Submission Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.

 

Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

 

File System Modifications

#Filename(s)File SizeFile Hash
1 %AppData%\bloson.bmp 26,456 bytes MD5: 0x9D76CBB404F76D227B2015D08FB90DE9
SHA-1: 0xCC2D925128F1FEC7FFB8F760E7615EAF7665F23B
2 %AppData%\dealply.bmp 77,576 bytes MD5: 0x622892E1BFD696D8964C75977E538674
SHA-1: 0xFD78C36C6AEE910B534D075781869EAC5E96564E
3 %AppData%\dealply.exe 945,752 bytes MD5: 0xCAACA3D3783173998FBB157FDD07A846
SHA-1: 0x92E8B1D702C8B8411A33F9497F8BFBA72628522D
4 %AppData%\facemoods.bmp 77,576 bytes MD5: 0x6015991F47DAFEB69223AB1BBCE46321
SHA-1: 0x58B2A90385BE4BD340839E58E56C7025F73A4C06
5 %AppData%\facemoods.exe 1,229,360 bytes MD5: 0x5F856A489CC99DFF30713F9FDAB715DF
SHA-1: 0x7037878B2DB6D2A611613C21C693458D3CFC4FC9
6 %AppData%\javascript-minimizer-1.0.exe
%Temp%\nsr9.tmp
125 bytes MD5: 0x7C5F5A68051F6B0C0E9A2AD33C40D415
SHA-1: 0x120865765927A61AF83F02B83DC297EEDE61EC41
7 %AppData%\lateral1.bmp 193,744 bytes MD5: 0x09FBAEDE48CFEDB759E640BED10D5DBF
SHA-1: 0xE1C0A5A77042595BEAE53955CAD72143AAC61045
8 %AppData%\lateral2.bmp 193,744 bytes MD5: 0xD0D2B5814833B7412A66C89E8B75021D
SHA-1: 0x9B6C821D9078AA1054F522D3669686A1F7792B37
9 %AppData%\lateral3.bmp 195,108 bytes MD5: 0xE1CE13E6F1ED1F339F8595CCF9D0198E
SHA-1: 0x666997A9F8786074193C6CB2160C2EF3962D3ECC
10 %Temp%\nsh2.tmp\inetc.dll 24,576 bytes MD5: 0x1EFBBF5A54EB145A1A422046FD8DFB2C
SHA-1: 0xEC4EFD0A95BB72FD4CF47423647E33E5A3FDDF26
11 %Temp%\nsh2.tmp\LangDLL.dll 5,632 bytes MD5: 0x9384F4007C492D4FA040924F31C00166
SHA-1: 0xABA37FAEF30D7C445584C688A0B5638F5DB31C7B
12 %Temp%\nsh2.tmp\md5dll.dll 6,656 bytes MD5: 0x0745FF646F5AF1F1CDD784C06F40FCE9
SHA-1: 0xBF7EBA06020D7154CE4E35F696BEC6E6C966287F
13 %Temp%\nsh2.tmp\modern-header.bmp 130,056 bytes MD5: 0xB94CE22E857BFFBBFF032D747653B3B0
SHA-1: 0xFD7EE723AEFB384DB149BF92A36603CFB70F4D98
14 %Temp%\nsh2.tmp\nsDialogs.dll 9,728 bytes MD5: 0xC10E04DD4AD4277D5ADC951BB331C777
SHA-1: 0xB1E30808198A3AE6D6D1CCA62DF8893DC2A7AD43
15 %Temp%\nsh2.tmp\nsRandom.dll 21,504 bytes MD5: 0xAB467B8DFAA660A0F0E5B26E28AF5735
SHA-1: 0x596ABD2C31EAFF3479EDF2069DB1C155B59CE74D
16 %Temp%\nsh2.tmp\System.dll 11,264 bytes MD5: 0xC17103AE9072A06DA581DEC998343FC1
SHA-1: 0xB72148C6BDFAADA8B8C3F950E610EE7CF1DA1F8D
17 c:\prefs.js 1,156 bytes MD5: 0x864C52B83A0FDB3235A6B4998E580FE7
SHA-1: 0x52476B0D04BB5D246E69D5B2DD5DAA4DFC7541A6
18 %ProgramFiles%\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll 265,944 bytes MD5: 0xD0813204B590D8E8B98627FD75610E9D
SHA-1: 0x8D465E41BD3A156D6C3B12A562473193B9878A7D
19 %ProgramFiles%\facemoods.com\facemoods\1.4.17.11\facemoods.crx 31,873 bytes MD5: 0xC950D4862FF0DCFF908A8934B28702E8
SHA-1: 0x910E844373C425AE105362E12007ED48FF6C18BD
20 %ProgramFiles%\facemoods.com\facemoods\1.4.17.11\facemoods.png 3,948 bytes MD5: 0xAD000BBCE06733694151384B614C94D7
SHA-1: 0x7D2C7E141479E4ED9F8EAA8454CA15ED27438762
21 %ProgramFiles%\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll 368,344 bytes MD5: 0x582B370E077DD9412DAA10E8B7AC9015
SHA-1: 0x538A2AA698B3F41A1F0D0BCD195021946B4786A5
22 %ProgramFiles%\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll 462,552 bytes MD5: 0x45300E499CCCA60E2A6869170ECA9966
SHA-1: 0xFD9E5C83FF7337560E3F7F4AD9573934023B351B
23 %ProgramFiles%\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe 362,200 bytes MD5: 0xE83686C5F2273F8A7561897DD5F4E570
SHA-1: 0xB46C493E729674C1F02AE94D32C476E5B5077625
24 %ProgramFiles%\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll 220,888 bytes MD5: 0x0FB336CCB1FE21397098026DF36FD914
SHA-1: 0x3FA3C67B6F4721A7D77CD478BD9B10A0377520FC
25 %ProgramFiles%\facemoods.com\facemoods\1.4.17.11\uninstall.exe 144,620 bytes MD5: 0x26E59759772F43227E2DBAF33F030ADB
SHA-1: 0xF6AE582F0A76BF765E36090630D6D07A3776700A
26 %ProgramFiles%\Mozilla Firefox\searchplugins\fcmdSrch.xml 2,047 bytes MD5: 0x1BB13D2832FFE1671736A987A803D180
SHA-1: 0x04AAE3DD7CBE3FEA157A2847A4629A75020A3749
27 [file and pathname of the sample #1] 2,298,237 bytes MD5: 0x0A06D10B99CCAFD760FD08D0200A375E
SHA-1: 0xABF0DA81AD13F0BE7475DC72F83A760D1397EB00

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]327,680 bytes
dealply.exe%AppData%\dealply.exe212,992 bytes
facemoods.exe%AppData%\facemoods.exe352,256 bytes
facemoodssrv.exe%ProgramFiles%\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe368,640 bytes

 

Registry Modifications

 

Other details

Israel

PortProtocolProcess
1035UDP[file and pathname of the sample #1]

Remote HostPort Number
r.facemoods.com1033

Server NameServer PortConnect as UserConnection Password
gstatic.uptodown.net80(null)(null)
www.uptodown.com80(null)(null)

 

 

Downloaded File Summary:

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile Hash
1 [file and pathname of the sample #1] 36,864 bytes MD5: 0x45CB4CFD0E8EF900A1C08A8BBFF69A1C
SHA-1: 0x3B61DE44F485D76A1026A3F14BAAD6EB3DAAC6B2

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]N/A

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.