| Visit ThreatExpert web site | | | Close Report |
| What's been found | Severity Level |
| Contains characteristics of an identified security risk. |  |
NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.
 | Possible Security Risk |
| Threat Category | Description |
 |
A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment |
 | File System Modifications |
| # | Filename(s) | File Size | File Hash | Alias |
| 1 | %DesktopDir%\?????????.lnk | 539 bytes | MD5: 0x48372D3B9899E6D33CCDD5B73AE93328 SHA-1: 0xE061FD1FA6D87A5E78089FA412E33F609CA6868A |
(not available) |
| 2 | %Programs%\?????????\????????????.lnk | 232 bytes | MD5: 0xEFBEF2D1FCB3075BAE7F6990242D6B73 SHA-1: 0xE3A8E2B5B2D6893C4CAC1EC4A78F914D32CF2FF9 |
(not available) |
| 3 | %Programs%\?????????\???????°?.lnk | 214 bytes | MD5: 0xA3DE65574BB4FCDC105AA53DDD343162 SHA-1: 0x3E3585902DC597D3248ED0ABF2555A597D9216BC |
(not available) |
| 4 | %Programs%\?????????\?????????.lnk | 551 bytes | MD5: 0x5C922849C842B9F1E61E7F0C79B2612E SHA-1: 0xA3945B2E8A74A04FCB045AAB246A92DEEBFD8F92 |
(not available) |
| 5 | %Programs%\?????????\??????.lnk | 531 bytes | MD5: 0x8F1114A0E6A1185E7D5E8E7B310184B2 SHA-1: 0x7DE8EC691DFEA42C5ED5065507DCCC5507D565FF |
(not available) |
| 6 | %ProgramFiles%\?????????\landlord4.exe | 684,032 bytes | MD5: 0x082F33C6EA46E3875D77B20C133BC911 SHA-1: 0x6B3FB6B5E16414AF2AE8A33E3D3950759D0B6A13 |
(not available) |
| 7 | %ProgramFiles%\?????????\landlord4a.exe | 2,496,000 bytes | MD5: 0x2A50E7366EBC768749AFD8EB0BA0E0DB SHA-1: 0x0C9AD49DE374AED21B5FC9EF841BE5621485A2C9 |
Generic StartPage.an [McAfee] Trojan.Constructor.EPO [Ikarus] |
| 8 | %ProgramFiles%\?????????\Main_dtdj.ini | 70 bytes | MD5: 0x500B83946A8EDB4BBA04E4D38892A4F2 SHA-1: 0xA43D5503E91CE00ED78E5B4E50586C3D176B3B62 |
(not available) |
| 9 | %ProgramFiles%\?????????\res\2.cur | 2,238 bytes | MD5: 0xA040EBBCBF2AF4000AE3C4A967BFD8CE SHA-1: 0x7492FCBC5E98296419BB7B948673B721F060FA19 |
(not available) |
| 10 | %ProgramFiles%\?????????\res\29002.bmp | 1,550 bytes | MD5: 0x36F58952349D6FCEB97E03AD2C41286E SHA-1: 0x031E3C88F6DCBEA63007DBC0570AB39D53B77B5B |
(not available) |
| 11 | %ProgramFiles%\?????????\res\29003.bmp | 150 bytes | MD5: 0xBAE957DA1BB8F6032B49E5166B6047AE SHA-1: 0xBB4F9396D50F5F4627350368F5E6B9F055B653AD |
(not available) |
| 12 | %ProgramFiles%\?????????\res\29005.bmp | 2,958 bytes | MD5: 0x041B605568D0D6F5327A0BB354F23282 SHA-1: 0x822C8B5B1F772336F87777AA01F3E843C1A5A48D |
(not available) |
| 13 | %ProgramFiles%\?????????\res\bigddz.ico | 3,262 bytes | MD5: 0xAF0EAA21313E70702BE6564033D590D1 SHA-1: 0xD4DB3ACFBB76A666EDDBF5E029C892851B1BF72B |
