ThreatExpert Report

Submission Summary:

Submission details:

Submission received: 7 June 2012, 14:44:33
Processing time: 12 min 10 sec
Submitted sample:

File MD5: 0x39E497A1D4D0F313FF1A500C5C127D47
File SHA-1: 0x23DBC04D4F957AE36B9427CF24EA06F05A61596A
Filesize: 1,513,252 bytes

Summary of the findings:

What's been found	Severity Level
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).

Technical Details:

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash
1	c:\alotserviceruntime.log	3,205 bytes	MD5: 0x5A8D3E2D5B5000D443AA3F0219450295 SHA-1: 0xF323B8A9B34A7A6550D60CDC8928DD6D686A6ED5
2	%AppData%\alotappbar\resources\App_1007\images\1d14fe3350fef6b2cc0a4aa18ac5b0db.png	3,972 bytes	MD5: 0x1D14FE3350FEF6B2CC0A4AA18AC5B0DB SHA-1: 0xC7AE83D38F063437C438478695EF8AC0452E40B0
3	%AppData%\alotappbar\resources\App_117011\images\0b8ecbe372a5175cbe0643c28c1a236a.png	3,880 bytes	MD5: 0x0B8ECBE372A5175CBE0643C28C1A236A SHA-1: 0xE3826A2400581AFD1C4F75A96BA8730C82DAB033
4	%AppData%\alotappbar\resources\App_2254\images\8cffb8b3ba4df43dea939ac6952b3f2f.png	5,420 bytes	MD5: 0x8CFFB8B3BA4DF43DEA939AC6952B3F2F SHA-1: 0x8A48A4A90D4B451277BD3E0AAD791959BE2BB69A
5	%AppData%\alotappbar\resources\App_3562\images\d5aed714f2ab2d7fd8fd3f0b12d30a11.png	3,088 bytes	MD5: 0xD5AED714F2AB2D7FD8FD3F0B12D30A11 SHA-1: 0xE4323CAD651C52EB70D0CF70E5786E51548A21F9
6	%AppData%\alotappbar\resources\App_43911\images\018148d9866994114ac9caeb5325ccae.png	8,210 bytes	MD5: 0x018148D9866994114AC9CAEB5325CCAE SHA-1: 0x9EBA3415FD277C9382BBDC9DB6EDC659FAAB374A
7	%AppData%\alotappbar\resources\App_4629\images\7b2fdf9965fe4ff9b4ccddc50297c066.png	6,296 bytes	MD5: 0x7B2FDF9965FE4FF9B4CCDDC50297C066 SHA-1: 0x662B4719267D5D4B3A768D00B10F7FC045035194
8	%AppData%\alotappbar\resources\App_5809\images\dea85611eacb320a29fe17b8907b7e05.png	5,969 bytes	MD5: 0xDEA85611EACB320A29FE17B8907B7E05 SHA-1: 0x5C86CD7B220992CECC99956B6D9BA4448BE94051
9	%AppData%\alotappbar\resources\App_5862\images\31b7f2c3bcbce9030f42ad480a938327.png	5,580 bytes	MD5: 0x31B7F2C3BCBCE9030F42AD480A938327 SHA-1: 0xF9648EE391FDC0A7A1A91F1E3BD1E76F337C128B
10	%AppData%\alotappbar\resources\App_91011\images\4abec59effe5e1b1faed16b1b38bf35a.png	5,549 bytes	MD5: 0x4ABEC59EFFE5E1B1FAED16B1B38BF35A SHA-1: 0x4A40F4D8C1D3622C53D1978FA46C3B36D2625B7D
11	[pathname with a string SHARE]\domains.dat	216 bytes	MD5: 0x9258E08733048AA4E0CC0CCF276746F0 SHA-1: 0x0D5D3525921EA35072A35616873E6518F41F1C13
12	[pathname with a string SHARE]\add-app-hover.png	3,532 bytes	MD5: 0x5C8541288A079D4110571AF39F39B5D2 SHA-1: 0x8A39A9E6C89267053E2A3AD14E87A591B9DA43EB
13	[pathname with a string SHARE]\add-app.png	2,577 bytes	MD5: 0xD321CE6790FC0D80436D1C1A3978763F SHA-1: 0x19FE94B8E30388F6AD671A8BE16AEFF697E6BD97
14	[pathname with a string SHARE]\alot-logo-100x51.png	9,027 bytes	MD5: 0x91019B4FB46C99B84589A5AD2F0FB567 SHA-1: 0x7BCF0550138E444567859376EF68F0818682B5A8
