Submission Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.
Creates a startup registry entry.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %CommonAppData%\Anti-phishing Domain Advisor\guid.dat 38 bytes MD5: 0xEA942ADA6150EDF57F1BC2E204D07CAC
SHA-1: 0x526D31324AB67C1AEC5C868700AE42AC8E42DC7D
(not available)
2 %CommonAppData%\Anti-phishing Domain Advisor\uninstall.exe
%CommonAppData%\Anti-phishing Domain Advisor\uninstall.exe.nsnF.tmp
81,224 bytes MD5: 0xAFC663475667F86B6EE7A1528F1D7037
SHA-1: 0x409DDA733BEB9728B86FF1ED7C14A265822D4D98
(not available)
3 %CommonAppData%\Anti-phishing Domain Advisor\visicom_antiphishing.dll
%CommonAppData%\Anti-phishing Domain Advisor\visicom_antiphishing.dll.nsnF.tmp
305,832 bytes MD5: 0x94E62797BC523FDC07F537AD8DD051FC
SHA-1: 0x8E7F0573A61450B03C9940A54A2FDAB86107674D
packed with PE_Patch [Kaspersky Lab]
4 %CommonAppData%\Anti-phishing Domain Advisor\visicom_antiphishing.exe
%CommonAppData%\Anti-phishing Domain Advisor\visicom_antiphishing.exe.nsnF.tmp
206,504 bytes MD5: 0x972735C0A9A663E22A69B7B8F0646505
SHA-1: 0x3149BEC3325092887868071A563D13B2FA166317
(not available)
5 %AppData%\blekkotb\dtx.ini 15 bytes MD5: 0xFC8D926D53F9D201E8FED4C5CEB14620
SHA-1: 0x9EDC50F8C7EFA3209BEF6F17A4247A446C1E45D0
(not available)
6 %AppData%\blekkotb\geodata.xml
%Temp%\{26c9e18c-3717-4be1-a225-04e4471f5b6e}\geodata.xml
179 bytes MD5: 0x1C710E1B78242338387D62FD7F57AFD6
SHA-1: 0xF3BF9EFFB611196F6A6A8D4471B941A22720AE44
(not available)
7 %AppData%\blekkotb\guid.dat 38 bytes MD5: 0xF39F6475EFEBEB75AE83D419FAF3E38E
SHA-1: 0x51A6226CF2B9AE2123033FCDA0C2013310A36038
(not available)
8 %AppData%\blekkotb\setupCfg.xml 288 bytes MD5: 0x8543986E55A90ED15F9BFB90480BEEB4
SHA-1: 0xA40D1FE327F7A68AE45A63BE5ABD25E4A7FB6254
(not available)
9 %Temp%\blekko-manifest.xml
%ProgramFiles%\blekkotb\manifest.xml
836 bytes MD5: 0xFE50F210366C5A1761E294509992F324
SHA-1: 0xAA2505E471C7AD627E7F43AB862F6213FD140773
(not available)
10 %Temp%\ICReinstall\[filename of the sample #1]
[file and pathname of the sample #1]
463,080 bytes MD5: 0x28A50A39F90FF75FD056E3B92383B317
SHA-1: 0xEF9A33265A0F6C41DBCA056BE9903A5CA65CA4F5
packed with UPX [Kaspersky Lab]
11 %Temp%\is1598539481\2090234214.cfg 224 bytes MD5: 0x4661EE532F36D9EC4B9FD3A4BC1F5EA5
SHA-1: 0x439CE6BDCC40A45E60CB7A62670E2DC23C76BB11
(not available)
12 %Temp%\is1598539481\2112289995.cfg 224 bytes MD5: 0x1274D09C63D7D37C5E4FB44E31B891BA
SHA-1: 0xEDD252EFBAB6B499CB2CD0E0A16B741278D29AF7
(not available)
13 %Temp%\is1598539481\52370_Setup.DAT
%MyDocuments%\djdec312a.zip
6,182,304 bytes MD5: 0xBC21FCD8B6FF610C0D925532787687D2
SHA-1: 0x20CABCD7FEF872E373E392243D0D2D02EABB7BD1
(not available)
14 %Temp%\is1598539481\52394_Setup.CIS 1,966,710 bytes MD5: 0x45AFB9F184DBE3560061CE4B8B023014
SHA-1: 0xB397D6782680ED9F8FF1896DB8F8DFF83EE11F19