(not available) |
| 14 | %ProgramFiles%\?????????\res\BodyLeft.bmp | 246 bytes | MD5: 0xA7A8DFCF8E4BA0FA15CC61324E8760BF SHA-1: 0xA1FCB8D0270BAB8BDCE997AAED99DF2EA88623A7 |
(not available) |
| 15 | %ProgramFiles%\?????????\res\BodyRight.bmp | 246 bytes | MD5: 0x7E22F1BD2702846014359979F0446289 SHA-1: 0xEA9CD0F3155D42FA976F0DF6424B80F472364586 |
(not available) |
| 16 | %ProgramFiles%\?????????\res\BottomLeft.bmp | 12,374 bytes | MD5: 0xA68799886FDD65CECDA0EC6DEE5C2240 SHA-1: 0x9F01DB5422AD5B0B2AA98AF55A4AEBE39632CDD4 |
(not available) |
| 17 | %ProgramFiles%\?????????\res\BottomMiddle.bmp | 388 bytes | MD5: 0x9231877AFA68EB217BA7524186B517E7 SHA-1: 0x84EE6CD4470C92B3739D7A02A5BF684977F5E23A |
(not available) |
| 18 | %ProgramFiles%\?????????\res\BottomRight.bmp | 5,532 bytes | MD5: 0xDFBE510688D0E51E65FE11E6787AEE8D SHA-1: 0xB46726DD72825031580069175315376D8B837562 |
(not available) |
| 19 | %ProgramFiles%\?????????\res\btnclose.bmp | 4,656 bytes | MD5: 0xF792A53A7D109A77AE0DE794B6B881AD SHA-1: 0x1870CD68CDAF2792F18893076A16B5FA57AC6F0F |
(not available) |
| 20 | %ProgramFiles%\?????????\res\btnmax.bmp | 4,656 bytes | MD5: 0x4FB5D55E5F4D3453C8EDA3C4790745B9 SHA-1: 0xA4599E80C845EB3EF78001A2B89BBBCEB7897241 |
(not available) |
| 21 | %ProgramFiles%\?????????\res\btnmin.bmp | 4,656 bytes | MD5: 0x744CB562057B9CD5A913ADACF4D5B82C SHA-1: 0x0EEDC4224BB60B21515F044189D414DAD8C749F6 |
(not available) |
| 22 | %ProgramFiles%\?????????\res\btnrestore.bmp | 4,656 bytes | MD5: 0x557D1C2D1CFC62FEEB31459751AB11C0 SHA-1: 0x79DED697DC414F36D7024A8FB46F69662747C32C |
(not available) |
| 23 | %ProgramFiles%\?????????\res\button1.bmp | 4,656 bytes | MD5: 0xB4B104F195D515C37751852C4D7AA9B7 SHA-1: 0x9EC08930825BE3B6D1EA0D4657C0AEEC26E89096 |
(not available) |
| 24 | %ProgramFiles%\?????????\res\button2.bmp | 4,656 bytes | MD5: 0x9566AC490AF3265B435C88B37781818B SHA-1: 0xB01BDE0023CC7A789B18492D0FE65317DF04025E |
(not available) |
| 25 | %ProgramFiles%\?????????\res\button3.bmp | 4,656 bytes | MD5: 0x6108F5B532F60C64BA2D6A8CA35BF060 SHA-1: 0x9CFFA5A6EBC1CA78C1ADF7B16A1B918C2A2758A9 |
(not available) |
| 26 | %ProgramFiles%\?????????\res\button4.bmp | 4,656 bytes | MD5: 0x94695480E7C49EDA1773ED8E8865CB70 SHA-1: 0x41A0D7DD52AFE46775AC45B84B962FFEB0F4FEE6 |
(not available) |
| 27 | %ProgramFiles%\?????????\res\button5.bmp | 4,656 bytes | MD5: 0x23537C95E64C41BEE7CD1CB98C2C9B49 SHA-1: 0x294CD272769006E906AC0BAAB2B438D4E94A1B44 |
(not available) |
| 28 | %ProgramFiles%\?????????\res\button6.bmp | 4,656 bytes | MD5: 0x8CBE49AFD2801F418645E17A0929612A SHA-1: 0xEE08FFA3AE5C41DB43868FED844C1C4F683BA3F6 |
