.14 by tommy:

Treść widoczna jedynie dla zarejestrowanych użytkowników

Avira Antivirus Premium 2013 404/435 = 92,87%
Emsisoft Emergency Kit 414/435 = 95,17%

[rafikrafiki]

ZoneAlarm Free Antivirus + Firewall

357/435 = 82 %

[Conor29134]

Panowie kompletna świeżynka możliwe że nie jest to infekcja ale wątpie resource hacker pokazuje tylko ikonki :E
Compilation timedatestamp.....: 2013-04-15 14:16:20
Unknow malware

Treść widoczna jedynie dla zarejestrowanych użytkowników

[Aby zobaczyć linki, zarejestruj się tutaj]

VT 0/45
MBAM detected B)