Submission Summary:

What's been foundSeverity Level
Produces outbound traffic.
Downloads/requests other files from Internet.
Creates a startup registry entry.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile Hash
1 %Temp%\DcaApi.xml 82 bytes MD5: 0x0D8CB653C1053D9B585881FEC191C530
SHA-1: 0x7F7BAB0B013131C0BDC54A471839E11FF2777CE9
2 %Temp%\DCA_privacy_IE.dat 12,825 bytes MD5: 0x1F1B7EDC5326EFC9BAC0F5C1900579B5
SHA-1: 0xBDFF77E282B387E91070D0661538B9C7BC0C9DE5
3 %Temp%\DCA_psettings_IE.dat 314 bytes MD5: 0x36C7CD1ACCB908505E1CD9DAF1755E64
SHA-1: 0x531CBCC24EF6B9C5B41AA8B328D7AF6CC4675BA9
4 %Temp%\DCA_Whitelist_IE.dat 68,599 bytes MD5: 0x0284F1EC0D0050D754E742C10F9F2BAD
SHA-1: 0xA3C37DE405F07D3679268A0E265628D0B3498A1A
5 %Temp%\nsl2.tmp\ie_runner_app.exe 65,536 bytes MD5: 0x637375D8FC638326E8161FAA9F4BE164
SHA-1: 0x03E383F3C2D6E4713C5C41EF0E7B1B60D70458F8
6 %Temp%\nsl2.tmp\registry.dll 16,384 bytes MD5: 0x351F89337642C165A48DD763AA210023
SHA-1: 0xA5B204CBC51A0AD84248AA680B85BE7824F3354E
7 %ProgramFiles%\Consumer Input\CptUrlPassthru.dll 554,888 bytes MD5: 0xC079AEA280312EFAE8CBEA2B25D942C9
SHA-1: 0x7A32C6B9E25477CEDE111DA7F597154A4E057993
8 %ProgramFiles%\Consumer Input\dca-api.dll 231,304 bytes MD5: 0xA9140BF6D8DE5B54F967B55E8DAE8E79
SHA-1: 0xD324DDC416ED345988881FC789A68DEF07FD1C8C
9 %ProgramFiles%\Consumer Input\dca-bho.dll 214,920 bytes MD5: 0x146AEBAFF804ADC601B3BD8E44886F73
SHA-1: 0xC1CDB31F82B5B24C4B2C3A99D415372D5F5D4641
10 %ProgramFiles%\Consumer Input\dca-ua.exe 169,864 bytes MD5: 0x06BA4C97F3788289E7AC4BA805DC85C8
SHA-1: 0x543B7F6BECE94DC58F4D66DD300F4F88336A0268
11 %ProgramFiles%\Consumer Input\uninstall.exe 365,976 bytes MD5: 0x8FE1FFE19E627877AFA977E90ECB69D7
SHA-1: 0xBC4E940DB39BFED6FD36DCEB4C78B4F68168CF97
12 %ProgramFiles%\Consumer Input\uninstall.ico 26,694 bytes MD5: 0xEECE2C1D1448BD48D006DE347FCE1298
SHA-1: 0xE64E8B9DD53B45804B9011A0CBB84EB11EA37CC8
13 %ProgramFiles%\Consumer Input\uninstall.log 313 bytes MD5: 0xF8F992FC73988AEB4F23A65A584C890D
SHA-1: 0xC584037751FABEB4779C6365720F4EE69AE51EAF
14 [file and pathname of the sample #1] 1,135,544 bytes MD5: 0x026FC95D6A26DD5F08507580B2AFC32B
SHA-1: 0x46E9D14EF90662476992080C2418B84E7B31DBE3

 

Registry Modifications

 

Other details

Remote HostPort Number
173.223.8.9780
63.135.86.1180
66.151.182.19480
66.151.234.2780
96.7.20.1680
66.151.182.194443

 

Outbound traffic (potentially malicious)

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.