(not available) |
| 29 | %ProgramFiles%\?????????\res\end.bmp | 150 bytes | MD5: 0x78D6FF7F779D6453EF6A4E18963DF79E SHA-1: 0x591DE6211F02AF560C37FD9FF063164C2D52EDC4 |
(not available) |
| 30 | %ProgramFiles%\?????????\res\GameView\back.bmp | 12,342 bytes | MD5: 0x42C7C33207870DBBB00218E8A61D24DC SHA-1: 0x7C305861C96B87C45DD0850A1F44F5FD4393332B |
(not available) |
| 31 | %ProgramFiles%\?????????\res\GameView\Thumbs.db | 11,776 bytes | MD5: 0xCDBB3DDED4BDF1989AD6DDD6A147775D SHA-1: 0x22C15EEE0FF807E7553324BCA8A04CFFEEADFF08 |
(not available) |
| 32 | %ProgramFiles%\?????????\res\GameViewLeft.bmp | 328 bytes | MD5: 0xFF34A9D5058CDB687A6468854102214A SHA-1: 0xFFF8E4D7D96AAD226986A542E1701C7FA02DA594 |
(not available) |
| 33 | %ProgramFiles%\?????????\res\GameViewTop.bmp | 296 bytes | MD5: 0xDCB03935DE36873695D634BF839469E2 SHA-1: 0x83BBD1C16E76587A108EAFE99C263A2005FA965D |
(not available) |
| 34 | %ProgramFiles%\?????????\res\Hand.cur | 3,262 bytes | MD5: 0x6E634B35A797891F14186B89DBCD3370 SHA-1: 0xF7AAD2D042F07C2CCE5CB2A89ED8657E065A6138 |
(not available) |
| 35 | %ProgramFiles%\?????????\res\HorizontalScrollBarLeftArrow.bmp | 1,014 bytes | MD5: 0x6E864802AF362F547DD22523DEEB916C SHA-1: 0x9357F46D93E84AA379CA4191705A8FE780277BA2 |
(not available) |
| 36 | %ProgramFiles%\?????????\res\HorizontalScrollBarRightArrow.bmp | 1,014 bytes | MD5: 0xB6882599FB2F33E6D293204A5D5AFAA9 SHA-1: 0xA57BFBDFC37089DE714377381BFDE4E156C69C85 |
(not available) |
| 37 | %ProgramFiles%\?????????\res\HorizontalScrollBarSpan.bmp | 102 bytes | MD5: 0xFE13A6091C3A8AB6632BAC3CBAFF24E0 SHA-1: 0xE22D582B1EF9712965C1A8AFF2EE3DB9F4FD5274 |
(not available) |
| 38 | %ProgramFiles%\?????????\res\hs.bmp | 1,014 bytes | MD5: 0xC34E63CD2FAE92FEFA72AD40B14EAAF8 SHA-1: 0xC91432A763BD22A31354C6B3EBB7056556095589 |
(not available) |
| 39 | %ProgramFiles%\?????????\res\ListCtrl_Tile.bmp | 70 bytes | MD5: 0xAD6FFE871214085CEA8CD64974C7597C SHA-1: 0x3AD0DF146CBF4691A778A178B3C7C85059E2E629 |
(not available) |
| 40 | %ProgramFiles%\?????????\res\Login\IMButton_Default.bmp | 1,420 bytes | MD5: 0xC37B6D036B80E417FAA4C4E4386056BD SHA-1: 0xD539DF3C58DC48C6885C2A4E7BFC36783A0A0F76 |
(not available) |
| 41 | %ProgramFiles%\?????????\res\Login\IMButton_Down.bmp | 1,300 bytes | MD5: 0x9E6372A2C88DED4B1FD7145F377C2590 SHA-1: 0xF90FD2FF81C87B38EE465507A97E866BA469AC59 |
(not available) |
| 42 | %ProgramFiles%\?????????\res\Login\IMButton_Hover.bmp | 1,412 bytes | MD5: 0x95BCA77AA9C73B3C9C08BBE5474042D8 SHA-1: 0x06125E4631C457DF731140931B1AAEA55C1191AC |
(not available) |
