Visit ThreatExpert web site |Close Report

Submission Summary:

What's been foundSeverity Level
Attempts to use BITS (Background Intelligent Transfer Service). Some threats are known to use BITS to evade firewall filtering and download files without firewall inspection.
Produces outbound traffic.
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.

 

Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %CommonAppData%\Google\Custom Buttons\toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML 12,820 bytes MD5: 0xA41B71A96BF9FD9D56C4410A380FCE69
SHA-1: 0x7F50CF77DFE753AD0A51D1472009A9C90BBE61C4		 (not available)
2 %CommonAppData%\Microsoft\Network\Downloader\qmgr0.dat 5,442 bytes MD5: 0x05E38FA079B8E5D856861C7DBEBAB8EC
SHA-1: 0x0E20AE30F93784895B4F113E7CD2045069D8A8BF		 (not available)
3 %CommonAppData%\Microsoft\Network\Downloader\qmgr1.dat 4,232 bytes MD5: 0x136D6B1D98E45733F5744AF0C19A0037
SHA-1: 0x138F7E6EAC7FC7766929EC70E913576F85F95278		 (not available)
4 %CommonDesktopDir%\CCleaner.lnk 682 bytes MD5: 0x9A22A9EFB62B26C4347CE9A39E036E1F
SHA-1: 0x04B032E0281B23B5B03C0F9334FF6011703A718E		 (not available)
5 %CommonPrograms%\CCleaner\CCleaner Homepage.url 82 bytes MD5: 0x20AAC90EEFD7FCF37027FDE1FCF35214
SHA-1: 0x5161CC36B8E0FBE826EF12F536308CC26E5727B6		 (not available)
6 %CommonPrograms%\CCleaner\CCleaner.lnk 694 bytes MD5: 0xE4AA5AA751726522B7CB5F364E020300
SHA-1: 0x46A7D61B71DA25EDCBB34068BF67742137163464		 (not available)
7 %CommonPrograms%\CCleaner\Uninstall CCleaner.lnk 507 bytes MD5: 0x7C8C5285422B865A5C90FB9BD08D6279
SHA-1: 0xC5421D91958DE7760A75CF8B58B64BE6B42F56D4		 (not available)
8 %Temp%\Google Toolbar\GoogleToolbarWelcome.log 7,492 bytes MD5: 0x8469D8ABE49F153E716B5273628B0BDD
SHA-1: 0x60970AB60952002F52C1580770C6DFE37E28EF96		 (not available)
9 %Temp%\Google Toolbar\gtb2D.tmp 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709		 (not available)
10 %Temp%\Google Toolbar\gtb2D.tmp.exe 526,448 bytes MD5: 0x5349C1396FF46C621B2F20B949D70DCF
SHA-1: 0x78FFCADAD31FC39B5359003E6EBA98BE32E95EBB		 (not available)
11 %Temp%\Google Toolbar\gtm29.tmp
%ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbar.6.4.1321.1732.manifest.xml 		19,771 bytes MD5: 0xF0D6EB88EC79622D6C91979B6D429EC2
SHA-1: 0x49D17CEF26F7CFA83F938D3CF5FE74B1B5D1CA4A		 (not available)
12 %Temp%\GoogleToolbarInstaller1.log 7,994 bytes MD5: 0x694CA91114BB0023EF0EAFB66009CC91
SHA-1: 0xDA07553C4D4B31EC8740685FA61159E84DEFA13D		 (not available)
13 %Temp%\GoogleToolbarInstaller2.log 3,773 bytes MD5: 0xE2008EC77C69B0D6DC79742EBF6E7C32
SHA-1: 0xFEC0C53C682E7EE82FBC0D1C9CB4430FFAE17934		 (not available)
14 %Temp%\googletoolbarinstaller_stub_signed.exe 201,328 bytes MD5: 0xBC67002CC524050EAFDF18204C22C538
SHA-1: 0x9FDDDAA5FBE1EEAEC2B34938F0AFF33766224453		 packed with PE_Patch.PECompact [Kaspersky Lab]
