Submission Summary:

 

Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %DesktopDir%\Continue Adobe Flash Player Installation.lnk 1,905 bytes MD5: 0x0D7572D9D6B8B6B54D8F772999A211DC
SHA-1: 0x88F3A34FA3B4D89498AA95C544B33043E307D5D1
(not available)
2 %DesktopDir%\Search the Web.url 207 bytes MD5: 0x2CA40DF00052EE69C13B72748AC02CCE
SHA-1: 0xF6224C6BC1C0834A2EBF819F4DB69D913D573C6D
(not available)
3 %Temp%\Shortcut_[filename of the sample #1]
%Temp%\Shortcut_shortcut_[filename of the sample #1]
[file and pathname of the sample #1]
501,592 bytes MD5: 0x5466C415E28DCC7706F23B96F1F0A62C
SHA-1: 0x72524C8C177B1F0959BE26660ABC8D136F607306
packed with UPX [Kaspersky Lab]

 

Memory Modifications

Process NameProcess FilenameMain Module Size
Shortcut_[filename of the sample #1]%Temp%\shortcut_[filename of the sample #1]1,490,944 bytes
[filename of the sample #1][file and pathname of the sample #1]1,490,944 bytes

 

Registry Modifications

 

Other details

PortProtocolProcess
1042UDPshortcut_[filename of the sample #1] (%Temp%\shortcut_[filename of the sample #1])

Remote HostPort Number
192.5.5.2411034

Server NameServer PortConnect as UserConnection Password
cdn.download.sweetpacks.com80(null)(null)

 

 

Downloaded File Summary:

 

Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %CommonAppData%\SweetIM\Communicator\conf\communicator.xml 428 bytes MD5: 0x6F329973BCEF5075413CC1E7ACB26793
SHA-1: 0xE613C80BF685602FEF8FF96BF1CB3EDEF6CBCBCC
(not available)
2 %ProgramFiles%\SweetIM\Communicator\mgcommon.dll 650,584 bytes MD5: 0xFFA71D66FA16CA9A94CF75C25CFF9DD6
SHA-1: 0x23B3E5F508EB6FC76D67A873A5AAC2D34C3CE5E1
(not available)
3 %ProgramFiles%\SweetIM\Communicator\mgcommunication.dll 41,304 bytes MD5: 0xF5BC091B5B45F8CCB28BBA24C61A54F5
SHA-1: 0x7DB65607A18C67C0C8C0310E0FF23A202AB3F070
(not available)
4 %ProgramFiles%\SweetIM\Communicator\mgsimcommon.dll 71,512 bytes MD5: 0x4315AE0E82F796F98E550DC13BCBA4B4
SHA-1: 0x3176C30E3A30990C42C968951B6BB2ADFD0B1C00
(not available)
5 %ProgramFiles%\SweetIM\Communicator\mgxml_wrapper.dll 61,272 bytes MD5: 0x5ECD3BA5D091EBC20272DE7AB7AACF52
SHA-1: 0x08647AB20AED7B8385931FDF5B4A48165131A061
(not available)
6 %ProgramFiles%\SweetIM\Communicator\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest 1,860 bytes MD5: 0x587DBE91CF548669E8C8EC8F6D56CE47
SHA-1: 0x6FB31347347C7D8BACAE4A4CB6B113C7648A2700
(not available)
7 %ProgramFiles%\SweetIM\Communicator\Microsoft.VC90.CRT\msvcm90.dll 225,280 bytes MD5: 0xD34A527493F39AF4491B3E909DC697CA
SHA-1: 0xAFEE32FCD9CE160680371357A072F58C5F790D48
(not available)
8 %ProgramFiles%\SweetIM\Communicator\Microsoft.VC90.CRT\msvcp90.dll 569,680 bytes MD5: 0x4C39358EBDD2FFCD9132A30E1EC31E16
SHA-1: 0x70AC82988285F9F7069FAA9A0612AEBA7FB001C4
(not available)
9 %ProgramFiles%\SweetIM\Communicator\Microsoft.VC90.CRT\msvcr90.dll 653,136 bytes MD5: 0xCDBE9690CF2B8409FACAD94FAC9479C9
SHA-1: 0x4BCDFE2C1B354645314A4CE26B55B2B1A0212DB9
(not available)
10 %ProgramFiles%\SweetIM\Communicator\resources\sqlite\mgSqlite3.dll 393,016 bytes MD5: 0x8A4AF3B0695F29186AD02E2FD766FA3B
SHA-1: 0xC8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C
(not available)
11 %ProgramFiles%\SweetIM\Communicator\SweetPacksUpdateManager.exe 231,768 bytes MD5: 0x84A878D2D4A84CC73D53733F80FB57CE
SHA-1: 0xC6A9FB024D614702667E0768E0B673BA3A31F504
(not available)
12 %Windir%\Installer\184cf.msi 2,093,568 bytes MD5: 0xD647CA5902B22BCE67F7FCF0045C8F78
SHA-1: 0xCE4CF2EF1327F08E49DF8E34BA8EAE5943B9FEC3
(not available)
13 [file and pathname of the sample #1] 999,856 bytes MD5: 0xD6BEDBE5EF9B0EFA9DA8E5AD7CA3CFD0
SHA-1: 0xE3AD9152C3F2279EFA17D128E42FAF0A85676F59
packed with UPX [Kaspersky Lab]
14 [file and pathname of the sample #2] 3,380,216 bytes MD5: 0x7704B843006444B69486FD27D4660845
SHA-1: 0x26AB6CAD87838D980C6BDC6FA4C0842CBD43BAB5
(not available)

 

Memory Modifications

Process NameProcess FilenameMain Module Size
sweetpacksupdatemanager.exe%ProgramFiles%\sweetim\communicator\sweetpacksupdatemanager.exe233,472 bytes
[filename of the sample #1][file and pathname of the sample #1]507,904 bytes
[filename of the sample #2][file and pathname of the sample #2]380,928 bytes

Service NameDisplay NameNew StatusService Filename
MSIServerWindows Installer"Running"%System%\msiexec.exe /V

 

Registry Modifications

 

Other details

Remote HostPort Number
www.sweetim.com1037
www.sweetim.com1044

Server NameServer PortConnect as UserConnection Password
www.sweetim.com80www.sweetim.comwww.sweetim.com

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.