| 43 | %ProgramFiles%\?????????\res\Login\IMButton_Normal.bmp | 1,440 bytes | MD5: 0xA4CA481F6DED091378BD4D5E3F2288C3 SHA-1: 0x8F2F0A2B65BE09B1CD8A3039B27CE8C9B9BF97C2 |
(not available) |
| 44 | %ProgramFiles%\?????????\res\Login\Thumbs.db | 12,288 bytes | MD5: 0x44AA8F7F2F81D9414DFD269CD0DFEB49 SHA-1: 0x1B4368B24FC7B88F754C6FE8E90A7E6344203224 |
(not available) |
| 45 | %ProgramFiles%\?????????\res\map.bmp | 600 bytes | MD5: 0x49A9F93D524096D0169531428E84549F SHA-1: 0x3A7B1352EE0690B32934B69DBAFEA8802230C29E |
(not available) |
| 46 | %ProgramFiles%\?????????\res\music\pass.wav | 2,292 bytes | MD5: 0xF6DA6C9DC6CA338FB5E3B98016560FB8 SHA-1: 0xDF3F99AFB1FE788633BEEAF377A4792BDAD17F72 |
(not available) |
| 47 | %ProgramFiles%\?????????\res\music\pass1.wav | 8,324 bytes | MD5: 0x60879D23A8BA78DB6B33FB3057DED065 SHA-1: 0x6DC98FE9195A08F4AA90EEA8769991C8F5C9ECA4 |
(not available) |
| 48 | %ProgramFiles%\?????????\res\music\run.wav | 5,790 bytes | MD5: 0xA9DE0B7923AD9E109D2D4C3E265C439A SHA-1: 0x8CB99AA22E324907A6EFD527D8B69AFFD9520B08 |
(not available) |
| 49 | %ProgramFiles%\?????????\res\music\select.wav | 1,192 bytes | MD5: 0xFB45431715E37C47A5CAE5DC37E8039E SHA-1: 0xB4D4CD0FF351F74724FA38A85A149F829592BB22 |
(not available) |
| 50 | %ProgramFiles%\?????????\res\music\start.wav | 13,793 bytes | MD5: 0x958E505C5BE42507FE33D159E27A1F43 SHA-1: 0x543862FC306171587B264D68CDD972D63E8CAEEA |
(not available) |
| 51 | %ProgramFiles%\?????????\res\music\throw.wav | 1,184 bytes | MD5: 0xE52CA1081AD9A78419DE84165BC4739C SHA-1: 0xC24947CCDE545CEA0EB6A63C2FF532FF78FAB304 |
(not available) |
| 52 | %ProgramFiles%\?????????\res\music\win.wav | 5,814 bytes | MD5: 0x1953B891B7E68F222B148A09A1B4E45C SHA-1: 0x76014A629F33A334E21F37D9FCDE5EC8F0665F6D |
(not available) |
| 53 | %ProgramFiles%\?????????\res\score.bmp | 66,934 bytes | MD5: 0x312BD5759E2ED43799EE2D6F2E38ABD8 SHA-1: 0xE1F594804F5CC6DB442F49FA2FB491B2C4547D33 |
(not available) |
| 54 | %ProgramFiles%\?????????\res\smallddz.ico | 894 bytes | MD5: 0x3432613AAB2666C91959E51087CECE68 SHA-1: 0x551D27FEC0BF3A3C09E8DD4A0C9229D39FE1CB1F |
(not available) |
| 55 | %ProgramFiles%\?????????\res\span.bmp | 102 bytes | MD5: 0x99A0A3B1134D6F1ED215AF08AB6D710C SHA-1: 0x75A53759806F0E66D531F031B0C7098ACCD647C8 |
(not available) |
| 56 | %ProgramFiles%\?????????\res\start.bmp | 150 bytes | MD5: 0x57F28F13B5E4D234034A636C2BF45CDA SHA-1: 0xF3E7BC2AF3B4F4E0B9E470CCDB7253EE9000FE6F |
(not available) |
| 57 | %ProgramFiles%\?????????\res\TabBg.bmp | 656 bytes | MD5: 0x8D48A77AB50FEF33C28A130109A88FE8 SHA-1: 0x70287991E17F06FB73FA20573F6ACFD377091B9B |
(not available) |