15	[pathname with a string SHARE]\alot-logo-13x13.png	519 bytes	MD5: 0x58415AF3DDA1196FDD8F6580E93BDE34 SHA-1: 0x0E43FB41B3472F1C08C4C3E9043B33E316830BF8
16	[pathname with a string SHARE]\alot-logo-16x16.png	643 bytes	MD5: 0x23BE87901A2B36F105B74EED47CCF557 SHA-1: 0x7651E68498010DA84122BDBCAAACB8662E67938F
17	[pathname with a string SHARE]\alot-logo-65x34-hover.png	3,467 bytes	MD5: 0x2BBE6424C7AEC5FEA1040DA07537A17D SHA-1: 0x5028B38EEC984E886958BAD4F6AA40B9BA1B868C
18	[pathname with a string SHARE]\alot-logo-65x34.png	7,523 bytes	MD5: 0x759DC510428B0425F8B507AB3FEB70AE SHA-1: 0x91B8B07B8CA35D3E555BF12EA67ADB9DF2E2150F
19	[pathname with a string SHARE]\alot-logo-95x55.png	6,579 bytes	MD5: 0xF01731D799D9D0DEF70A47B2A42AB8D6 SHA-1: 0x71033B04214737FBE08BAC57F72CCAC7E0E4F00D
20	[pathname with a string SHARE]\check.png	567 bytes	MD5: 0x4C1A333682860A691912AEA0B3DF3140 SHA-1: 0x303CB358724928C7104699C6E047BC95907A65FE
21	[pathname with a string SHARE]\cog-hover.png	2,223 bytes	MD5: 0xD15AD88015E302569EA47DF2BFA68C6A SHA-1: 0xE55F9258D97AEA57BA95A51B49659845500C1CB6
22	[pathname with a string SHARE]\cog.png	2,209 bytes	MD5: 0xC96DA5BFFC7298CCA961CF07FB4EEC34 SHA-1: 0x7444BC76D44A6CDB97A0F6292D1FF08B25DFE7D5
23	[pathname with a string SHARE]\desktopAlertAttrBkgnd.png	980 bytes	MD5: 0x69874D8482522605AC9C3C50327FE499 SHA-1: 0x4B0F7DD9A627FD600CB197D9FE4D80032B1A5FEF
24	[pathname with a string SHARE]\DesktopAlertClose.png	1,005 bytes	MD5: 0x3F832F2867B560D9395E1F273EB36798 SHA-1: 0xCB318BD0D35367F05979AE1E0DE36546BAF3C9EB
25	[pathname with a string SHARE]\desktopAlertCloseHot.png	980 bytes	MD5: 0xBA17B5D55C3DC608F8F56E1FD860B5AE SHA-1: 0x44D2F79E3D9059C25872018F9F0EC422D6906D01
26	[pathname with a string SHARE]\desktopAlertImage.png	569 bytes	MD5: 0x085C0DC91438B6F4FCDABF2C4A87A04E SHA-1: 0x2F7E407F8AA34CBB675F82622055A8D112E3C34E
27	[pathname with a string SHARE]\desktopAlertImageBkgnd.png	1,033 bytes	MD5: 0x4A65FD214097C68A4897BFC4FC283397 SHA-1: 0x8F92490B62ECFD71DC86BA3441DC55D90559D1AE
28	[pathname with a string SHARE]\desktopAlertTextBkgnd.png	1,002 bytes	MD5: 0xB46C5C620D05B7BD9871B53BC69386CF SHA-1: 0x0A9E9A863F6F97600AF577A0B36AF01DE0A032CF
29	[pathname with a string SHARE]\error-icon.jpg	3,743 bytes	MD5: 0x6F9A9AC9A52BB7B029B0BE3B5ADA98D2 SHA-1: 0x8FB5C2FFEC4DC6A2F2764FABD981EFC6EEA1ED29
30	[pathname with a string SHARE]\favicon.ico	1,406 bytes	MD5: 0xC6E190633EE91B17DE0D3BF9C8D3729E SHA-1: 0x7082FF0F0C31E88164C4EFBAA262A7C5AD8BAA5D
31	[pathname with a string SHARE]\loading.bmp	4,808 bytes	MD5: 0x80B39786830F4093B42D8D616A36D560 SHA-1: 0xB21807BC9EC60FDD73C082DAD423430B2F9059D7
32	[pathname with a string SHARE]\magnifying-glass.png	832 bytes	MD5: 0x7B6162F00B9DD1272D540942A45B067B SHA-1: 0x8657CD5F7E418FCFCE2B77FDB5A94E6DE5D1C600
33	[pathname with a string SHARE]\PageAlertBkgnd.png	229 bytes	MD5: 0xFA6F68A7AA658204A0223D84ABAC8FC8 SHA-1: 0x415D4D9FCC05A86AE085DA8B6C6F087590B2478B