15 %Temp%\nsn5.tmp\ExecDos.dll 5,632 bytes MD5: 0xA7CD6206240484C8436C66AFB12BDFBF
SHA-1: 0x0BB3E24A7EB0A9E5A8EAE06B1C6E7551A7EC9919		 (not available)
16 %Temp%\nsn5.tmp\g\PRFA-IEToolbar.exe 223,809 bytes MD5: 0xBA294F93108CF238ECB91C394049F8B7
SHA-1: 0x486D16AEDDF402E1F3BE54CB6590EE1005FD92DB		 (not available)
17 %ProgramFiles%\CCleaner\CCleaner.exe 2,301,752 bytes MD5: 0xE701B8A239462A3A9098D407A6E53C47
SHA-1: 0x06624312A637447CBDADD185F1F2DFE5C1C1C4E9		 (not available)
18 %ProgramFiles%\CCleaner\ccsetup307.exe 3,096,424 bytes MD5: 0x337047BC466F8E7E3BD5219E0F72617D
SHA-1: 0x5D63DAC30FCD20C544F33FD68EEA6E53B575BA71		 (not available)
19 %ProgramFiles%\CCleaner\Lang\lang-1025.dll 26,624 bytes MD5: 0x50C4DD494CD4651054F1A64B0D7B951C
SHA-1: 0xEBDE8BF54AA327B1E82BAF4753E2B40200260A14		 (not available)
20 %ProgramFiles%\CCleaner\Lang\lang-1026.dll 32,768 bytes MD5: 0xD2FAB20F779D0CC5C0205777C49D788B
SHA-1: 0xF4818A9AF2F668A3018C8DD26DBEC8E89AF12871		 (not available)
21 %ProgramFiles%\CCleaner\Lang\lang-1027.dll 33,792 bytes MD5: 0x38881D62701E442DFCD03BD43FBD8F72
SHA-1: 0xFADF16F857115E1F4FC532FB70EEB0B63E4AA4B7		 (not available)
22 %ProgramFiles%\CCleaner\Lang\lang-1028.dll 16,384 bytes MD5: 0x2E052E9D6405D7B214B705BD69394AFF
SHA-1: 0x16C81EF8C2A53DF04AC63973360393FF2C139839		 (not available)
23 %ProgramFiles%\CCleaner\Lang\lang-1029.dll 28,672 bytes MD5: 0x0D114C06C262A543C2ABF38BF5FBE538
SHA-1: 0x72A546660031261B9CA235A68777A27CCC2C1D93		 (not available)
24 %ProgramFiles%\CCleaner\Lang\lang-1030.dll 29,696 bytes MD5: 0xADB8E9C3C9AA26C54E9DAA3594457B0B
SHA-1: 0xEF4EB258C85537677ABEE214E11B34AC5EA0434D		 (not available)
25 %ProgramFiles%\CCleaner\Lang\lang-1031.dll 30,208 bytes MD5: 0x8E8F27BCA25C2BFD7B4ACF662E7C704C
SHA-1: 0x45CDC139A123C0B6CC931B6A1B0CD89B8742567A		 (not available)
26 %ProgramFiles%\CCleaner\Lang\lang-1032.dll 34,816 bytes MD5: 0x55090EE05D26E1639600E6DBF9E1BE0F
SHA-1: 0xAA903F52811D0E7A1402EA8082094502375119D6		 (not available)
27 %ProgramFiles%\CCleaner\Lang\lang-1034.dll 33,792 bytes MD5: 0x903273F2274CECE9AB3C010A5B631C3C
SHA-1: 0xE0A88ADEB76E31C9C4D063C75B27A437CC26B3D0		 (not available)
28 %ProgramFiles%\CCleaner\Lang\lang-1035.dll 31,232 bytes MD5: 0x03A7C875ACF71623F9909DA1C76DCD10
SHA-1: 0x910BC79AA115B7F25116C8293B88FBC6BAAEB50D		 (not available)
29 %ProgramFiles%\CCleaner\Lang\lang-1036.dll 34,816 bytes MD5: 0xA53435B2C262AE7B35A5843610BEB7AE
SHA-1: 0x2FADEF5100D8062DFB1AFFA0BDA7ABEFAD8D4F82		 (not available)
30 %ProgramFiles%\CCleaner\Lang\lang-1037.dll 25,600 bytes MD5: 0x73693FDE4158664F5698126061F3B286
SHA-1: 0xD847A28770FE54C2A9EB27F0AC18BFE399903418		 (not available)
31 %ProgramFiles%\CCleaner\Lang\lang-1038.dll 31,744 bytes MD5: 0xA2CE0E79CF65067CC876FCA4B4818FC1
