Submission Summary:

What's been foundSeverity Level
Capability to send out email message(s) with the built-in SMTP client engine.
Downloads/requests other files from Internet.

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %CommonAppData%\MFAData\logs\mfa-20101112-161223.log 137,170 bytes MD5: 0x01A6B46A456956C010C1C021A120C8B5
SHA-1: 0x6254ABB80FAD30552A900B7A635AE1224D04F1EF
(not available)
2 %CommonAppData%\MFAData\logs\mfa-20101112-161404.log 116,780 bytes MD5: 0x083932C2C4D40E78255D5538BE1BF6FD
SHA-1: 0x89362461506C84B827BEF4EF52F1A95FCCAB3AF0
(not available)
3 %CommonAppData%\MFAData\logs\msi-20101112-161223.log 82,176 bytes MD5: 0xCDF9074A56FFD7084BEF4F5EEA7DAA7A
SHA-1: 0x1F3DD992891D79DD300285E7AD85F6217409EBD9
(not available)
4 %CommonAppData%\MFAData\mfaurlconf.ini 798 bytes MD5: 0x916007BDE57A2A036702C1EE8F22F693
SHA-1: 0x2140C8CBDA6F90DBA78C200068792A4E4E3F40DD
(not available)
5 %CommonAppData%\MFAData\pack\avg10infoavi.ctf 1,972 bytes MD5: 0xF78C51893CE71BC3BFCA29D822F748CE
SHA-1: 0xE56425090B8DDB5EDD0209BC46302723C7905233
(not available)
6 %CommonAppData%\MFAData\pack\avg10infooi.ctf 1,815 bytes MD5: 0x2A2E4A9C7AAE70A5DA4DCDC99AEB572E
SHA-1: 0x4FA4F2CF9A3B4217A0D8E04559EAEE303F08074F
(not available)
7 %CommonAppData%\MFAData\pack\avg10infowin.ctf 21,125 bytes MD5: 0x3005B07441FA01A4C6D1A27B20505918
SHA-1: 0x41FFEDAD535E31E4CE5E1A0525F5414FE09C06C7
(not available)
8 %CommonAppData%\MFAData\pack\Avgx86.msi 3,022,848 bytes MD5: 0xF5DEBA280B8B621BAB54E1ED61EC3057
SHA-1: 0xDEFFBB910A74AB7A2635E26BBDDE2B1825D9E2B0
(not available)
9 %CommonAppData%\MFAData\pack\bins\poi10free_lic8gq.bin 5,926 bytes MD5: 0xFBC25F01FD9ED67700F9D2310AD63A46
SHA-1: 0xD2F9F7C660E48FAF853AB2670E29155F9CB63299
(not available)
10 %CommonAppData%\MFAData\pack\bins\poi10free_mis7gj.bin 70,047 bytes MD5: 0x570509E4DAE5CE348AF0CBB8CA1B3569
SHA-1: 0x97ED23B9227A7F634A1064E2930F01028D2101BE
(not available)
11 %CommonAppData%\MFAData\pack\bins\w10avgx1153rl.bin 994,763 bytes MD5: 0x1440CAF367DFEAC00DAD301E2D4B7D07
SHA-1: 0xEEB6AA7CAB31F99D1044BCAD9732C94394ED88F6
(not available)
12 %CommonAppData%\MFAData\pack\free_mis.mdf 64,318 bytes MD5: 0xBC40CC4A325AC3DF455418AE37083B6C
SHA-1: 0xF05BA3624EB243F9E27BF059DFCEF81524450E15
(not available)
13 %CommonAppData%\MFAData\pack\lic.mdf 206 bytes MD5: 0xDD1BBB96831AAFC8151D464E0FDA3EFF