34	[pathname with a string SHARE]\PageAlertButton.png	1,020 bytes	MD5: 0x4129E7003A0C15E187E5B2B1952FBC73 SHA-1: 0x78E568C2B225EBEA0CD36678D3B6A827C47E77B1
35	[pathname with a string SHARE]\PageAlertButtonHot.png	1,017 bytes	MD5: 0xFCA0B27609AC508CD1BD4830AFE96F09 SHA-1: 0x790B2C4E48E6D089ABAEBE8ED4515EB0CDF4AF47
36	[pathname with a string SHARE]\PageAlertClose.png	202 bytes	MD5: 0x0F22945A4CCF5385897285282ABCDB56 SHA-1: 0xBEB0332B846501DC56F736F7D91E792858C9528F
37	[pathname with a string SHARE]\PageAlertCloseHot.png	151 bytes	MD5: 0x8ACEEE8443D3D98916249D80C79B38FF SHA-1: 0x8BECC99167166474FEEFD3F671B235E3CB590872
38	[pathname with a string SHARE]\search-button-hover.png	4,010 bytes	MD5: 0x3A39A7E98E05367E7F829C0A16B63E7B SHA-1: 0x093560A3C22602227F3E44B437816556E6BE5A23
39	[pathname with a string SHARE]\search-button.png	3,117 bytes	MD5: 0xF0B4E2F254EA7A21362475A29113B35B SHA-1: 0x4C349BDDD3C3A25D81F33E5A9B560AB499A2F8A2
40	[pathname with a string SHARE]\appbar-bg.png	197 bytes	MD5: 0x62CADDE2C796E9835A179896F40A8551 SHA-1: 0x59EF78667CD2D4228C36A6017EB7CBE78445504E
41	[pathname with a string SHARE]\divider.png	146 bytes	MD5: 0x218E0A42B5D731037AC7624182D98EC1 SHA-1: 0xC890904A1E533270B5FEB6A4E5303E777D152E25
42	[pathname with a string SHARE]\bg.png	233 bytes	MD5: 0x5A167AF8325B3C1BCBEB30A9A493AAA9 SHA-1: 0xD15485724437DD78842670F525B4EEF90CBBE5A0
43	[pathname with a string SHARE]\hover.png [pathname with a string SHARE]\hover.png	1,360 bytes	MD5: 0x0C79D32F0C41B4004F83366FC84C85AC SHA-1: 0x07BB9C52C2AE0EC645062C36CA043B0769365D16
44	[pathname with a string SHARE]\normal.png [pathname with a string SHARE]\normal.png	1,385 bytes	MD5: 0x7A00456CD2A47D7CAF649498B3E38A61 SHA-1: 0x30204FD45A061CCB4C80450B8B7D0F908FF485E1
45	[pathname with a string SHARE]\not-available.png	1,340 bytes	MD5: 0x6FEF0F277A952299996EF3CBC0D87975 SHA-1: 0xE148628B8C7F864F7031636BBF88C7DF93CCDD27
46	[pathname with a string SHARE]\hover.png	1,300 bytes	MD5: 0xA46C2276A429F07FFEED48D473BD2436 SHA-1: 0x1FDD77577CCA8BFBAD36DEC43D04E74B873ADEE3
47	[pathname with a string SHARE]\normal.png	1,331 bytes	MD5: 0x4BCF242607076E4D3FC12FAD31B23A0E SHA-1: 0xFBEFA87E68C42CFB2E152CD211150F6D23A1A540
48	[pathname with a string SHARE]\not-available.png	1,316 bytes	MD5: 0x6AE3BEADA3DAA164EA6932E68E7642D1 SHA-1: 0x3CCBA8E0A571BFCB5EA78295C5572674D027A146
49	[pathname with a string SHARE]\slider.png	335 bytes	MD5: 0x44A8DBE4ADF624620B28D04016359AA8 SHA-1: 0x2BEFEFB5B42BB8734E498EC7BD6E700D37102246
50	[pathname with a string SHARE]\appbar-bg.png	197 bytes	MD5: 0x7151972B8BF415B7B18F602167B4E762 SHA-1: 0xCFC18BAF22D2CB4B397E51DAEDA484A4403479C8
51	[pathname with a string SHARE]\divider.png	145 bytes	MD5: 0xA48AB6E15A2497783929B5CC47FB54D8 SHA-1: 0xB7B08364086425484F4CF6E76B4BCDCB30004259
52	[pathname with a string SHARE]\bg.png	234 bytes	MD5: 0xAA710F06F5B15EC386B9D284BD4A61E0 SHA-1: 0xAEC45E314C48BF7C11FEE83BAEC91424249E69C2