SHA-1: 0xF886913046866D8E23531EF1DCDAA583B6DFCF21		 (not available)
32 %ProgramFiles%\CCleaner\Lang\lang-1040.dll 31,744 bytes MD5: 0x5B78A307F3AC4E3DBD59D94CE29E1817
SHA-1: 0x898E97EED48B7888886065F11211DE9D08B2D423		 (not available)
33 %ProgramFiles%\CCleaner\Lang\lang-1041.dll 18,944 bytes MD5: 0xC5C98F2ACC1BD90E93D5E12D63F6526C
SHA-1: 0x09A67406D7B85CC6890F84BF73DFEC81470278B6		 (not available)
34 %ProgramFiles%\CCleaner\Lang\lang-1042.dll 20,480 bytes MD5: 0xFD015DC16BC8AE49D2A0E798E75024C2
SHA-1: 0xC4B49CD3862EFC327DA578DDF6001DB2176DBB03		 (not available)
35 %ProgramFiles%\CCleaner\Lang\lang-1043.dll 33,792 bytes MD5: 0x90644B314FB10FEF7B7D957162C76D7E
SHA-1: 0xF826D4CA8672C1F7F6A20F28AD5C1F24273033C9		 (not available)
36 %ProgramFiles%\CCleaner\Lang\lang-1044.dll 29,184 bytes MD5: 0xEF3C22A2783A4194F5507FFABEF404D9
SHA-1: 0x8CE725638145B6478FD6DF9BCC391912082E3DBC		 (not available)
37 %ProgramFiles%\CCleaner\Lang\lang-1045.dll 31,744 bytes MD5: 0x84442567C752F71B8AE6C69081567005
SHA-1: 0xC0DB43B4AE9B9D907EEAB09C471726BABAB71985		 (not available)
38 %ProgramFiles%\CCleaner\Lang\lang-1046.dll 33,280 bytes MD5: 0x21BE0FDB71E76CCA2903CAEDF7668BD0
SHA-1: 0x2381C356646FEE39E336EB68B0BD131FB96AFBC4		 (not available)
39 %ProgramFiles%\CCleaner\Lang\lang-1048.dll 30,208 bytes MD5: 0x40544BE64FABDFF7E6F225211D95A0A3
SHA-1: 0x98BB97623DFF7B3D752829AC9221C644E005A66A		 (not available)
40 %ProgramFiles%\CCleaner\Lang\lang-1049.dll 28,672 bytes MD5: 0xC4617FB0A4F8C6DC9845428B6F67EB5F
SHA-1: 0xCF03568D2FD94D9597B1672B8032B7B6C9B9C921		 (not available)
41 %ProgramFiles%\CCleaner\Lang\lang-1050.dll 29,184 bytes MD5: 0x4560F1D232D7281F7DCB00959B5EBA7A
SHA-1: 0xEC9758487779F2E350C27FCB5DB439C30EA254A3		 (not available)
42 %ProgramFiles%\CCleaner\Lang\lang-1051.dll 28,672 bytes MD5: 0x7763097D16918582DFF7065132089102
SHA-1: 0x0E2D379635A191338C837470A8C20D0E5C1E5798		 (not available)
43 %ProgramFiles%\CCleaner\Lang\lang-1052.dll 30,208 bytes MD5: 0xA4480C3B1A52E17EB0785C096F12A630
SHA-1: 0x7AF081F1C9A54C947E11F737BA148091D4CDF4BA		 (not available)
44 %ProgramFiles%\CCleaner\Lang\lang-1053.dll 30,208 bytes MD5: 0x26E7C31E7E17938EDD2570B83CE74C19
SHA-1: 0x6D6EB5475BD89BBC40FDA68B2757F2C012E59705		 (not available)
45 %ProgramFiles%\CCleaner\Lang\lang-1055.dll 29,184 bytes MD5: 0x973A6C9F311EF4C53D32EF55E1A393F8
SHA-1: 0xD50D2431CC37BEC9C3C4836D6F89623E4FE36C26		 (not available)
46 %ProgramFiles%\CCleaner\Lang\lang-1058.dll 29,696 bytes MD5: 0x6CBE95FB90EE14D90528E07ABF4567DA
SHA-1: 0x754CB34CA85E7009C04B2DEC734C2574DCB627B4		 (not available)
47 %ProgramFiles%\CCleaner\Lang\lang-1059.dll 30,720 bytes MD5: 0x280B85494E32977F9F881A56FB783F79
SHA-1: 0x05415662DFB3AC7AACDB395932E93A3BA821A037		 (not available)