SHA-1: 0x3D18A3571943D60634BEF7FFCFA299349A84F693
(not available)
14 %Temp%\7zS1.tmp\avgmfapx.exe 3,156,320 bytes MD5: 0x341D785AEFDBCD70D89A0287173C55E6
SHA-1: 0x24DD8C0C6D378894129A97CBEEAD414CB33B7930
(not available)
15 %Temp%\7zS1.tmp\avgmfarx.dll 675,168 bytes MD5: 0xA3A99F16E515764AB0A42C3B8E15BA27
SHA-1: 0x8B3D1F3A94DFF74842A29DF43E9F3A8A73EFCF4E
(not available)
16 %Temp%\7zS1.tmp\avgntdumpx.exe 285,024 bytes MD5: 0x38CD08EFC15EF14DC8EEF0CC90CC768B
SHA-1: 0x5E4F1F46ED54AC870FF4D512C32AC26410A26546
(not available)
17 %Temp%\7zS1.tmp\avgrunasx.exe 237,408 bytes MD5: 0x9BFCDF76E79770A2AD5BCFB89DB101CF
SHA-1: 0xACB2F08A78A50A1CD6B19D209FCCA110EA3B1B22
(not available)
18 %Temp%\7zS1.tmp\htmlayout.dll 865,280 bytes MD5: 0x79015604A36ED34CD682B8586E7DDF9F
SHA-1: 0x18EADADD01F2273FA14120018C5E8E0050FD2AA7
packed with UPX [Kaspersky Lab]
19 %Temp%\7zS1.tmp\license_cz.htm 28,062 bytes MD5: 0xB5582085518D577D8182DBE69C54BBBD
SHA-1: 0x6FAF2ABC20B49FD729ED64ACD16F9B4DC0B12749
(not available)
20 %Temp%\7zS1.tmp\license_da.htm 29,994 bytes MD5: 0xDC85C1CD9617FF13A29279EF162EA408
SHA-1: 0x9094B73DE6F6F2BA8B35D75D7DFB83A1AFD547CA
(not available)
21 %Temp%\7zS1.tmp\license_es.htm 31,241 bytes MD5: 0x5D4FC3144D9474481118F72242C74430
SHA-1: 0xEADA96F911BB8D8F562A01359692BC247C9276E3
(not available)
22 %Temp%\7zS1.tmp\license_fr.htm 34,309 bytes MD5: 0xAA174B9C105F98E3A194AE87F2022622
SHA-1: 0x63E2A1634C7BB422E45DDC0CADA45094EBB40590
(not available)
23 %Temp%\7zS1.tmp\license_ge.htm 30,196 bytes MD5: 0x3DDE149B63F8236012D97C11AA5CE43A
SHA-1: 0x598EEF45F4833663FB0CAA2BD82434C506989DD7
(not available)
24 %Temp%\7zS1.tmp\license_hu.htm 42,572 bytes MD5: 0xB54D0A6C86CBCC4720481C610907F9C4
SHA-1: 0x510FD17EB6EDA9DEA0B5F91AFEF47A8D57F6989D
(not available)
25 %Temp%\7zS1.tmp\license_id.htm 29,375 bytes MD5: 0xD0BB727FE5C67E1A3F577788E88A8B70
SHA-1: 0xC7585B560A633F1391AD347E26BDB6D237B2642E
(not available)
26 %Temp%\7zS1.tmp\license_in.htm 26,118 bytes MD5: 0x9127AD0892125AFEEA647E0CF690663D
SHA-1: 0xCDCD6B782DE67209F6E3ADB02EC57A034FF5413D
(not available)
27 %Temp%\7zS1.tmp\license_it.htm 31,500 bytes MD5: 0xC815E575CEB681981E062A203E4ABD15
SHA-1: 0x0B785FC1910811C6EC4AE0E87D9C7DE11F739E1B
(not available)
28 %Temp%\7zS1.tmp\license_jp.htm 32,601 bytes MD5: 0xDA391DF51BD774612CA3805C8C006936