(not available)
15 %Temp%\is1598539481\blekkoTb_1.0.0.8.exe 2,018,856 bytes MD5: 0xEE14CEFE649B021837FA22F1A263B13D
SHA-1: 0xB6996074DF99A15CD1B9B22484F4BD05C0F3C868
(not available)
16 %Temp%\ish210562\css\buttons.css 1,238 bytes MD5: 0xE10BA3C9C951F5555528C9B291334879
SHA-1: 0xE231BE4624910387AAAE4301D856DAB528F8522C
(not available)
17 %Temp%\ish210562\css\ie6_main.css 475 bytes MD5: 0xEC8BC9B61645C661B1BD3DCC8F781B30
SHA-1: 0x96D9124BF9D0D0F2E343A372ED3460F9F0C2A7CA
(not available)
18 %Temp%\ish210562\css\main.css 4,562 bytes MD5: 0x1D7B7D4B58AE79B4C4CADDE36B409242
SHA-1: 0xE3531BB7B293DD813C4B1A5481E71CB40B0E316A
(not available)
19 %Temp%\ish210562\css\progress-bar.css 508 bytes MD5: 0xE1FCF8B6066AF9A266AE34738ED5C000
SHA-1: 0x4D1079CCDFE311B77177BED54163C7CC73D7D1BE
(not available)
20 %Temp%\ish210562\defaultOffer\ad_html.txt 233 bytes MD5: 0xE321D82C7629CFB1D714779402DD23DD
SHA-1: 0xD8560FE919A0F62DBCA5FAE957654F34E4D2F065
(not available)
21 %Temp%\ish210562\defaultOffer\images\techtracker.jpg 26,693 bytes MD5: 0x199832D24E8AA5EC99AE079E8BB5B1E7
SHA-1: 0x8DE13A46F38035B0D02E27A0656CC1E584787807
(not available)
22 %Temp%\ish210562\defaultOffer\TechTracker\TechTracker_code.txt 2,966 bytes MD5: 0xE695AFF87DE58D140142A47F4F4BA207
SHA-1: 0xE09D03AEE8B62B6AB56C7B7A2F1956A8BDA74CD1
(not available)
23 %Temp%\ish210562\defaultOffer\TechTracker\TechTracker_html.txt 1,021 bytes MD5: 0xD60E47EEE106B761F7D7676CE8E12A2D
SHA-1: 0x2A458683BA295C7DB0A6615E8CDB567B79F2C4FD
(not available)
24 %Temp%\ish210562\images\green_btn.png 485 bytes MD5: 0xB570EA77375823BE8510C0F27768ED62
SHA-1: 0x096ED270C93AD811039738B7FB53E05EAAE7F4BB
(not available)
25 %Temp%\ish210562\images\grey_btn.png 360 bytes MD5: 0x501821D95E958528FED4747E4190B39F
SHA-1: 0x70E3C15D3CE5853A67AA741EC701D3AF307D7BD9
(not available)
26 %Temp%\ish210562\images\loader.gif 7,791 bytes MD5: 0xEDB71146254D3B8EBAE18607E801398C
SHA-1: 0x8775027DA6F6CC19C72D20C7F1615A01112E5D3C
(not available)
27 %Temp%\ish210562\images\main.png 22,145 bytes MD5: 0x1A2AD75C0AF449D5719473655EF5AF04
SHA-1: 0x82C5BA738B9CD2508EA2D69DA7985D586A4F0DCA
(not available)
28 %Temp%\ish210562\images\offer_box2.png 3,024 bytes MD5: 0x61F74251810068CB9EDAEAADA3C50D29
SHA-1: 0x3B779B8E723CA1E1E73AC534A2D415A18FB2DB6E
(not available)
29 %Temp%\ish210562\images\pause_btn.png 982 bytes MD5: 0x14B92CBE22EF5A31A5533D0AB114537E
SHA-1: 0xE428F1B0236F7A85FAF045237A7CD29A305D936C
(not available)
30 %Temp%\ish210562\images\prod-icon.png 4,622 bytes MD5: 0xEF430C7CB8DAD930F9E51941593B2AF2
SHA-1: 0x03CA0848FD18014781B7C1DA5064A761E1F317F8
(not available)
31 %Temp%\ish210562\images\progress_bar.png 456 bytes MD5: 0x26588A39E960E2F5BA70FC082A8F02AF
SHA-1: 0x116B62C07995D60F9BFC492296CC9C5C5A1AD26A
(not available)
