Submission Summary:

What's been foundSeverity Level
Produces outbound traffic.
Downloads/requests other files from Internet.

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 c:\CD3rdPartyWrapper.log 198 bytes MD5: 0x565E72F262DDA80ED4D929B4AF9CA4BD
SHA-1: 0xDB9AD9900EC3EB302064CE7F695F234E57681C9D
(not available)
2 %CommonDesktopDir%\Fix PC Errors Now.lnk 796 bytes MD5: 0x34E381D6297976402993A77015954A16
SHA-1: 0x61E079FD5A6B6A6D403DFF2177CC476DAD49BA0B
(not available)
3 %CommonPrograms%\CyberDefender\Registry Cleaner\CyberDefender Registry Cleaner.lnk 814 bytes MD5: 0x459DF0DDA19038CD60CB6BDAC648C217
SHA-1: 0x594AF386B296C58AED112C063711CEEF65267B3E
(not available)
4 %CommonPrograms%\CyberDefender\Registry Cleaner\Uninstall CyberDefender Registry Cleaner.lnk 804 bytes MD5: 0x548F4363D17C8978E51DCA3C9EC1A002
SHA-1: 0xE01F415C6D5FABE941A1A3D65A5700B002C7BF3C
(not available)
5 %Temp%\cd1.tmp\2009 Codebase\Installers\CDInstaller8\BIN\runtime\cdinstx.ini 386 bytes MD5: 0xF2206F3514AF3231CA5F397CD7B9A106
SHA-1: 0x826AE1BFD0BF94ECE08D5691BDF88F0FA758308E
(not available)
6 %Temp%\cd1.tmp\2009 Codebase\Installers\CDInstaller8\BIN\runtime\cyberdefender\cdinstx.exe 406,856 bytes MD5: 0x9F82B84C8093371D0F2B17B7AC617829
SHA-1: 0x232DD19A8B84D1BAC5A9D7E002A07B247B663425
(not available)
7 %Temp%\cd1.tmp\2009 Codebase\Installers\CDInstaller8\BIN\runtime\cyberdefender\CDregclean.exe 2,533,032 bytes MD5: 0xBC29321B23FBAB1A2675BD5281242795
SHA-1: 0xF9A75BAEECB27341C6491ED51CCD11DCC3097C2A
(not available)
8 %Temp%\is-10C6L.tmp\InstallManager_MSN_Microsoft.exe
%ProgramFiles%\CyberDefender\Registry Cleaner\InstallManager_MSN_Microsoft.exe
876,368 bytes MD5: 0xBC644A7F2CA854650AE62D3EFDCFD27E
SHA-1: 0x7C9D9A7569B922CDB4F0626A51F13B56B2AABFDD
(not available)
9 %Temp%\is-57653.tmp\CDRegClean.tmp
%Temp%\is-U2MLP.tmp\CDRegClean.tmp
826,368 bytes MD5: 0x54F183074F1124CFB44CB83B8C2D3CC3
SHA-1: 0xED6919200743BD7196CD75063BCF555076623974
(not available)
10 %Temp%\is-5H7LB.tmp\BingBar.bmp
%Temp%\is-DJ09Q.tmp\BingBar.bmp
474,510 bytes MD5: 0x16645956CC63BC7364D77267CFD81317
SHA-1: 0xDE53038A14B0AAECD6FE3277D1D8E9E66CDA0F5B
(not available)
11 %Temp%\is-5H7LB.tmp\_isetup\_RegDLL.tmp
%Temp%\is-DJ09Q.tmp\_isetup\_RegDLL.tmp
3,584 bytes MD5: 0xC594B792B9C556EA62A30DE541D2FB03
SHA-1: 0x69E0207515E913243B94C2D3A116D232FF79AF5F
(not available)
12 %Temp%\is-5H7LB.tmp\_isetup\_shfoldr.dll
%Temp%\is-DJ09Q.tmp\_isetup\_shfoldr.dll
23,312 bytes MD5: 0x92DC6EF532FBB4A5C3201469A5B5EB63
SHA-1: 0x3E89FF837147C16B4E41C30D6C796374E0B8E62C
(not available)
13 %Temp%\TFR4.tmp 3,336 bytes MD5: 0xE0B33BCC31F5373947BEC20D0FF30E11
SHA-1: 0xB81F3CCDE965C29EA01B943F950DE0DC93F118A9
(not available)