SHA-1: 0x3ECB1EA391415C1F229B31C3082764FFEB1BFBBF
(not available)
29 %Temp%\7zS1.tmp\license_ko.htm 28,458 bytes MD5: 0xCEFDC0F0FC629C90FEB95AF67B06BFDB
SHA-1: 0x0A810046A4A2422EF3F3FF447BB3F5144670D3C2
(not available)
30 %Temp%\7zS1.tmp\license_ms.htm 29,245 bytes MD5: 0x2C2EB4D56CB5A632E58DB56179B3C9A4
SHA-1: 0x68CAC63AF5A03062E467633EF1092AB9B3BC15A5
(not available)
31 %Temp%\7zS1.tmp\license_nl.htm 29,766 bytes MD5: 0xF74231EE8B7E61B33C7B8BF64FBB4B58
SHA-1: 0x9F63A0258532C06F32A31FB86D77105243C4DE77
(not available)
32 %Temp%\7zS1.tmp\license_pb.htm 33,146 bytes MD5: 0x745EFB60FF97BDE4C54C2C0E43D298B6
SHA-1: 0x2A035353EA98C878D8DBE4F7C045DF5A2E68EAF7
(not available)
33 %Temp%\7zS1.tmp\license_pl.htm 31,512 bytes MD5: 0x0714FDB2380B5DB90D9EBC85BEF0A4EC
SHA-1: 0x0B444C883804DC556F5B9F5780FE9B04B77381D4
(not available)
34 %Temp%\7zS1.tmp\license_pt.htm 33,353 bytes MD5: 0xB738DC30DA0B1983585ACDFD74C051C1
SHA-1: 0x886A9F0EACC88AD5FF2DBA5711D178D8D0416CE7
(not available)
35 %Temp%\7zS1.tmp\license_ru.htm 53,177 bytes MD5: 0x007AA823C26E84F76385D4623447FB21
SHA-1: 0x7171C0F6A70354E7861E7183C1FB7456C8795042
(not available)
36 %Temp%\7zS1.tmp\license_sc.htm 27,604 bytes MD5: 0x73601AD7ED0EFE94004AD37F234EA06F
SHA-1: 0x80187B9E971D126008998A4BA65A86C8B4D4BA0E
(not available)
37 %Temp%\7zS1.tmp\license_sk.htm 37,302 bytes MD5: 0x96D9E53979FB2713FF42A40D32237B3C
SHA-1: 0x4E617EDB49843BA848D2850246F0A5EC29C75562
(not available)
38 %Temp%\7zS1.tmp\license_sp.htm 30,997 bytes MD5: 0xDF9063848CE3AF0F0110EE1F0E2EDBB4
SHA-1: 0x0FC4565A35DAA81C59A8D8A2D753EAFBB07BDEE8
(not available)
39 %Temp%\7zS1.tmp\license_tr.htm 32,355 bytes MD5: 0xBAE2A46204D8F5C01720DF6889499842
SHA-1: 0xCD297505C9FE8103B1AD5FEB0612DF9E890DFA40
(not available)
40 %Temp%\7zS1.tmp\license_us.htm 26,118 bytes MD5: 0x63552649E7717B78B4D1489091E20644
SHA-1: 0x67389D1976BA3DB17733B54EA9B5DB9C0BBFA117
(not available)
41 %Temp%\7zS1.tmp\license_zh.htm 21,970 bytes MD5: 0xA072D9E2F2FF9DED70F4B5213E1E6A15
SHA-1: 0xEE2CB77B8C8F3F3230040676AF45DFDD9C0BCD0D
(not available)
42 %Temp%\7zS1.tmp\license_zt.htm 22,462 bytes MD5: 0xC7C0651E36A5C949D8B0A16867512D59
SHA-1: 0xA33C96145DD386C89AA57D92B504E7558B46B667
(not available)
43 %Temp%\7zS1.tmp\mfaconf.txt 59 bytes MD5: 0xC7822F5508E43CCA04909AEA2CBBFE23