32 %Temp%\ish210562\images\resume_btn.png 985 bytes MD5: 0x05E22E0225F53B69A44B443540C20324
SHA-1: 0xAF5EB7EBF4F053B17D19A678EC84C329E632B2DF
(not available)
33 %Temp%\ish210562\images\secure_dwnl.png 2,862 bytes MD5: 0x6F2B1F7689B06EEF2D9C4E5E00B9EE2E
SHA-1: 0xBDB0B30006AF53427194EA79F0615992CB84A99B
(not available)
34 %Temp%\ish210562\images\welcome_prod_box.png 1,593 bytes MD5: 0x93791BDB5453514A501AD84985B69824
SHA-1: 0x4FD167C14DDBC76472082C3C5ADB37052C96D6C0
(not available)
35 %Temp%\ish210562\images\zip_icon.png 943 bytes MD5: 0xA17CADDBEE24EF3FFB3DAA1D12EF3933
SHA-1: 0x728D11A32C5610D0362E9AED32F6F376CAD937DF
(not available)
36 %Temp%\ish210562\locale\EN.locale 2,450 bytes MD5: 0x5128DACAA4884C07897B2A14E924CE2D
SHA-1: 0x383A9A3F9EC01FA528A206802F75518638D79669
(not available)
37 %Temp%\ish210562\mask.bmp.Mask 196 bytes MD5: 0x6A385B06B6108CD109828A9F5F9FBE4C
SHA-1: 0x8003481E740E7E02F32DF1C6866E0809BF59B1A9
(not available)
38 %Temp%\ish210562\sdk\exceptlist.txt 34 bytes MD5: 0xF01863CCE9F2A2E4DCEF02F285E561AF
SHA-1: 0xE2CBA65BE3F487E3760CF8D9247D3F4F73FF8174
(not available)
39 %Temp%\nsjB.tmp\nsProcess.dll
%Temp%\nst4.tmp\nsProcess.dll
4,096 bytes MD5: 0x05450FACE243B3A7472407B999B03A72
SHA-1: 0xFFD88AF2E338AE606C444390F7EAAF5F4AEF2CD9
(not available)
40 %Temp%\nsjB.tmp\UAC.dll
%Temp%\nst4.tmp\UAC.dll
16,896 bytes MD5: 0x0D422E0C03A7D9428C6C02175D7DC9F8
SHA-1: 0x5E13D49521CFBBE52CD74DE8E1682789F0268969
(not available)
41 %Temp%\nsl8.tmp
%Temp%\nsnF.tmp
0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
(not available)
42 %ProgramFiles%\blekkotb\auxi\blekkoAu.dll 262,312 bytes MD5: 0xD06A34921074D63738EA24132C480ED6
SHA-1: 0xB3402372D016ACBB8316D636A1128C12A2E51472
(not available)
43 %ProgramFiles%\blekkotb\auxi\config.xml 274 bytes MD5: 0xFF80E6EED0C0FA47511DFE6B3B079677
SHA-1: 0xFB09E96F021D2081F95E27F2F95946BA438D06A1
(not available)
44 %ProgramFiles%\blekkotb\blekkoDx.dll 86,696 bytes MD5: 0x1F3B9565FA09E0CC5B64E7E05FBB7F54
SHA-1: 0x99F29887D65EBDEBC6F8CEFCF2397676710DB184
(not available)
45 %ProgramFiles%\blekkotb\blekkotb.dll 438,952 bytes MD5: 0xC4EB7AD8C3D55BE6E4251F69360D5C38
SHA-1: 0x793E4A85357DC0DC9101971F156156BFCD7B625C
(not available)
46 %ProgramFiles%\blekkotb\chrome\content\custom.js 10,010 bytes MD5: 0xCD8B856FA62B41684564EB48FD6010E6
SHA-1: 0x8EC18EC1669D43D1816926DC0440AB06FD89A8DC
(not available)
47 %ProgramFiles%\blekkotb\chrome\content\lib\about.xml 4,921 bytes MD5: 0x066A271DC0C17AFC6FF0A3F091C9902A
SHA-1: 0x6480FB2E8510D4F778CA5F012860F892617A83BA
(not available)
48 %ProgramFiles%\blekkotb\chrome\content\lib\dtxpanel.xul 573 bytes MD5: 0x95EC17707A727FD33987BE7A07194E92
SHA-1: 0x2526B93671448EBBB03818DE9B57FBEE75CE561A
(not available)
49 %ProgramFiles%\blekkotb\chrome\content\lib\dtxpaneltransparent.xul 653 bytes MD5: 0x239C5696C7BB0580A6CB81A077253AC0