| 58 | %ProgramFiles%\?????????\res\tablecenter.bmp | 308,538 bytes | MD5: 0x73867631B504B90A36848597F533091F SHA-1: 0xF906DFAB56B85C29BD111F41E1F63E9F6C9DBF67 |
(not available) |
| 59 | %ProgramFiles%\?????????\res\Thumbs.db | 102,912 bytes | MD5: 0xFA788DC927523421577B9BA137DCF423 SHA-1: 0x83B95763DEE909400DA309408368C29F3CCB3AE3 |
(not available) |
| 60 | %ProgramFiles%\?????????\res\topLeft.bmp | 992 bytes | MD5: 0x800ABF15DC7F712D1674EC87C2EA01CC SHA-1: 0xEB0482E5125387119EB7E61EA1DE8E181BB626B8 |
(not available) |
| 61 | %ProgramFiles%\?????????\res\topMiddleLeft.bmp | 1,408 bytes | MD5: 0x5C47AF2159BC56808A83868A02830FBB SHA-1: 0xE0839A48829F8EB660E954FE79C97C0BF4DE59BA |
(not available) |
| 62 | %ProgramFiles%\?????????\res\topMiddleMiddle.bmp | 2,864 bytes | MD5: 0xC29ABA2E6492250291D738F05048E544 SHA-1: 0x6A1FBD4735913B6DCDC9B7F1F81F1F07BDD7F516 |
(not available) |
| 63 | %ProgramFiles%\?????????\res\topMiddleRight.bmp | 1,512 bytes | MD5: 0xF75EBED7ED55C50A96046D821EB96FC8 SHA-1: 0x3552855BC8470CBD6D24818EFBC6B348390DF4D1 |
(not available) |
| 64 | %ProgramFiles%\?????????\res\topRight.bmp | 680 bytes | MD5: 0x22F1778C537CD2F337BA1225AE573CF6 SHA-1: 0x2F445B991460D4A682D2CF86855179A84B1C31E4 |
(not available) |
| 65 | %ProgramFiles%\?????????\res\?????-1.bmp | 6,128 bytes | MD5: 0x273DEB1C4261DBF0A04E75F345229881 SHA-1: 0x27D9DEAE4A8F949E83005F6A92234784A88279F4 |
(not available) |
| 66 | %ProgramFiles%\?????????\res\?????-2.bmp | 6,128 bytes | MD5: 0xAA5B33D08344F68DA0CCE4738BB325C1 SHA-1: 0x3F7A0FD6FA14710608D8190FC78EFCA3438ADD38 |
(not available) |
| 67 | %ProgramFiles%\?????????\res\?????-3.bmp | 6,128 bytes | MD5: 0x6D573ACBF51073D101983D72BF9D6804 SHA-1: 0x5F3F46F5C3F2AD726F629A279770386EDFE4044B |
(not available) |
| 68 |
%ProgramFiles%\?????????\uninst.exe
|
56,481 bytes | MD5: 0xC2F5B7E08C0E1DAD1CA424690B964213 SHA-1: 0x200C579F9BB47789560BF667F66D85D8D29FC979 |
(not available) |
| 69 | [file and pathname of the sample #1] | 1,096,079 bytes | MD5: 0x3D10EA4CBB784493A61BB723AFF8CEFB SHA-1: 0x28CC6B5AA7EAC7A85A704D1A9E9F4AB430A4FC16 |
Trojan.ADH [Symantec] Trojan.Win32.StartPage.aqoz [Kaspersky Lab] Trojan.Constructor.EPO [Ikarus] |
 | Memory Modifications |
| Process Name | Process Filename | Main Module Size |
| [filename of the sample #1] | [file and pathname of the sample #1] | 208,896 bytes |
| landlord4a.exe | %ProgramFiles%\????????\landlord4a.exe | 3,436,544 bytes |
 | Registry Modifications |
 | Other details |
 |
China |
All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.
The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2013 ThreatExpert. All rights reserved.