| Visit ThreatExpert web site | | | Close Report |
| What's been found | Severity Level |
| Downloads/requests other files from Internet. |  |
 | File System Modifications |
| # | Filename(s) | File Size | File Hash | Alias |
| 1 | %Temp%\ish98171\css\buttons.css | 1,238 bytes | MD5: 0xE10BA3C9C951F5555528C9B291334879 SHA-1: 0xE231BE4624910387AAAE4301D856DAB528F8522C |
(not available) |
| 2 | %Temp%\ish98171\css\ie6_main.css | 475 bytes | MD5: 0xEC8BC9B61645C661B1BD3DCC8F781B30 SHA-1: 0x96D9124BF9D0D0F2E343A372ED3460F9F0C2A7CA |
(not available) |
| 3 | %Temp%\ish98171\css\main.css | 4,562 bytes | MD5: 0x1D7B7D4B58AE79B4C4CADDE36B409242 SHA-1: 0xE3531BB7B293DD813C4B1A5481E71CB40B0E316A |
(not available) |
| 4 | %Temp%\ish98171\css\progress-bar.css | 508 bytes | MD5: 0xE1FCF8B6066AF9A266AE34738ED5C000 SHA-1: 0x4D1079CCDFE311B77177BED54163C7CC73D7D1BE |
(not available) |
| 5 | %Temp%\ish98171\defaultOffer\ad_html.txt | 233 bytes | MD5: 0xE321D82C7629CFB1D714779402DD23DD SHA-1: 0xD8560FE919A0F62DBCA5FAE957654F34E4D2F065 |
(not available) |
| 6 | %Temp%\ish98171\defaultOffer\images\techtracker.jpg | 26,693 bytes | MD5: 0x199832D24E8AA5EC99AE079E8BB5B1E7 SHA-1: 0x8DE13A46F38035B0D02E27A0656CC1E584787807 |
(not available) |
| 7 | %Temp%\ish98171\defaultOffer\TechTracker\TechTracker_code.txt | 2,966 bytes | MD5: 0xE695AFF87DE58D140142A47F4F4BA207 SHA-1: 0xE09D03AEE8B62B6AB56C7B7A2F1956A8BDA74CD1 |
(not available) |
| 8 | %Temp%\ish98171\defaultOffer\TechTracker\TechTracker_html.txt | 1,021 bytes | MD5: 0xD60E47EEE106B761F7D7676CE8E12A2D SHA-1: 0x2A458683BA295C7DB0A6615E8CDB567B79F2C4FD |
(not available) |
| 9 | %Temp%\ish98171\images\green_btn.png | 485 bytes | MD5: 0xB570EA77375823BE8510C0F27768ED62 SHA-1: 0x096ED270C93AD811039738B7FB53E05EAAE7F4BB |
(not available) |
| 10 | %Temp%\ish98171\images\grey_btn.png | 360 bytes | MD5: 0x501821D95E958528FED4747E4190B39F SHA-1: 0x70E3C15D3CE5853A67AA741EC701D3AF307D7BD9 |
(not available) |
| 11 | %Temp%\ish98171\images\loader.gif | 7,791 bytes | MD5: 0xEDB71146254D3B8EBAE18607E801398C SHA-1: 0x8775027DA6F6CC19C72D20C7F1615A01112E5D3C |
(not available) |
| 12 | %Temp%\ish98171\images\main.png | 22,145 bytes | MD5: 0x1A2AD75C0AF449D5719473655EF5AF04 SHA-1: 0x82C5BA738B9CD2508EA2D69DA7985D586A4F0DCA |
(not available) |
| 13 | %Temp%\ish98171\images\offer_box2.png | 3,024 bytes | MD5: 0x61F74251810068CB9EDAEAADA3C50D29 SHA-1: 0x3B779B8E723CA1E1E73AC534A2D415A18FB2DB6E |
(not available) |
| 14 | %Temp%\ish98171\images\pause_btn.png | 982 bytes | MD5: 0x14B92CBE22EF5A31A5533D0AB114537E SHA-1: 0xE428F1B0236F7A85FAF045237A7CD29A305D936C |
(not available) |
| 15 | %Temp%\ish98171\images\prod-icon.png | 4,622 bytes | MD5: 0xEF430C7CB8DAD930F9E51941593B2AF2 SHA-1: 0x03CA0848FD18014781B7C1DA5064A761E1F317F8 |
(not available) |
| 16 | %Temp%\ish98171\images\progress_bar.png | 456 bytes | MD5: 0x26588A39E960E2F5BA70FC082A8F02AF SHA-1: 0x116B62C07995D60F9BFC492296CC9C5C5A1AD26A |
(not available) |
| 17 | %Temp%\ish98171\images\resume_btn.png | 985 bytes | MD5: 0x05E22E0225F53B69A44B443540C20324 SHA-1: 0xAF5EB7EBF4F053B17D19A678EC84C329E632B2DF |
(not available) |
| 18 | %Temp%\ish98171\images\secure_dwnl.png | 2,862 bytes | MD5: 0x6F2B1F7689B06EEF2D9C4E5E00B9EE2E SHA-1: 0xBDB0B30006AF53427194EA79F0615992CB84A99B |
(not available) |
| 19 | %Temp%\ish98171\images\welcome_prod_box.png | 1,593 bytes | MD5: 0x93791BDB5453514A501AD84985B69824 SHA-1: 0x4FD167C14DDBC76472082C3C5ADB37052C96D6C0 |
(not available) |
| 20 | %Temp%\ish98171\images\zip_icon.png | 943 bytes | MD5: 0xA17CADDBEE24EF3FFB3DAA1D12EF3933 SHA-1: 0x728D11A32C5610D0362E9AED32F6F376CAD937DF |
(not available) |
| 21 | %Temp%\ish98171\locale\EN.locale | 2,450 bytes | MD5: 0x5128DACAA4884C07897B2A14E924CE2D SHA-1: 0x383A9A3F9EC01FA528A206802F75518638D79669 |
(not available) |
| 22 | %Temp%\ish98171\mask.bmp.Mask | 196 bytes | MD5: 0x6A385B06B6108CD109828A9F5F9FBE4C SHA-1: 0x8003481E740E7E02F32DF1C6866E0809BF59B1A9 |
(not available) |
| 23 | %Temp%\ish98171\sdk\exceptlist.txt | 34 bytes | MD5: 0xF01863CCE9F2A2E4DCEF02F285E561AF SHA-1: 0xE2CBA65BE3F487E3760CF8D9247D3F4F73FF8174 |
(not available) |
| 24 | [file and pathname of the sample #1] | 463,080 bytes | MD5: 0x5B669C5ACCAA7C40A5C241B3F63530CC SHA-1: 0xA57DFEE14F7245E0D7BCB8028D6249D7525EE8B0 |
packed with UPX [Kaspersky Lab] |
 | Memory Modifications |
| Process Name | Process Filename | Main Module Size |
| [filename of the sample #1] | [file and pathname of the sample #1] | 1,101,824 bytes |
 | Other details |
| Server Name | Server Port | Connect as User | Connection Password |
| os.downloadcdn.com | 80 | (null) | (null) |
| api.cnet.com | 80 | (null) | (null) |
All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.
The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2013 ThreatExpert. All rights reserved.