SHA-1: 0x9314294B26FDD45823445211EAD848E4A133EEC4
(not available)
50 %ProgramFiles%\blekkotb\chrome\content\lib\dtxpanelwin.xul 407 bytes MD5: 0x13CD2406BFF36932421ADA94CFF51556
SHA-1: 0x7C249E08B47E51D7B993875DB028356018CEE468
(not available)
51 %ProgramFiles%\blekkotb\chrome\content\lib\dtxprefwin.xul 307 bytes MD5: 0x65A2F4FC8403318A42176E623853E322
SHA-1: 0x9BA85F8C0715A7A96D9E1807394BD4EB3345CD0B
(not available)
52 %ProgramFiles%\blekkotb\chrome\content\lib\dtxtransparentwin.xul 657 bytes MD5: 0x2E3B30A89A70544F13F8E8A2048D32ED
SHA-1: 0xB35227B784CA041DC34AF2F2305B8579D0E71EE6
(not available)
53 %ProgramFiles%\blekkotb\chrome\content\lib\dtxwin.xul 387 bytes MD5: 0xC02FA8EF5FF25FC99F4C8591223E248A
SHA-1: 0xBBF2A613D4C430AD3D23CAE7E8BFB580CD55C12C
(not available)
54 %ProgramFiles%\blekkotb\chrome\content\lib\emailnotifierproviders.xml 1,639 bytes MD5: 0xE842A242EDE1EA20759503A099052D38
SHA-1: 0xCA593FA3E5E4AB0D5B247F96E78E0015CCD2608B
(not available)
55 %ProgramFiles%\blekkotb\chrome\content\lib\external.js 552,224 bytes MD5: 0x8F93105CE9F92D7A532B35EC67E32831
SHA-1: 0x59412F51A04D729C132B5CC8DC66D04D0E21185A
packed with JSPack [Kaspersky Lab]
56 %ProgramFiles%\blekkotb\chrome\content\lib\neterror.xhtml 344 bytes MD5: 0xF1D321A9DA995A49E2598A93AB98A2A3
SHA-1: 0x0622F31733225F4D036D63D0AA534104B8B53081
(not available)
57 %ProgramFiles%\blekkotb\chrome\content\lib\rsspreview.html 241 bytes MD5: 0x300D38768E03CEE1C370445BBED68D8C
SHA-1: 0xC3D74B867681F0C22E0C03E93D999C7002042473
(not available)
58 %ProgramFiles%\blekkotb\chrome\content\lib\rsswin.xml 2,602 bytes MD5: 0xFFA19686935085E9ADDF613AEACC7E65
SHA-1: 0x8BAC907152C20038539804C28BCD4B6690262E72
(not available)
59 %ProgramFiles%\blekkotb\chrome\content\lib\rsswin.xsl 7,474 bytes MD5: 0xA8C5A0F0E6A5D0E64DD0178344B97531
SHA-1: 0x16C18DEEF77CADDE15F96E88E90CDDF5D8EADF68
(not available)
60 %ProgramFiles%\blekkotb\chrome\content\modules\datastore.jsm 5,119 bytes MD5: 0x7A6AEE7DA660ACC949996E85545B90BC
SHA-1: 0xDEA859794EBBB5B59996245BC8E1C77BECBD0F2C
(not available)
61 %ProgramFiles%\blekkotb\chrome\content\modules\nsDragAndDrop.js 22,187 bytes MD5: 0x9331B476499A8BDDE92248B7B4C43CB6
SHA-1: 0x7A2313EED6F18A613D9FB73DB1A321E1DBA0D3C3
(not available)
62 %ProgramFiles%\blekkotb\chrome\content\newtab\images\btn_search.gif 2,671 bytes MD5: 0x3A34F255095637382ABB7479C71A0EA7
SHA-1: 0xF40BA3A9C06AF7D63D8EB9A3EB3EA355D553C426
(not available)
63 %ProgramFiles%\blekkotb\chrome\content\newtab\images\bullet.gif 45 bytes MD5: 0xDA1A3193AE2D96A96DBDB8E93921D201
SHA-1: 0x256D453A9A10BE1927EFA0A461BAB1C6A016FA36
(not available)
64 %ProgramFiles%\blekkotb\chrome\content\newtab\images\field_bg.gif 389 bytes MD5: 0xB29878732B5BB33457F55CF5977C9448
SHA-1: 0xED7F9BAEF341536D53D30B7D9EFE59EED33727E2