SHA-1: 0x5AB178189AFB15EE158C4D654DDDBDC7B791DA17
(not available)
44 %Temp%\7zS1.tmp\mfacz.lns 132,594 bytes MD5: 0x0EA9D3EC654FDE318ECF15F8D3C1E484
SHA-1: 0x56786A4E5D09AB854A89DD124123679036AE658F
(not available)
45 %Temp%\7zS1.tmp\mfada.lns 130,169 bytes MD5: 0x707BD1DBC9F7AB5169AD6BB12AEA5882
SHA-1: 0xEDA54C38C0E0B755E705A17617A7C72E3E56C94A
(not available)
46 %Temp%\7zS1.tmp\mfaes.lns 138,735 bytes MD5: 0x38A32E7B1C1869DD96DF772951497B4A
SHA-1: 0x41EE1198C58134892AF6161A4D459A70CA5FDDA7
(not available)
47 %Temp%\7zS1.tmp\mfafr.lns 142,121 bytes MD5: 0x5D7088F8FD811534EFD993806765E032
SHA-1: 0x577D70B82DDDF4BE6F33FF9ECA87E6CBCC164D22
(not available)
48 %Temp%\7zS1.tmp\mfage.lns 141,783 bytes MD5: 0x64C7D11DABEA804001D5AE3043F0B396
SHA-1: 0x791F86D3424936E209C56394DF300A30CC5A6F1C
(not available)
49 %Temp%\7zS1.tmp\mfahu.lns 138,275 bytes MD5: 0x4C81058F18E2CFE5D8100948E8B6ED20
SHA-1: 0x0A8759F2BD08CA6AF4EFD749679A728B89801D70
(not available)
50 %Temp%\7zS1.tmp\mfaid.lns 129,351 bytes MD5: 0x8E5240416F2D1E5BB1AE1E91CA43EDEB
SHA-1: 0xD6C46A878F49B70BB3A194B386105670E87F57B7
(not available)
51 %Temp%\7zS1.tmp\mfain.lns 125,932 bytes MD5: 0xB78660156ECCDAC6AB82447F4BEF07DF
SHA-1: 0x70ED17AB1044F53542320428E516ED7467FC6896
(not available)
52 %Temp%\7zS1.tmp\mfait.lns 139,104 bytes MD5: 0x7D56B32DA810B00C5A7097FC4A7561F1
SHA-1: 0xD85CF0F911837578C03ADF28A0427842E78AB0DC
(not available)
53 %Temp%\7zS1.tmp\mfajp.lns 154,630 bytes MD5: 0x6805A7F18D7C6831EA0B6B8053EAB1E6
SHA-1: 0x068B422DA1EF8113E8C3A73E0B2F38E18AAB3396
(not available)
54 %Temp%\7zS1.tmp\mfako.lns 142,352 bytes MD5: 0xF95554FB207EA1CB50B8C34A01E444DC
SHA-1: 0x5E2BFBC78E15F6E2504BC771F2C1108ADEE88E71
(not available)
55 %Temp%\7zS1.tmp\mfams.lns 130,818 bytes MD5: 0xAAB7F7FC01840F7A6B0955D7A1965AEC
SHA-1: 0xE18EC7CED54A6B0492A83DAA3C35D44E7AA1908C
(not available)
56 %Temp%\7zS1.tmp\mfanl.lns 135,659 bytes MD5: 0xEBD69283EB002C8821049BDFFDD73F36
SHA-1: 0xD031C1E58213D715C89951F2CA65674A4377AB10
(not available)
57 %Temp%\7zS1.tmp\mfapb.lns 134,955 bytes MD5: 0x2D9EA8ADA5A15F573754EE54181D5570
SHA-1: 0x39C1CD0D05F92E2E9650C83324D2068E3AC90CD7
(not available)
58 %Temp%\7zS1.tmp\mfapl.lns 137,417 bytes MD5: 0x83931EC6E9F1C0AF0B59C21D46DD8401
SHA-1: 0x06CA00074B500E3EFF7524C2A569B8F2676946CD
(not available)