53	[pathname with a string SHARE]\not-available.png	1,353 bytes	MD5: 0xBF5E0CD7019751D993F04A9D177924E5 SHA-1: 0xC442DBAD57111B69FFEEC06B07D874BC419E4F7A
54	[pathname with a string SHARE]\hover.png	1,447 bytes	MD5: 0xCFB9A0F6CD9F770D1014F259FBF12960 SHA-1: 0xD0D41286DF6F51E7B296C8171EBB162359278554
55	[pathname with a string SHARE]\normal.png [pathname with a string SHARE]\not-available.png	1,417 bytes	MD5: 0xFC5221C707E77FE0A0C8EB0F4F07E42A SHA-1: 0x06124398B71F1D1D746BAEE51240413DE31003A5
56	[pathname with a string SHARE]\slider.png	337 bytes	MD5: 0x3D6F352B4FF18A130B44E88196C3C48E SHA-1: 0x529CF603D0892CF59962B26F24059EC917880A92
57	[pathname with a string SHARE]\appbar-bg.png	197 bytes	MD5: 0x7AD9E8607915AE97F209349954900D13 SHA-1: 0x511AE5814D3D0434507333B1F04AD6419E5E85AA
58	[pathname with a string SHARE]\divider.png	146 bytes	MD5: 0x53052D674B0241B19ED14FF8E82CBB00 SHA-1: 0x29A8F4D12805BE26C93D4F5782B2D8C5E524BD68
59	[pathname with a string SHARE]\bg.png	233 bytes	MD5: 0x5F5216333584CBBF29CD58E0344CE5D2 SHA-1: 0xB26B7E443032FF20ED9CCAC5DF7E19DAA9245281
60	[pathname with a string SHARE]\hover.png	1,415 bytes	MD5: 0xF60EA019C6C2FAE2AD313241904404AC SHA-1: 0x77F9622A6207C939E1AF7FE734F5BFBF2B62C3BD
61	[pathname with a string SHARE]\normal.png	1,374 bytes	MD5: 0x5B5BDDD69E80E3EB480D239F4E218CA2 SHA-1: 0x8253B46BCF39FE0765900CDC1209E02A5314B180
62	[pathname with a string SHARE]\not-available.png	1,355 bytes	MD5: 0x4AA703E7A09D18B64E0B8D00D2FE7FC4 SHA-1: 0x19515A5AF0EB9B97479FB475BC5E898270DFDD92
63	[pathname with a string SHARE]\hover.png	1,514 bytes	MD5: 0x579AED7AB57771F6C899B8938752D925 SHA-1: 0xFD59FB4590F25CA1FADF836593F56AC2D2F8C40B
64	[pathname with a string SHARE]\normal.png	1,451 bytes	MD5: 0xF382D2EA1AEF5F4FD9CAA7E7A963EA2A SHA-1: 0xC9E5CE6D5C7E6F1B7658446A8423E17DE38B6921
65	[pathname with a string SHARE]\not-available.png	1,437 bytes	MD5: 0x63EEFBDA742310E1F95DF69041082CA2 SHA-1: 0x135F67066A8CEAB4A2F43C87327B57B84E3645CD
66	[pathname with a string SHARE]\slider.png	337 bytes	MD5: 0xB28430FD30223F3C775FE187A1060F90 SHA-1: 0x1DC7FC08D69FD83BA6689506F628AE3CF45668FC
67	[pathname with a string SHARE]\caption-bg.bmp	5,140 bytes	MD5: 0x26669B6BF86F759F7EF59905805920E2 SHA-1: 0xDC4FEAF5E1F7DBBBBE510303E33B7AADF87BC2F1
68	[pathname with a string SHARE]\close-hover.bmp	1,992 bytes	MD5: 0x7C4437B6BC00EF8F7F27BFBA7CE7E02F SHA-1: 0x7A8E6D1CF5767C623EE0C59D00660F45A37F876E
69	[pathname with a string SHARE]\close.bmp	1,992 bytes	MD5: 0x560790FBC7BB1A35C5DF0F5E5E3021B3 SHA-1: 0x85AC67F22DDC54367450A16D1EF5ED69C01CA8A9
70	[pathname with a string SHARE]\configure-hover.bmp	1,992 bytes	MD5: 0x0F5941A7F43F3FEA932ECB03C0298ADE SHA-1: 0xA246253A81C51F4903378DF709194640AF34264E
71	[pathname with a string SHARE]\configure.bmp	1,992 bytes	MD5: 0xF5E1604C170F9EC5EDB67ECEF70CB062 SHA-1: 0x832D6B8B16B49EF9460C0A5BBB2D835FF0CB3E2A
72	[pathname with a string SHARE]\refresh-hover.bmp	1,992 bytes	MD5: 0x07509BECF3F0CDFD463D60839AF2ECA9 SHA-1: 0x85B65BA0D8A2FD7C54D34AFEB36DD7FBC87786D5