(not available)
65 %ProgramFiles%\blekkotb\chrome\content\newtab\images\powered_by_yahoo.gif 1,029 bytes MD5: 0x0854AF6254DC1C7040B2B2EC57FD135F
SHA-1: 0xB5276943EB659F8A2806CEF454BA3A82C176D59A
(not available)
66 %ProgramFiles%\blekkotb\chrome\content\newtab\newtab.html 6,733 bytes MD5: 0x1A0AA63F592A2BFE02FF946EFDF7C40F
SHA-1: 0xE417D6CC817B214A60FA429F9062B0D94C29530D
(not available)
67 %ProgramFiles%\blekkotb\chrome\content\preferences.xml 663 bytes MD5: 0xF7725A8FD65327FBD2DC578958D4FB2D
SHA-1: 0x70A6589C6B66C55439B0A02359A20342E27A8BF3
(not available)
68 %ProgramFiles%\blekkotb\chrome\content\toolbar.htm 631 bytes MD5: 0xBAFF789DC96EB9843679D135E865C0D0
SHA-1: 0xEC898E42152CED6B02120CEC7A4B16E177D695E7
(not available)
69 %ProgramFiles%\blekkotb\chrome\content\toolbar.xul 553,000 bytes MD5: 0x251AA7D114C729C0A44543339B3D978E
SHA-1: 0x512BD7BAD1B8A4E55FD1B30D5733D12B106F6689
(not available)
70 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\css\dialog.css
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\css\dialog.css
4,617 bytes MD5: 0x85E442DB22E79AB9A933EE1661694957
SHA-1: 0xCB077C2427AA303E157E834C7B777FBF36C2ACFF
(not available)
71 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrow-grey.png
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrow-grey.png
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrow-grey.png
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrow-grey.png
216 bytes MD5: 0x93A9594D662E46C469CCE305BEE633A4
SHA-1: 0x72D66435320059EAB467384D21D683D4A7BED133
(not available)
72 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrows_grey-left.gif
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-left.gif
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-left.gif
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-left.gif
175 bytes MD5: 0x41F85B4A728F76041B5E261A62CDE981
SHA-1: 0xB1D1AEC331B43A1E76C635AC67350A3DC10B84D9
(not available)
73 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrows_grey-right.gif
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-right.gif
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-right.gif
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-right.gif
120 bytes MD5: 0x2AFDE8BF7BF1E50285E272DA05FC4C3E
SHA-1: 0x73E5809B0ED33E7181F8A57295722CD9861E6844
(not available)
74 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\bg.gif 1,814 bytes MD5: 0xA49CFBDF6ACEF6B36406F9BAA738B002
SHA-1: 0x36E6A2A512A7D9EE1FBA3B0D9511BCA3D3196AD3
(not available)
75 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\btn-search-over.png
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search-over.png
1,457 bytes MD5: 0xA5E46071EFDD952C700009C5855BAB21
SHA-1: 0xC93D0243F09120CCD15AB52D4E566B0BADB589DE
(not available)