48 %ProgramFiles%\CCleaner\Lang\lang-1060.dll 31,232 bytes MD5: 0x07CB43D437B57DE0E43F07C524806634
SHA-1: 0x295D105C2941370E5B8D6A211CED3C2F05B5C43C		 (not available)
49 %ProgramFiles%\CCleaner\Lang\lang-1061.dll 29,184 bytes MD5: 0x338210EC20C0C473CDCAFB99930C61B2
SHA-1: 0xE9A53DD8FECF69FFF8A1CE96CB2C2992FC9C5B22		 (not available)
50 %ProgramFiles%\CCleaner\Lang\lang-1063.dll 29,184 bytes MD5: 0xE417682896A13A4F3C2E746EDAABFFCC
SHA-1: 0xABF9C826C5AEDF100C80AC8704231DCF41A20D55		 (not available)
51 %ProgramFiles%\CCleaner\Lang\lang-1065.dll 30,208 bytes MD5: 0x473ECF7B1EB564255896BEEF17223D5C
SHA-1: 0x57451C42512069A418748CE401617B3C21A4925B		 (not available)
52 %ProgramFiles%\CCleaner\Lang\lang-1066.dll 28,672 bytes MD5: 0x961A68A0FA2CCC745975DAF46B3B9BA6
SHA-1: 0xDE674B9D76CDD63081EE42799C7EF4411C70EB58		 (not available)
53 %ProgramFiles%\CCleaner\Lang\lang-1067.dll 27,648 bytes MD5: 0xCA8AC83A493A9D59920C4B34596E0C45
SHA-1: 0x19EBB1870AA11E9DE3B927BCB107A803893F0542		 (not available)
54 %ProgramFiles%\CCleaner\Lang\lang-1068.dll 29,184 bytes MD5: 0x4E0609088FDC338DA96CDB0A532B2522
SHA-1: 0x351C7CF59831FD9538D1FB5BB0AC69B038D84460		 (not available)
55 %ProgramFiles%\CCleaner\Lang\lang-1071.dll 30,208 bytes MD5: 0x65BF04353798B9E65AB938D9417C7C5E
SHA-1: 0x3379FEEA19A10216660B979D8830301266CEEB27		 (not available)
56 %ProgramFiles%\CCleaner\Lang\lang-1079.dll 31,232 bytes MD5: 0x9E9A6DBF3CD3F05EF7AA9B2421EFA24E
SHA-1: 0xBEEA01B0B433EB4574DFFAA61CC9F0A8056908B3		 (not available)
57 %ProgramFiles%\CCleaner\Lang\lang-1110.dll 29,184 bytes MD5: 0xB5BC5768FA82718825DD269A668C4C68
SHA-1: 0xEE0BA7F3870F262F93CAA9B10F43E5E6D248C2E8		 (not available)
58 %ProgramFiles%\CCleaner\Lang\lang-2052.dll 15,360 bytes MD5: 0xDE132A55E2013D5FC75AE18502CB07F3
SHA-1: 0xE5440AA51F0964CA7C6A0F44967EB68B3635B606		 (not available)
59 %ProgramFiles%\CCleaner\Lang\lang-2070.dll 33,792 bytes MD5: 0x754FB6338DBFC1DCABB54EE9BF691780
SHA-1: 0xE141D17BF5E6BBBB433AFF45FB4C1799AE183EB1		 (not available)
60 %ProgramFiles%\CCleaner\Lang\lang-2074.dll 29,184 bytes MD5: 0x0512F14E7A6B914770B289AD869B349A
SHA-1: 0x2A698961A03DC1F849E3297DCC0E6EF0FD08702A		 (not available)
61 %ProgramFiles%\CCleaner\Lang\lang-3098.dll 29,184 bytes MD5: 0x9C2DD47B98CA72B57E5C7C82A7BBE313
SHA-1: 0x049EC5BEDCA140932CB1997EF4E314820132C6AA		 (not available)
62 %ProgramFiles%\CCleaner\Lang\lang-5146.dll 29,184 bytes MD5: 0x2E2C087B9F0691F89B6072D9CA0087E1
SHA-1: 0xBED52910A2D1D037EE92614DF57175CF83667D6C		 (not available)
63 %ProgramFiles%\CCleaner\Lang\lang-9999.dll 33,792 bytes MD5: 0xAFA9F80E74A89884A48D3C85D8817976
SHA-1: 0x025721A244E41295F563215A9697DD7D26C32484		 (not available)
64 %ProgramFiles%\CCleaner\uninst.exe 129,256 bytes MD5: 0xA166843E2BA10A7EBC123FF255EC3CDF
SHA-1: 0xB1DADBED494D67722F8298951FED3F9643F69B44		 (not available)