14 %ProgramFiles%\CyberDefender\Registry Cleaner\BeforeUninstall.exe 2,310,144 bytes MD5: 0xA763D830932F4D80DDA2E58860E11C5E
SHA-1: 0x19F261EBBF76E2F11BBCE4842384435C422D3EEF
(not available)
15 %ProgramFiles%\CyberDefender\Registry Cleaner\CDRC.dll 1,216,512 bytes MD5: 0xAF691CCE6EDF48C584C61F9343963055
SHA-1: 0xB7F2C7F63B03A30F9FAE4DA1AE289B9D12E0B70B
(not available)
16 %ProgramFiles%\CyberDefender\Registry Cleaner\CDregclean.exe 6,908,744 bytes MD5: 0x71EE0625EA6B1B9169065ED8CA9D6E35
SHA-1: 0xAE9F98BE2286EB2C4C5E04F908457AECE4493B97
(not available)
17 %ProgramFiles%\CyberDefender\Registry Cleaner\cdswx.exe 36,864 bytes MD5: 0x2A9CC8E35C356B0EAA71AB9DD7BECB0B
SHA-1: 0xD15196901618C476BFCF6FCC9552E67441BE0503
Backdoor.Agent [Ikarus]
18 %ProgramFiles%\CyberDefender\Registry Cleaner\KillCDRCProcesses.exe 155,648 bytes MD5: 0xA77328A74A7D28AD16ED9015ECCF672F
SHA-1: 0x746F7EDFD5CA261E9C4FCD6E3E5DE34493C96D05
(not available)
19 %ProgramFiles%\CyberDefender\Registry Cleaner\startcdrc.exe 196,608 bytes MD5: 0x5CB6BFB986916D95AE2639F016346E78
SHA-1: 0xAFAF1D4C2EE4429DB187ED14B89BC598F30D7397
(not available)
20 %ProgramFiles%\CyberDefender\Registry Cleaner\unins000.dat 14,996 bytes MD5: 0x11E7E519C819002371BFA4E2ACE4DCF9
SHA-1: 0x9B66B685030D3155701DE45A8AAA1F44A993019D
(not available)
21 %ProgramFiles%\CyberDefender\Registry Cleaner\unins000.exe 831,816 bytes MD5: 0x52DE06DF0E562A1E55662A6B374B56BF
SHA-1: 0x2AEB792E36834459FAD646A578A8F22296CFFB19
(not available)
22 %ProgramFiles%\CyberDefender\Registry Cleaner\unins000.msg 10,562 bytes MD5: 0xC5B2A1EF25E777FE2AAEA99A33CFB476
SHA-1: 0x0A32C0D784AAC62F95D768222676F2023BCB81B1
(not available)
23 %ProgramFiles%\MSN Toolbar Installer\BootStrapper\0.png 213 bytes MD5: 0x9FAB81A2C85784079CE6A2426937F6E5
SHA-1: 0xF0E29090DBFC60C565828E485E8A97BE66B7D75C
(not available)
24 %ProgramFiles%\MSN Toolbar Installer\BootStrapper\1.png 235 bytes MD5: 0xC49A86FAE1A06DC1529FD28E0E76F08F
SHA-1: 0x6B7841CA9297369DA54CD7076E2D95ED5CDD2A21
(not available)
25 %ProgramFiles%\MSN Toolbar Installer\BootStrapper\10.png 398 bytes MD5: 0xCC34894F597D5041059D5663F0B70DD0
SHA-1: 0x32C66CCDC8D48BE5D158D533649E7C42E6FAA902
(not available)
26 %ProgramFiles%\MSN Toolbar Installer\BootStrapper\11.png 399 bytes MD5: 0x342BC04D199ECAD5F39F6CB8F914742E
SHA-1: 0x72FFF58D9AA471E0F7AD019FD8598CEC7DCEFF44
(not available)
27 %ProgramFiles%\MSN Toolbar Installer\BootStrapper\12.png 398 bytes MD5: 0xFE6F7F06679176DFF54241A9044C9072
SHA-1: 0x6C9F1242C4F9BD70779A6DA4CA9F95B10973C2FC
(not available)
28 %ProgramFiles%\MSN Toolbar Installer\BootStrapper\13.png 397 bytes MD5: 0x16241B375E82116B54F57C4A7180444D
SHA-1: 0x74C00FD14827AE5044A0A1ABF2DA26A940CCD228
(not available)
29 %ProgramFiles%\MSN Toolbar Installer\BootStrapper\14.png 398 bytes MD5: 0x2DE3201AEFB5BBA956DF641C31879A9F