76 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\btn-search.png
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search.png
1,981 bytes MD5: 0xBD29344AE6BECAE4821196BD0D8FFFB9
SHA-1: 0x7E527903E3187EC1A1336FC62286C0C6C7FBD654
(not available)
77 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\throbber.gif
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\throbber.gif
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\throbber.gif
4,176 bytes MD5: 0xEBDFC31F9FBC9848AB637C12D0119A9A
SHA-1: 0x4D4DDDED1F429530E8205D1950D781FA4F32E1FF
(not available)
78 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\index.html 612 bytes MD5: 0xECF47C985F922B4353D3A5D98DA1075E
SHA-1: 0x1EFE6335FFA8B2FCA0683FD684585CBEB073CB11
(not available)
79 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\css\dialog.css 3,528 bytes MD5: 0x3EE900FB5A9C90984D4C180A7ACFACCD
SHA-1: 0x95673F8432F16BDAD731E5557BED13E22B3B1DA2
(not available)
80 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\1x1_transparent.png 126 bytes MD5: 0x2002588119B8478D19ADC51FAEB45D21
SHA-1: 0xAEC019679F1F8BAFA8D0C769AFB1DFD4410769D6
(not available)
81 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\bg.gif 1,782 bytes MD5: 0x66C3F2AC382ACCEEB14C8DDE57112ACB
SHA-1: 0x0171D81A90D80BDAD85898AA2617CC49C7CF5637
(not available)
82 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-search.png 49,773 bytes MD5: 0xDFA0C68826162BFCC1C493624B0B0082
SHA-1: 0xD6346F7DA4120F21E032D05D7393C6A32A15D13D
(not available)
83 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-wide-close-over.png 49,488 bytes MD5: 0xE144769EA9E6693E289FFFADE417E4AB
SHA-1: 0x10816B3437FE23C20A97B04B95F9873E28F6AF5E
(not available)
84 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-wide-close.png 48,603 bytes MD5: 0x5D8C66D3034CB36A07C953D70ED4B916
SHA-1: 0xBAFAC8282C7C7CADD221367E25FD9E2F17F0759A
(not available)
85 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn_close_x.gif 352 bytes MD5: 0xEE7EEE8F8D078C61E6B9456CCDF0C474
SHA-1: 0xF635571BB9A2B97076325479719E600153734AEB
(not available)
86 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\default.png 48,031 bytes MD5: 0x3E92D10248D63067AAF9A04DA1A3552C
SHA-1: 0x0EF9181C9716DFD951BF22A0F3F6B8F0A4A60D7B
(not available)
87 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\transparent.gif
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\transparent.gif
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\transparent.gif
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\transparent.gif
%ProgramFiles%\blekkotb\chrome\skin\lib\panels\default\images\transparent.gif
49 bytes MD5: 0x3D045B93716ED28DC745E648B3428A26
SHA-1: 0x36955B7E83FF9F5053CF23BD870D720A598C53AA
(not available)
88 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-left.png 47,079 bytes MD5: 0x1C7F55510E4E46B860CB222DA1929C0A
