Submission Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).


Technical Details:


File System Modifications

#Filename(s)File SizeFile HashAlias
1 %CommonAppData%\Bcool\background.html 5,275 bytes MD5: 0x57EE780F236D087B24E9A761D80F7322
SHA-1: 0x7A5AE371F7F33F9963E73CCC82BB027B21172663
(not available)
2 %CommonAppData%\Bcool\bhoclass.dll 140,800 bytes MD5: 0xAC13C733379328F86568F6E514C2F7F8
SHA-1: 0x338901240FEDCEF4E3892FD4C723C89154F4DE05
(not available)
3 %CommonAppData%\Bcool\content.js 387 bytes MD5: 0xAD08E0DA29745D8A2BF865E210010CC6
SHA-1: 0x45CA8A9490C437408E7929AE542B1A5AB5FD1441
(not available)
4 %CommonAppData%\Bcool\ilmmaihonadcijpgfplhidggnfophkof.crx 38,122 bytes MD5: 0xA3CF93C4038A1F87F0CB9AC4EB438C32
SHA-1: 0x216DFC1B14C004C9F4416C3137E23020BE76CDC6
(not available)
5 %CommonAppData%\Bcool\settings.ini 593 bytes MD5: 0x41F2C012C219FFE348C5C8CB4D8C6A7C
(not available)
6 %CommonAppData%\Bcool\uninstall.exe 47,445 bytes MD5: 0x2628F4240552CC3B2BA04EE51078AE0C
SHA-1: 0x5B0CCA662149240D1FD4354BEAC1338E97E334EA
(not available)
7 %CommonPrograms%\Bcool\Bcool.lnk 272 bytes MD5: 0x91765DBA15E631999722765410087665
SHA-1: 0xEBDFC2393F938450624FE103353C82232A8C6500
(not available)
8 %CommonPrograms%\Bcool\Uninstall.lnk 1,090 bytes MD5: 0x5FBE8C7997E421A6008034C4DF753819
SHA-1: 0x578B5FA30BB599287F649F3101CF44F44CF00919
(not available)
9 c:\settings.ini 510 bytes MD5: 0xF35AAA221EB79BB2F220BCBB354A95A0
SHA-1: 0x0CDD17F72836DD642219A00393F3B9B67D945524
AdWare.Bcool [Ikarus]
10 [file and pathname of the sample #1] 320,782 bytes MD5: 0x5B8B0059B86C2EA185B13760DA4465FA
SHA-1: 0xC422901DD769542E5AB7B4F476357045643A2773
(not available)


Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]163,840 bytes
setup.exe%Temp%\7zS1.tmp\setup.exe249,856 bytes


Registry Modifications


Other details


Server NameServer PortConnect as UserConnection Password



All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2015 ThreatExpert. All rights reserved.