65 %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe 182,768 bytes MD5: 0xCC839E8D766CC31A7710C9F38CF3E375
SHA-1: 0xA20FE767AE667638FC2ED43563BD436542CA7AD4		 (not available)
66 %ProgramFiles%\Google\Google Toolbar\Component\GoogleCld_D9AEC8D4D1915047.dll 1,232,496 bytes MD5: 0xB72206B97E3FD14D73EB81D086AA0B3B
SHA-1: 0x12EC2761E5134A3032D289B5E27F1A8AF3D0445A		 (not available)
67 %ProgramFiles%\Google\Google Toolbar\Component\GoogleCld_F383318595AD1D07.dll 1,206,896 bytes MD5: 0xD41AEC4B522353ED17FCA7FFB2432978
SHA-1: 0xE2ECD7F66ACC255F0DA9C570C60B055B99253632		 (not available)
68 %ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbar.7.2.2427.2330.manifest.xml 16,731 bytes MD5: 0xDCFBFF3928A580BBB62B694E3589C172
SHA-1: 0xCD53FA6AA96F5FA9FD885773D9A1DE91C9C7031C		 (not available)
69 %ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_248D3CEB7C787E4E.dll 3,047,536 bytes MD5: 0x64C1481B867CC7B45E10A74CC9EB46E4
SHA-1: 0x6E48BBE314917BB5FDE23B3C8FEE7F435F29508A		 (not available)
70 %ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_78F32466E61F1EEC.dll 2,908,272 bytes MD5: 0x7DA764DA0C164E9CEDFE45847B2FA514
SHA-1: 0x903AA8CCD58750C61D7AC96D84DCC26BA0D27D91		 (not available)
71 %ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_ext_ja_32_0B613598DAECF22D.dll 58,992 bytes MD5: 0xBD5888F44ECB38E3E00FA8BA933102C9
SHA-1: 0x2E6887AA44E527A3A534799EB0DD5D9DDCBEC996		 (not available)
72 %ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_ext_zh-CN_32_52173432FFDB9692.dll 234,608 bytes MD5: 0x21CBDDD308C932725FA4BC54E5C17360
SHA-1: 0xEBD68F57982EE2B0BB9D26BF369D003AB7D37269		 (not available)
73 %ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll 848,896 bytes MD5: 0x9C626E135B52F704B9934774E37DDE4A
SHA-1: 0x4F7691FDF7B2D175246B6179C6F59149C70EB8A8		 (not available)
74 %ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_F5A70B61FC3A2BB0.dll 1,239,664 bytes MD5: 0x3A913A99C665A6C3610241C09439F281
SHA-1: 0xB4292551BD8901D02C009EF0051895E66115C43B		 (not available)
75 %ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarManager_A0AC09CE5247ECEF.exe 1,052,784 bytes MD5: 0x72AA69F480CEB918D25B28EF0CABA60E
SHA-1: 0x69085BE3B588CAF5A68280A43142DE7E1CBCE6BB		 (not available)
76 %ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe 1,037,936 bytes MD5: 0x19DF43A34C9BB7E790CB119AFCB7F66B
SHA-1: 0xF1304E1D3EBEFD78CA4BA6B5118231ABBBDF311F		 (not available)
77 %ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarUser_32_63846110C2FBA685.exe 307,312 bytes MD5: 0xE168A426C2F711F39597292D878D5E50
SHA-1: 0x2A33E4F4C98249A44681733453412FB2E0A767C9		 (not available)
78 %ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbarUser_32_7397BBD21492BAA9.exe