59 %Temp%\7zS1.tmp\mfapt.lns 138,345 bytes MD5: 0xDF0A7FBA982A41F58AAC104E5764EEEB
SHA-1: 0xE3D22A8FFFA0BA794E8C421FBC480250DAC71B89
(not available)
60 %Temp%\7zS1.tmp\mfaru.lns 181,616 bytes MD5: 0x9119C8FE9EFFCF3D95D4A83F22C9251E
SHA-1: 0x7FDDDAEE83CB01966F492E1651ABD19A118E8000
(not available)
61 %Temp%\7zS1.tmp\mfasc.lns 134,545 bytes MD5: 0xA60C6A494C0CDD7D7C317937D799473C
SHA-1: 0x65BCEE10FD262F5E4B9A10122F3E0F1F71E01ED1
(not available)
62 %Temp%\7zS1.tmp\mfask.lns 138,909 bytes MD5: 0x94A504882C62F77E5E3E49FF7D9DAFC8
SHA-1: 0x043BAA965720C696D3FCE6FCF2C3050E375385E7
(not available)
63 %Temp%\7zS1.tmp\mfasp.lns 138,023 bytes MD5: 0x64C7E2F4F6A9BAFDEBCCD032CE4E89E2
SHA-1: 0xE42159EBB8687C7CE1D73C318B68E7C475ACEED8
(not available)
64 %Temp%\7zS1.tmp\mfatr.lns 135,392 bytes MD5: 0xF7F9E6CFE53616E20F31678C0AD9A4D0
SHA-1: 0x40761E363343377FBCE142280A9C0D024FD1BBF6
(not available)
65 %Temp%\7zS1.tmp\mfaus.lns 125,928 bytes MD5: 0x5B2CFE58B596B8560B24234F15F82887
SHA-1: 0x7D4D7B3A08A20255DEA8BBC67BBE619F8AF30BE0
(not available)
66 %Temp%\7zS1.tmp\mfavera.txt 62 bytes MD5: 0xA7AB33D6959A3C055BA0B0D1A3FCFFB4
SHA-1: 0x568018092E8C45CA498F3DF3644254426A32E753
(not available)
67 %Temp%\7zS1.tmp\mfaverx.txt 62 bytes MD5: 0x4EBF2F779D270D908D2DBA5804507576
SHA-1: 0xCB3A105526688C3F6DEAAEFD3D7D58C3442B32B7
(not available)
68 %Temp%\7zS1.tmp\mfazh.lns 121,250 bytes MD5: 0x209F4CD97DB4244449FD9C9EE60CE665
SHA-1: 0x0E70419C50E7BFAB742CBE9CCBB9E45F62124EDA
(not available)
69 %Temp%\7zS1.tmp\mfazt.lns 121,658 bytes MD5: 0x74B5BBFB4458A5089842686DC1FE65FF
SHA-1: 0x89D539E8A3EC8ECD357B23B4F0D73679033F696B
(not available)
70 [file and pathname of the sample #1] 4,329,488 bytes MD5: 0x1000F376A35796BA52FF881D1E522154
SHA-1: 0x632C0A54CD518BACFCEBB109E0221D8C26701F2A
(not available)

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]233,472 bytes

Process NameProcess FilenameAllocated Size
avgmfapx.exe%Temp%\7zs1.tmp\avgmfapx.exe20,480 bytes
avgmfapx.exe%Temp%\7zs1.tmp\avgmfapx.exe20,480 bytes

Service NameDisplay NameNew StatusService Filename
MSIServerWindows Installer"Running"%System%\msiexec.exe /V

 

Registry Modifications

 

Other details

Remote HostPort Number
199.7.71.19080
212.96.161.22680
212.96.161.23880
64.208.241.6480
77.67.44.20780

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.