73	[pathname with a string SHARE]\refresh.bmp	1,992 bytes	MD5: 0x57368C605440B08AE95EAA7E27784007 SHA-1: 0xDFCC7AAD86685F67C47FC2C743F5CD99F4A79897
74	%AppData%\alotappbar\toolbar.xml %AppData%\alotappbar\toolbar.xml.backup	37,771 bytes	MD5: 0x25013E419F5E4C7B6B5893A8D7B739F5 SHA-1: 0xFDDDDB1443C6865C8B9D43D60FDCD74BA00D80FE
75	%AppData%\alotservice\alotservice.exe	255,880 bytes	MD5: 0xFFAEBA8534610BD6F3ABA46364B12EEF SHA-1: 0x8A5FE3FCE05FD168B78F8C36914B484983D24BBD
76	%AppData%\alotservice\service.xml	437 bytes	MD5: 0x1333D50C70781E0ADE28FB0872908C4E SHA-1: 0x594A96A27A74B1FC1901DE413E2557322540B604
77	%AppData%\alotservice\service.xml.backup	332 bytes	MD5: 0x75CECFA33E6E03CB00B12CC52D48FB81 SHA-1: 0xE439EB23FACD80EE769BC151819EB3B1576C438D
78	%Temp%\nsd10.tmp	376,707 bytes	MD5: 0xD87987C83B0E3D49522B89BA0C98AF90 SHA-1: 0xB19DB8C40522ECBACD6F5DE7E46F68AD633DAC8D
79	%Temp%\nsm5.tmp\installhelper.dll %Temp%\nst11.tmp\installhelper.dll	305,032 bytes	MD5: 0xF08341ABD706BCD4193E3AA286D26F54 SHA-1: 0x2FA6084768BE42EB11CDBA0BBE23AF5138621AF0
80	%Temp%\nst11.tmp\installagent.exe	78,216 bytes	MD5: 0x4D1F2636DDEF0D9BFAC6015EEB79DC70 SHA-1: 0x5DC2F6DC2389E69AC71810AEC1A27A5BCC161891
81	%Temp%\nst11.tmp\InstallOptions.dll	15,360 bytes	MD5: 0x6E663F1A0DE94BC05D64D020DA5D6F36 SHA-1: 0xC5ABB0033776D6AB1F07E5B3568F7D64F90E5B04
82	%Temp%\nst11.tmp\ioSpecial.ini	580 bytes	MD5: 0x4C03E878BF99448370B8FB741902D113 SHA-1: 0x43EBD5A6D9A5B65F4D37CB98CCE31B3CF9196FB5
83	%Temp%\nst11.tmp\modern-header.bmp	17,750 bytes	MD5: 0xE06E138DFC4A909C1FC82B1637500A15 SHA-1: 0xC8CEB984EFC836DA8F7A459B7D842B5B2A01A052
84	%Temp%\nst11.tmp\modern-wizard.bmp	154,544 bytes	MD5: 0x82CEED49BDCBD39C362597B191334D62 SHA-1: 0x45226C4333B5A2B69318137F65076BA36CA93910
85	%Temp%\nst11.tmp\System.dll	11,264 bytes	MD5: 0xB9F430F71C7144D8FF4AB94BE2785AA6 SHA-1: 0xC5C1E153CAFF7AD1D221A9ACC8BBB831F05CCB05
86	%Temp%\nst11.tmp\uninstall.ini	2,130 bytes	MD5: 0xE2CACE436AB5E31BA95D6FACC208CAF6 SHA-1: 0x879A025CDC53884800B129DCE5D8112C0A114A2D
87	c:\INSTALLHELPER.LOG	11,581 bytes	MD5: 0x11CAB4811A1C511118C45E5969A106B3 SHA-1: 0x54A34E902E5887351118A28DCC7A39F645684BF2
88	%ProgramFiles%\alotappbar\alotUninst.exe	230,958 bytes	MD5: 0x7535DC1CF1C2F66319E70E40C6D6BB15 SHA-1: 0xBB6F184F1E234D1045BDC750011A6E5E348112C9
89	%ProgramFiles%\alotappbar\bin\alotappbar.dll	1,109,896 bytes	MD5: 0xA58C5DD576AB2EE80BF82EA3BF056512 SHA-1: 0x681670F20656F0599D25E9EB419D284644AEBCF7
90	%ProgramFiles%\alotappbar\bin\alothelper.dll	60,808 bytes	MD5: 0xF933F35F1B1E2438A231239A008341B0 SHA-1: 0xBCCFF723F2E5E91D71337ACAF031E16D081AF360
91	%ProgramFiles%\alotappbar\bin\alotwidgets.exe	668,040 bytes	MD5: 0xE40E60BA7F7534BE2A383B2381CCAF4B SHA-1: 0xD0AA2622CDF5723079C4C8A973784484593F9372
92	[file and pathname of the sample #1]	1,513,252 bytes	MD5: 0x39E497A1D4D0F313FF1A500C5C127D47 SHA-1: 0x23DBC04D4F957AE36B9427CF24EA06F05A61596A