%ProgramFiles%\Google\Google Toolbar\GoogleToolbarUser_32.exe 		298,608 bytes MD5: 0xDEA8E97225B79A52094459422FA9BE66
SHA-1: 0x379A0A0F08A8682B35476CF362AA42D7A5A44CAA		 (not available)
79 %ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbar_32_2D29F0F746C2D723.dll 342,128 bytes MD5: 0x61980095AE5D02B1E9D2ED604A90C1BF
SHA-1: 0x53A6C23D4D30A0431776888A9BF5F7383A0BC4B1		 (not available)
80 %ProgramFiles%\Google\Google Toolbar\Component\GoogleToolbar_32_788D2431A6FFBD5A.dll
%ProgramFiles%\Google\Google Toolbar\GoogleToolbar_32.dll 		279,664 bytes MD5: 0xCE18BAFCF08340AC9A31044B86FA5FED
SHA-1: 0xAEAB8D164B4F60AE7FD3166E953BA9BB60751957		 (not available)
81 %ProgramFiles%\Google\Google Toolbar\Component\GoogleUpdaterService_5898FABCFA121C11.exe 182,768 bytes MD5: 0x1C50AB911B3524356D0C58D8D669F09E
SHA-1: 0x8196BF79D278F064FEAA77F3353410273F8611E6		 (not available)
82 %ProgramFiles%\Google\Google Toolbar\Component\GoogleUpdateSetup_0002B5AEB6C5B612.exe 563,696 bytes MD5: 0x5A81DAF322DFB89B925C1EE597302847
SHA-1: 0x6221A910EFCEB05583E82E25AF0CA8DF012D1278		 (not available)
83 %ProgramFiles%\Google\Google Toolbar\Component\SearchWithGoogleUpdate_3CEFEC1F9BB6F303.exe 1,721,400 bytes MD5: 0x47411684FC7E9A8F20E894D28FC66FEE
SHA-1: 0x2F9D83A5A15970CEFCFC8959B32962D9702EA417		 (not available)
84 %ProgramFiles%\Google\Google Toolbar\Component\SearchWithGoogleUpdate_60BF91FC421232D7.exe 1,487,344 bytes MD5: 0xF0C64E8621073E5E6155A084D064C6FB
SHA-1: 0xDFAB77008ED210FF0154BDBF27014F74CED69A0D		 (not available)
85 %ProgramFiles%\Google\Google Toolbar\GoogleToolbarHelperPatch_signed.msp 119,808 bytes MD5: 0x7C1F2F928AD72C15B6DDE410A0D9D43A
SHA-1: 0x1E1E6CE38C2DE7FFEF611FC0D2A7A7DF13E8AAB3		 (not available)
86 %ProgramFiles%\Google\Google Toolbar\GoogleToolbarHelper_signed.msi 28,160 bytes MD5: 0xF7B15892385FE4B7F4A657B0619968D2
SHA-1: 0x935ADA5066CED268466EFBD5D18F777633928331		 (not available)
87 %ProgramFiles%\Google\GoogleToolbarNotifier\5.5.4723.1820\gth.dll 49,136 bytes MD5: 0x15DC752B83DCB799D483BD715B855CF1
SHA-1: 0x8A0BE53000620F7141E07F3D4B41E72C6F6AAF2A		 (not available)
88 %ProgramFiles%\Google\GoogleToolbarNotifier\5.5.4723.1820\gtn.dll 148,976 bytes MD5: 0xC31BBDCD066E35BE40DCF2C4EEF12F97
SHA-1: 0x69C41009431105CE0E9A4E7CFE4A6063C900C167		 (not available)
89 %ProgramFiles%\Google\GoogleToolbarNotifier\5.5.4723.1820\Readme.url 99 bytes MD5: 0x5E0F60DDE2CE950E74EEE1E207800064
SHA-1: 0x4A360814B0E2B4DF4CA229A2A267EFA32C6E5DD6		 (not available)
90 %ProgramFiles%\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll 812,528 bytes MD5: 0xA414F9F0E60B3AB385E56586D4EEAAF3
SHA-1: 0x28C4F210FBEA5C05EFF3FB66F171A49B33EBEDDC		 (not available)
91 %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 39,408 bytes MD5: 0x5D61BE7DB55B026A5D61A3EED09D0EAD
SHA-1: 0x215950CE5D40907B041346F22B4E404EE591581D		 (not available)