SHA-1: 0x7328AFCA21B1762C9D5225F8ECA4969A9359F58E
(not available)
30 %ProgramFiles%\MSN Toolbar Installer\BootStrapper\2.png 261 bytes MD5: 0x1100D2F62D61A60C82A3DF3973756991
SHA-1: 0x279D4A0080F886D3850C027BF3D6ED76F195A96C
(not available)
31 %ProgramFiles%\MSN Toolbar Installer\BootStrapper\3.png 303 bytes MD5: 0x68850397554620EA213B4C5AC6FE2F75
SHA-1: 0x722A3BDBA8408C4C3618E149E549C04B7CEC88DE
(not available)
32 %ProgramFiles%\MSN Toolbar Installer\BootStrapper\4.png 327 bytes MD5: 0x7053EE00ED19203BEF761A38D1B8450F
SHA-1: 0x9BB7D635523AA7E85586892EB25B87074C4567FB
(not available)
33 %ProgramFiles%\MSN Toolbar Installer\BootStrapper\5.png 354 bytes MD5: 0xA26ABDFD764DD7E803271E963CEDA310
SHA-1: 0xE0DEB4B9545DBE90361C25DDCFE479E589FD136A
(not available)
34 %ProgramFiles%\MSN Toolbar Installer\BootStrapper\6.png 380 bytes MD5: 0xB272E5FF20EABCCD7EEEBBA905C54B2F
SHA-1: 0x682BAA363CE3CD8A9B3F17E48C924A1CECB9A143
(not available)
35 %ProgramFiles%\MSN Toolbar Installer\BootStrapper\7.png 399 bytes MD5: 0x49B280B4ADCF8BA31B748C5E188881E1
SHA-1: 0x02C68A5F85290813EF6ECEE6F4239E515B01D8C6
(not available)
36 %ProgramFiles%\MSN Toolbar Installer\BootStrapper\8.png 398 bytes MD5: 0x6225C545F4621A6762EC0B4625454B81
SHA-1: 0x5E688967ED12D8B726991FB26815DF8F5C33200A
(not available)
37 %ProgramFiles%\MSN Toolbar Installer\BootStrapper\9.png 397 bytes MD5: 0x92DAB8A92497E385C3016472AA89D9FF
SHA-1: 0x00D5B63B196EF5DE4FFD508E04F9339BB01275CE
(not available)
38 %ProgramFiles%\MSN Toolbar Installer\BootStrapper\install_start.htm 1,587 bytes MD5: 0x719908909AD6EB41B6F21C7CAE92CB73
SHA-1: 0x881CD0DB051AEF989AFA72DB48CB6797397EB6DE
(not available)
39 [file and pathname of the sample #1] 3,144,096 bytes MD5: 0x54931FBBF8C41FF342CD9DDB3D002F76
SHA-1: 0x0719EEE4F9589269D11D678AC3842C01CF23E152
(not available)

 

Memory Modifications

Process NameProcess FilenameMain Module Size
CDRegClean.tmp%Temp%\is-u2mlp.tmp\cdregclean.tmp888,832 bytes
InstallManager_MSN_Microsoft.exe%Temp%\is-10c6l.tmp\installmanager_msn_microsoft.exe909,312 bytes
CDregclean.exe%ProgramFiles%\cyberdefender\registry cleaner\cdregclean.exe6,938,624 bytes
cdregclean.exe%Temp%\cd1.tmp\2009 codebase\installers\cdinstaller8\bin\runtime\cyberdefender\cdregclean.exe225,280 bytes
[filename of the sample #1][file and pathname of the sample #1]577,536 bytes
cdregclean.tmp%Temp%\is-3TA76.tmp\cdregclean.tmp888,832 bytes
cdswx.exe%ProgramFiles%\CyberDefender\Registry Cleaner\cdswx.exe36,864 bytes

 

Registry Modifications

 

Other details

Server NameServer PortConnect as UserConnection Password
install.toolbar.msn.com443(null)(null)

 

Outbound traffic (potentially malicious)

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.