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.

The following directories were created:

%Temp%\nst11.tmp
%AppData%\alotappbar
%AppData%\alotappbar\resources
%AppData%\alotappbar\resources\App_1007
%AppData%\alotappbar\resources\App_1007\images
%AppData%\alotappbar\resources\App_117011
%AppData%\alotappbar\resources\App_117011\images
%AppData%\alotappbar\resources\App_2254
%AppData%\alotappbar\resources\App_2254\images
%AppData%\alotappbar\resources\App_3562
%AppData%\alotappbar\resources\App_3562\images
%AppData%\alotappbar\resources\App_43911
%AppData%\alotappbar\resources\App_43911\images
%AppData%\alotappbar\resources\App_4629
%AppData%\alotappbar\resources\App_4629\images
%AppData%\alotappbar\resources\App_5809
%AppData%\alotappbar\resources\App_5809\images
%AppData%\alotappbar\resources\App_5862
%AppData%\alotappbar\resources\App_5862\images
%AppData%\alotappbar\resources\App_91011
%AppData%\alotappbar\resources\App_91011\images
[pathname with a string SHARE]\shared
[pathname with a string SHARE]\images
[pathname with a string SHARE]\theme
[pathname with a string SHARE]\standard
[pathname with a string SHARE]\page
[pathname with a string SHARE]\left
[pathname with a string SHARE]\right
[pathname with a string SHARE]\standardClassic
[pathname with a string SHARE]\standardWin7
[pathname with a string SHARE]\widget
%AppData%\alotservice
%Temp%\nsm5.tmp
%ProgramFiles%\alotappbar
%ProgramFiles%\alotappbar\bin