SHA-1: 0xA3752B714C5EC92D257B9C5B896CED3477B4901E
(not available)
89 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-mdl.png 46,958 bytes MD5: 0x8162076754549379792A547C3311C378
SHA-1: 0x6732B7BD38760365C69EB0D70B5E5F5004929670
(not available)
90 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-right-resize.png 47,489 bytes MD5: 0xDBD5065675A6CC342A11D8FEE6B88D5A
SHA-1: 0xD6C511CCDC9E7234C0BDE79A6CFB8E624AFC4515
(not available)
91 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-right.png 47,636 bytes MD5: 0xCD53D3762AA6B723AAE781373721EA80
SHA-1: 0x3B9E2F8264AC2ADB4FFEE0989E9272CA295ECAE2
(not available)
92 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\main.html 2,856 bytes MD5: 0xFFA2F6EE4A3F0A13D085D09D9ABB712B
SHA-1: 0x0D30B05983F431A3C5A28D21902D325268640BAC
(not available)
93 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\scripts\defscript.js 2,390 bytes MD5: 0x3527161C8F5DFD37D49F0B0EADCF7403
SHA-1: 0x65E5690F506135E959AFF69CD07ACEBC9F0B1942
(not available)
94 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\tb_icon.png 4,818 bytes MD5: 0x918686D72A439180526EFCD414317572
SHA-1: 0x881083754A42DB4C8A9FEBFDEC452725D94BF714
(not available)
95 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\widget.js 5,127 bytes MD5: 0xA41D6454F475B4451F43C2AC52002196
SHA-1: 0xEAAED04B8DE93CCF04082811C7CE9587917E44D3
(not available)
96 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\widget.xml 1,196 bytes MD5: 0xC6A647DE027EE696D3DE66328E8D1A14
SHA-1: 0xF4098AE5A7A94F526F24C27BFD1524798CCA6B15
(not available)
97 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\widget_version.txt
%ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\widget_version.txt
36 bytes MD5: 0xF6C6316F6B7F67942128A9A3CB1FE2BC
SHA-1: 0xA8680D3E5A7FF7410BAB65C34BF502A5F3892F2E
(not available)
98 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\.project 226 bytes MD5: 0x14B1DBB1DFAF08C24DA9CC9AC4BC6BC7
SHA-1: 0x077D8AF50E3D7CC7ACEFCBD5678DAA9DFEB7A3FE
(not available)
99 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\alert_coupon.css 1,384 bytes MD5: 0x65FEF1695058DEE1B3B31007CCB17BD7
SHA-1: 0x5D9901E2759645FB8DB4FD982C21E82B7918DD55
(not available)
100 %ProgramFiles%\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next-off.png 1,167 bytes MD5: 0xEE3F6AFEA4E00BB294646D32E5E48FBE
SHA-1: 0x6EBC89A31DAB06A0741B053F2B57BCA9DAF4061B
(not available)

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]1,101,824 bytes

 

Registry Modifications

 

Other details

Remote HostPort Number
107.20.139.16180
178.236.4.2580
204.0.5.5780
207.171.163.15280
207.171.163.2480
209.18.43.14680
50.16.225.3180
64.30.224.8980
66.115.160.3380
67.205.74.14480

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.