92 %ProgramFiles%\Google\Update\1.2.183.13\GoogleCrashHandler.exe 136,176 bytes MD5: 0x975A3190EB50EAC7AA89488233E18294
SHA-1: 0x862F1AD96CB36E449FAE11E9C3276E5B12FEEECA		 (not available)
93 %ProgramFiles%\Google\Update\1.2.183.13\GoogleUpdate.exe
%ProgramFiles%\Google\Update\GoogleUpdate.exe 		135,664 bytes MD5: 0x8F0DE4FEF8201E306F9938B0905AC96A
SHA-1: 0xD2E2915087427BE8EA88B4A174C334C578208E78		 (not available)
94 %ProgramFiles%\Google\Update\1.2.183.13\GoogleUpdateHelper.msi 26,624 bytes MD5: 0xFDA3E5076FADA18E867796219345ECE6
SHA-1: 0x598144E7D2467FA1865EAEAB9D95A20403156F46		 (not available)
95 %ProgramFiles%\Google\Update\1.2.183.13\goopdate.dll 681,968 bytes MD5: 0xEB24B0549C3F45594AF82A452CD4F822
SHA-1: 0x66528D7802891D129DEE7CF54B5A670012AC6F36		 (not available)
96 %ProgramFiles%\Google\Update\1.2.183.13\GoopdateBho.dll 138,736 bytes MD5: 0x626CA57682D15856B3BD87D6C5169DDE
SHA-1: 0xA4D28A8E5042F2911282DE534ECD9C106CC6E9CD		 (not available)
97 %ProgramFiles%\Google\Update\1.2.183.13\goopdateres_ar.dll 25,584 bytes MD5: 0x2CF039038FDF0212511041BD7EB614E5
SHA-1: 0x604CC4517D13CE675BCE4A7A8A95988EEB50E833		 (not available)
98 %ProgramFiles%\Google\Update\1.2.183.13\goopdateres_bg.dll 29,168 bytes MD5: 0x915B9A095F53B8EF00C309FD17342362
SHA-1: 0x6DEEF71D075B9C05E23B2ACAB008FA598961283A		 (not available)
99 %ProgramFiles%\Google\Update\1.2.183.13\goopdateres_bn.dll 27,632 bytes MD5: 0x0596334BE2CAF19AE2F3C2365945F952
SHA-1: 0xC0D4D11CC4BAA154ECA122CA30D13F1DBCF8F0A2		 (not available)
100 %ProgramFiles%\Google\Update\1.2.183.13\goopdateres_ca.dll 28,656 bytes MD5: 0xABF850D51375F417A0FC705B824C7901
SHA-1: 0x7CA5CC857A64AB6C7E2F82EC0B62C45B4CB9FF80		 (not available)

 

Memory Modifications

Process NameProcess FilenameMain Module Size
googletoolbarinstaller_stub_signed.exe%Temp%\googletoolbarinstaller_stub_signed.exe524,288 bytes

Service NameDisplay NameStatusService Filename
gusvcGoogle Software Updater"Stopped""%ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe"
gupdateGoogle Update Service (gupdate)"Stopped""%ProgramFiles%\Google\Update\GoogleUpdate.exe" /svc

Service NameDisplay NameNew StatusService Filename
BITSBackground Intelligent Transfer Service"Running"%System%\svchost.exe -k netsvcs
MSIServerWindows Installer"Running"%System%\msiexec.exe /V

 

Registry Modifications

 

Other details

Remote HostPort Number
174.133.64.23680
199.7.52.19080
199.7.71.19080
216.137.43.5880
72.14.204.13280
72.14.204.9580
74.125.226.16180
74.125.226.16380
74.125.226.16780
74.125.226.16880
74.125.226.169443
74.125.226.175443
74.125.226.186443

 

Outbound traffic (potentially malicious)

 

Heuristics Analysis

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2013 ThreatExpert. All rights reserved.