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
[filename of the sample #1]	[file and pathname of the sample #1]	196,608 bytes
alotservice.exe	%AppData%\alotservice\alotservice.exe	278,528 bytes
wrapped.exe	%Temp%\wrapped.exe	208,896 bytes
ie.exe	%Temp%\ie.exe	1,544,192 bytes
alotwidgets.exe	%ProgramFiles%\alotappbar\bin\alotwidgets.exe	704,512 bytes
alotuninst.exe	%ProgramFiles%\alotappbar\alotuninst.exe	1,544,192 bytes

There was a new service created in the system:

Service Name	Display Name	Status	Service Filename
AlotService	ALOT Update Service	"Running"	%AppData%\alotservice\alotservice.exe

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotAppbar
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ALOTSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ALOTSERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ALOTSERVICE\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AlotService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AlotService\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AlotService\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ALOTSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ALOTSERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ALOTSERVICE\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AlotService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AlotService\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AlotService\Enum
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_SETCAPTURE_XDOMAIN
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION
HKEY_CURRENT_USER\Software\alotappbar
HKEY_CURRENT_USER\Software\alotappbar\FFPrefs
HKEY_CURRENT_USER\Software\alotappbar\InstallPrefs

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}\InprocServer32]

(Default) = "%ProgramFiles%\alotappbar\bin\ALOTHelper.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}]

(Default) = "ALOT Appbar Helper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}\InprocServer32]

(Default) = "%ProgramFiles%\alotappbar\bin\ALOTHelper.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}]

(Default) = "ALOT Appbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{A531D99C-5A22-449b-83DA-872725C6D0ED} = "ALOT Appbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}]

(Default) = "ALOT Appbar Helper"
NoExplorer = 0x00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotAppbar]

DisplayName = "ALOT Appbar"
UninstallString = ""%ProgramFiles%\alotappbar\alotUninst.exe""
DisplayIcon = "%ProgramFiles%\alotappbar\alotUninst.exe"
HelpLink = "http://www.alot.com/faq"
Publisher = "ALOT"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ALOTSERVICE\0000\Control]

*NewlyCreated* = 0x00000000
ActiveService = "AlotService"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ALOTSERVICE\0000]

Service = "AlotService"
Legacy = 0x00000001
ConfigFlags = 0x00000000
Class = "LegacyDriver"
ClassGUID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
DeviceDesc = "ALOT Update Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ALOTSERVICE]

NextInstance = 0x00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AlotService\Enum]

0 = "Root\LEGACY_ALOTSERVICE\0000"
Count = 0x00000001
NextInstance = 0x00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AlotService\Security]

Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AlotService]

Type = 0x00000010
Start = 0x00000002
ErrorControl = 0x00000001
ImagePath = "%AppData%\alotservice\alotservice.exe"
DisplayName = "ALOT Update Service"
ObjectName = "LocalSystem"
Description = "Periodically updates ALOT products"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ALOTSERVICE\0000\Control]

*NewlyCreated* = 0x00000000
ActiveService = "AlotService"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ALOTSERVICE\0000]

Service = "AlotService"
Legacy = 0x00000001
ConfigFlags = 0x00000000
Class = "LegacyDriver"
ClassGUID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
DeviceDesc = "ALOT Update Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ALOTSERVICE]

NextInstance = 0x00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AlotService\Enum]

0 = "Root\LEGACY_ALOTSERVICE\0000"
Count = 0x00000001
NextInstance = 0x00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AlotService\Security]

Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AlotService]

Type = 0x00000010
Start = 0x00000002
ErrorControl = 0x00000001
ImagePath = "%AppData%\alotservice\alotservice.exe"
DisplayName = "ALOT Update Service"
ObjectName = "LocalSystem"
Description = "Periodically updates ALOT products"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION]

ALOTWidgets.exe = 0x00000000

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION]

ALOTWidgets.exe = 0x00000000

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_SETCAPTURE_XDOMAIN]

ALOTWidgets.exe = 0x00000000

[HKEY_CURRENT_USER\Software\alotappbar\InstallPrefs]

DefaultSearch = 0x00000000
HomePage = 0x00000000
NoPostInstall = 0x00000001

[HKEY_CURRENT_USER\Software\alotappbar\FFPrefs]

DefaultSearch = 0x00000000
HomePage = 0x00000000

The following Registry Values were modified:

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent]

(Default) =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent]

(Default) =

Other details

To mark the presence in the system, the following Mutex objects were created:

c__documents and settings_username_application data_alotservice_service_xml
c__docume_1_username_applic_1_ialotcfg_toolbar_xml
c__docume_1_username_applic_1_alotse_1_service_xml
{FFB65DB4-3984-42FE-8666-0AF9408F499A}
c__docume_1_username_applic_1_alotap_1_toolbar_xml
{8E2AED8B-8FB4-4336-89AB-44F73D97B9C2}_

The following Internet Connection was established:

Server Name	Server Port	Connect as User	Connection Password
rd.alotimg.com	80	(null)	(null)

The following GET request was made:

r/inst/camp_id=3906&ic=41&pc=0&ver=1&ip=0

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.