Submission Summary:

What's been foundSeverity Level
Creates a startup registry entry.
Contains characteristics of an identified security risk.

 

Technical Details:

 

Possible Security Risk

Security RiskDescription
Spyware.180search_Assistant 180search Assistant produces targeted pop-up advertisements based on what users browse. To produce these targeted advertisements, 180search Assistant collects keywords from websites you visit including portions of website addresses or URLs, which can include users search terms. 180search Assistant is also known to be downloaded along with other malware.

 

File System Modifications

#Filename(s)File SizeFile Hash
1 %AppData%\Mozilla\Plugins\npoctoshape.dll
%ProgramFiles%\Octoshape Streaming Services\%UserName%\octoprogram-L03-NMS0806110_SUA_900\npoctoshape.dll
165,136 bytes MD5: 0x25C6372503BF9EF1841B49AF4556018B
SHA-1: 0xF37EFF7B7DE73F5542B5AC7281B4B5D38EE38CE5
2 %AppData%\Mozilla\Plugins\npoctoshape.xpt
%ProgramFiles%\Octoshape Streaming Services\%UserName%\octoprogram-L03-NMS0806110_SUA_900\npoctoshape.xpt
193 bytes MD5: 0xE4D29FC09869094D74DA24924D64646F
SHA-1: 0xBDCCA7323089BD8CBCD2D6C3AA12B4758190211A
3 %DesktopDir%\Octoshape Streaming Services.lnk 992 bytes MD5: 0x02A4EF465F3D559E3FA1767522C7E724
SHA-1: 0x48790B09599E24D68BCBB7FCE47078945F720948
4 %Programs%\Octoshape Streaming Services\License.lnk 936 bytes MD5: 0x6125B956DF92EDFA2EDF64506F093071
SHA-1: 0x6795E8C45DC628FBE8B85D636BEA57F23D30A1B2
5 %Programs%\Octoshape Streaming Services\Octoshape Streaming Services.lnk 1,008 bytes MD5: 0x5F8054814A4B9C6BF9DF06C334FE1B82
SHA-1: 0xFDD1C34EEB7AD8DFBC7AAF0C09BF49E71ABAE0C5
6 %Programs%\Octoshape Streaming Services\Uninstall Octoshape Streaming Services.lnk 931 bytes MD5: 0x61E1245E964879B9F62F6F05F3ED446A
SHA-1: 0x2DF1F05627E74606D1BB62817016DEEBCF67D654
7 %ProgramFiles%\Octoshape Streaming Services\%UserName%\EULA_de.rtf 35,439 bytes MD5: 0x3E496F3A1E194DD78C93C06B7C57757B
SHA-1: 0x40EDA413673B62F54E623C100B38D4C462D96166
8 %ProgramFiles%\Octoshape Streaming Services\%UserName%\EULA_en.rtf 27,398 bytes MD5: 0x53861DEDDC5956C36F89B9D3FF7B9088
SHA-1: 0xEA77A5D9FAEACE07B1EDA40A70A4CA7A723FE315
9 %ProgramFiles%\Octoshape Streaming Services\%UserName%\install.xml 23 bytes MD5: 0x5569E8D74BEBF097D8D1786B162DB523
SHA-1: 0xBF23D63E8C21A886785F4E6C5393215FA0F5CE12
10 %ProgramFiles%\Octoshape Streaming Services\%UserName%\octoprogram-L03-NMS0806110-U01_SUA_900\confirmed.txt
%ProgramFiles%\Octoshape Streaming Services\%UserName%\octoprogram-L03-NMS0806110-U01_SUA_900\marker.txt
%ProgramFiles%\Octoshape Streaming Services\%UserName%\octoprogram-L03-NMS0806110_SUA_900\marker.txt
0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
11 %ProgramFiles%\Octoshape Streaming Services\%UserName%\octoprogram-L03-NMS0806110-U01_SUA_900\content.txt 34 bytes MD5: 0x61FB59DEC8A37701361781FCF9A8E148
SHA-1: 0xB8C74BA549988B2E2233E565A0D1BF90E88FDE84
12 %ProgramFiles%\Octoshape Streaming Services\%UserName%\octoprogram-L03-NMS0806110_SUA_900\apoctoshape.dll 132,368 bytes MD5: 0x9EF2F9DE6EE57AA4F48CCBFFA4527544
SHA-1: 0x7EF2A7F791F6E7198B312E446F0D5CDCC98A88D2
13 %ProgramFiles%\Octoshape Streaming Services\%UserName%\octoprogram-L03-NMS0806110_SUA_900\content.txt 179 bytes MD5: 0x6A97C104F65E17D85B6872A4F9F6CC79
SHA-1: 0x1120993659776C7BF49D5FEDBB45B9838B8B2D9E
14 %ProgramFiles%\Octoshape Streaming Services\%UserName%\octoprogram-L03-NMS0806110_SUA_900\dynfiles.zip 32,383 bytes MD5: 0x514A02625706AF05B0DD6599D0A0FD2B
SHA-1: 0xC61391FC8D966A5724F2697B2EF441E5F8A0D6E6
15 %ProgramFiles%\Octoshape Streaming Services\%UserName%\octoprogram-L03-NMS0806110_SUA_900\libOctoshapeClient.dll 391,168 bytes MD5: 0x9AAE3BCC1471CE51D302D6C980704D1F
SHA-1: 0x11E5A47D8575492C5480A29F1B0EADE9937A542B
16 %ProgramFiles%\Octoshape Streaming Services\%UserName%\octoprogram-L03-NMS0806110_SUA_900\module.xml 1,834 bytes MD5: 0xC7208068756B6E8CB32F4528C7D9645E
SHA-1: 0x4F903FB7F24578F761FDC70EF5BAA2AE3F310610
17 %ProgramFiles%\Octoshape Streaming Services\%UserName%\octoprogram-L03-NMS0806110_SUA_900\suaold-versions.txt 191 bytes MD5: 0x249C73659FCB1B97A6CC863A4692E41B
SHA-1: 0xC6A719293860CF304DC9461A7DC6D7AAB675B46A
18 %ProgramFiles%\Octoshape Streaming Services\%UserName%\OctoshapeClient.exe 156,944 bytes MD5: 0x13F5CFF50D3DB85B8207A63428863FB8
SHA-1: 0xC991B883C618FD6A052D7ED062D75EAF84056307
19 %ProgramFiles%\Octoshape Streaming Services\%UserName%\uninst.exe 122,897 bytes MD5: 0xF37192BEAB76DCC7612F9F946BF81A35
SHA-1: 0xFFBB7EDFD57D8F7F6111BC70731A7DFEB80361CF
20 [file and pathname of the sample #1] 842,896 bytes MD5: 0x042C5B392173CE5786101766B5E9A001
SHA-1: 0x48A0F11A2313EBB4A20EEABEBA3D652E5738ADDB

 

Memory Modifications

Process NameProcess FilenameMain Module Size
OctoshapeClient.exe%ProgramFiles%\Octoshape Streaming Services\%UserName%\OctoshapeClient.exe155,648 bytes
[filename of the sample #1][file and pathname of the sample #1]212,992 bytes

 

Registry Modifications

 

Other details

Remote HostPort Number
log.octoshape.net1042
proxyexam.octoshape.org1044
log.octoshape.org1046

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.