Submission Summary:

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile Hash
1 %CommonAppData%\SearcH-yNeewTaba\513e3eeeaf8f0.dll 118,272 bytes MD5: 0x00CE3831A16A62C6D7EA4B21049E4B22
SHA-1: 0x3E48C8D25B196D67722ED20CD36BF3448A4C9136
2 %CommonAppData%\SearcH-yNeewTaba\513e3eeeaf8f0.tlb 18,480 bytes MD5: 0xD5980FF8EB0EF4276FAD96FBA8FC5018
SHA-1: 0x2CB05F8B43AA3AE2F5492F590997EEC6FF808FE2
3 %CommonAppData%\SearcH-yNeewTaba\data\SearcH-yNeewTaba.dat 6,119 bytes MD5: 0x8061E35DF5B4F3A28177D04117B2151A
SHA-1: 0x175B7C81E56CDD4AE0490705040ED387381A8B68
4 %CommonAppData%\SearcH-yNeewTaba\settings.ini 7,261 bytes MD5: 0xB689FAA714BD5EA8E9638662A408CE60
SHA-1: 0x5B8940C756547532C5B69172CC8C954BE73387A3
5 %CommonAppData%\SearcH-yNeewTaba\uninstall.exe 49,824 bytes MD5: 0xF3C79BDA3FDF7C5DD24D60400A57CADB
SHA-1: 0x1ADB606AAEEDB246A371C8877C737F0F8C798625
6 %CommonPrograms%\SearcH-yNeewTaba\SearcH-yNeewTaba.lnk 294 bytes MD5: 0x974346FBB4F85FBBCF164F79426C3BAC
SHA-1: 0x26B61B56E443E65C1B47372FEB667117B06A11E6
7 %CommonPrograms%\SearcH-yNeewTaba\Uninstall.lnk 1,193 bytes MD5: 0xB29BD5864FC8CD2EB731549D697A2038
SHA-1: 0x6151A05BA87890D917D84CF25CA171CFBC0A4EE6
8 %AppData%\Google\Chrome\User Data\Default\Extensions\nkgigdpamlmobppimdgjfdpipbelickb\1\513e3eeeaf6a81.70793170.js 4,947 bytes MD5: 0x515C913A4C6D481A9C5A5AC0533E9BE3
SHA-1: 0x04BD3A524E4F36AE19B4B8FB21031C9A75E7DA31
9 %AppData%\Google\Chrome\User Data\Default\Extensions\nkgigdpamlmobppimdgjfdpipbelickb\1\background.html 161 bytes MD5: 0x432882C308A5416292434E2E07C8BF9E
SHA-1: 0xD7CB055703304F4021C5E183DF3DA420E17196D1
10 %AppData%\Google\Chrome\User Data\Default\Extensions\nkgigdpamlmobppimdgjfdpipbelickb\1\content.js 197 bytes MD5: 0x5F9891607F65F433B0690BAE7088B2C1
SHA-1: 0xB4EDB7579DCA34DCD00BCA5D2C13CBC5C8FAC0DE
11 %AppData%\Google\Chrome\User Data\Default\Extensions\nkgigdpamlmobppimdgjfdpipbelickb\1\lsdb.js 559 bytes MD5: 0x209B7AE0B6D8C3F9687C979D03B08089
SHA-1: 0x6449F8BFF917115EEF4E7488FAE61942A869200F
12 %AppData%\Google\Chrome\User Data\Default\Extensions\nkgigdpamlmobppimdgjfdpipbelickb\1\manifest.json 559 bytes MD5: 0xB4ACC2FDC006DA0F33BB42B2D4944399
SHA-1: 0xE052B7551B3FE3A43D0877F7FA2171FC278147F3
13 %AppData%\Google\Chrome\User Data\Default\Extensions\nkgigdpamlmobppimdgjfdpipbelickb\1\newtab.html 378 bytes MD5: 0xDEC58D62DDD2FBC328A073931FF27B35
SHA-1: 0xE44FD4BA51B08D865C09129F7DBC8C445DC35ADE
14 %AppData%\Google\Chrome\User Data\Default\Extensions\nkgigdpamlmobppimdgjfdpipbelickb\1\sqlite.js 1,211 bytes MD5: 0x4E3CE7EDE067ED407FC3DA9E9A0C3947
SHA-1: 0x621D7BA73504B6056E0FA990D9CBA449CA202D82
15 %AppData%\Google\Chrome\User Data\Default\Preferences 1,937 bytes MD5: 0x79A75627248196CC61C6CB15A5762A15
SHA-1: 0x0E340793F5A231DD1492370C29E8925906194896
16 [file and pathname of the sample #1] 261,707 bytes MD5: 0x2150E077714E1AB62A6AF032F746B786
SHA-1: 0x344185075CFCB4D0EE6D949E1C3B2A0272E78525

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]163,840 bytes
513e3eeeaf8b7.exe%Temp%\7zS1.tmp\513e3eeeaf8b7.exe262,144 bytes

 

Registry Modifications

 

Other details

Remote HostPort Number
192.5.5.2411033

Server NameServer PortConnect as UserConnection Password
syncerjpi.com80(null)(null)
jpinow.net80(null)(null)

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.