Submission Summary:

What's been foundSeverity Level
Attempts to use BITS (Background Intelligent Transfer Service). Some threats are known to use BITS to evade firewall filtering and download files without firewall inspection.
Produces outbound traffic.
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.

 

Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %CommonAppData%\Microsoft\Network\Downloader\qmgr0.dat 4,232 bytes MD5: 0x2305790B5D9D5A4B506555CB517022B1
SHA-1: 0x47882E723D6B4B21F21D57D3B80BAAECDB0E4FCF
(not available)
2 %CommonAppData%\Microsoft\Network\Downloader\qmgr1.dat 7,633 bytes MD5: 0x9BDE6088AE4BF7C554E32B936DE7B3A4
SHA-1: 0x569236F8F9AEEE1D0CC95939F4F5A1049C6E1A9A
(not available)
3 %CommonAppData%\Norton\00000083\00000033\1122\key.txt 13 bytes MD5: 0x3220750E06A26A039050E0A16B063C34
SHA-1: 0x8DFF38C7C13F70A2774C8AB7E926D27C307D7AEA
(not available)
4 %CommonAppData%\Norton\FSDUI-2011-09-21-22h11m22s.log 89,626 bytes MD5: 0xC3EE463BCFB414C8278AD0363391921D
SHA-1: 0x2941BCB6D2260150B68358245D8EDE3E44ED470A
(not available)
5 %CommonAppData%\Norton\FSDUI-2011-09-21-22h13m22s.log 4,082 bytes MD5: 0x292DF5163EAB24F5AF17C26D959C49A9
SHA-1: 0x708BD558C3F185140CC346BA7608A52EA331D4FE
(not available)
6 %CommonAppData%\Norton\URLS-{3A7FA539-8005-4603-87D2-SOS1-NSS-v5}-0.txt 919 bytes MD5: 0xB16998780BBC5E5C6CC3B0E060DBC472
SHA-1: 0xACE6C4DD656807B6E9CD160A69FD6D9D81C1AACB
(not available)
7 %CommonAppData%\Norton\_lck\_{3A7FA539-8005-4603-87D2-SOS1-NSS-v5}G
%ProgramFiles%\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\7190B588\5.0.0.125\09\01\AvPreScn.loc
%ProgramFiles%\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\7190B588\5.0.0.125\extract.dat
%ProgramFiles%\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\7190B588\5.0.0.125\layout.dat
%ProgramFiles%\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\7190B588\5.0.0.125\started.dat
%ProgramFiles%\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\_lck\_{0C55C096-0F1D-4F28-AAA2-85EF591126E7}G
0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
(not available)
8 %CommonAppData%\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI 157 bytes MD5: 0xD2180EA5220959BC6ADF404A0DD90048
SHA-1: 0x1BD5BAB54C9266454BAC182688CBD4FE5579C18B
(not available)
9 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\isolate.ini
%ProgramFiles%\Norton Security Suite\isolate.ini
%System%\drivers\N360\0500000.07D\isolate.ini
172 bytes MD5: 0x260547DB47C2E0640826EBA0F325AA48
SHA-1: 0x8C6163A1A84AB61DA2CC9C68BB949AD647F00261
(not available)
10 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\AntiSpam\ASStats.dat 388 bytes MD5: 0xDD7E4A6A89EB382DD1F31DC3F8D2CDA2
SHA-1: 0xB14A9A247318F5A69DC6A69E22E83CC3EDFE382B
(not available)
11 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\AntiSpam\BmiCfg.dat 636 bytes MD5: 0x4BE86AE98681EBA48585A59313F3D577
SHA-1: 0x279DB560415AB04C61596692B10811E265D8B594
(not available)
12 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\AntiSpam\WebQuery.dat 548 bytes MD5: 0x0393AEF66C3E3AD070838A5AEAA10FFF
SHA-1: 0x90A44386979D3F7D9E8C4306CDA5FEDA4DF5DB1C
(not available)
13 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\BASH\BASHOpts.bak
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\BASH\BASHOpts.dat
4,468 bytes MD5: 0xC06D0DFAA0990FD72E21A180800C6964
SHA-1: 0x86D7E8FEFD46447B2B649AE16BC31CB3AD29D6C5
(not available)
14 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\BASH\ShdSettg.dat 44 bytes MD5: 0x65EB58B2BDCA05AC72AA459D05100F13
SHA-1: 0x32FCD215C9374A31E77E6BF60F07E0E47EB2596D
(not available)
15 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\BASH\SPSettg.dat 140 bytes MD5: 0xED38A1A356BDB325DA3CD9FD1EF92CDB
SHA-1: 0xFFC20BEB912E3D176416316B525B5B7A9CEDAC49
(not available)
16 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\CLT\cltLMSx.dll 917,104 bytes MD5: 0xF48382C182D92727DBF2E0E5462BCF36
SHA-1: 0x10D576804880123D3D53BD76217CB63168BCD23F
packed with PE_Patch [Kaspersky Lab]
17 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\CLT\spocschd.dat 684 bytes MD5: 0xE0AD57FB3362DF54553A8B76A7A81A25
SHA-1: 0xFF078921E2476A6CF0C3661CD21883FF88810C48
(not available)
18 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\CmnClnt\ccJobMgr\JobMgr.dat 828 bytes MD5: 0xAF9141E250BB950E6608D773D66DE488
SHA-1: 0xDB89D5D75D8C7370C31DC5D06DD65EFB62E880BC
(not available)
19 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\CmnClnt\ccSetMgr\settings_5.0.0.125.dat 64,092 bytes MD5: 0x9D782EDC10F576ACDEEA4A0AF41B7DF7
SHA-1: 0x89AF13B6E29FA61BCEA47DE913D5BFBE99E6C26B
(not available)
20 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\CmnClnt\EMPxyOpt.dat 180 bytes MD5: 0xDA9AAA5677687A98BE9BE83AEEF5EF3B
SHA-1: 0x51DD9577847939040C102C03AD3D09997A90F2DE
(not available)
21 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\CmnClnt\SBSDKEng.dat 260 bytes MD5: 0x18A2B14ADF566FFC9C7014CB2EF3F568
SHA-1: 0xA39384333554D63A58C7BC660FD21AE6AC878C31
(not available)
22 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Connections\connections.dat 148 bytes MD5: 0x13C23F171F84A68DFE7AC0E832427354
SHA-1: 0x91EC65F4A8EFC82AE161CD8CF877A9B8574537EA
(not available)
23 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\AntispamDefs\20101203.035\CATALOG.DAT 610 bytes MD5: 0x0E156893CF6DB6EDF5A33F663B9D1699
SHA-1: 0x32F828A4865F0D4209F3F7BA8970099FD451DEE5
(not available)
24 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\AntispamDefs\20101203.035\lu.blrm.4 791,873 bytes MD5: 0xE55E876BE2081451678A433A8BF645CF
SHA-1: 0x29F8780447AD34ED3D57B5324460CD9E47F0C7B1
(not available)
25 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\AntispamDefs\20101203.035\lu.intsigs 52,952 bytes MD5: 0xEF3B835680CC98CB7296D55B43C76182
SHA-1: 0x2E72C0E5103A52118AC554B426CE3DD0DA31262E
(not available)
26 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\AntispamDefs\20101203.035\lu.spamhunter.4 294,118 bytes MD5: 0x1BD983B196D220392843F1C5DAEA54CC
SHA-1: 0xED55D5FF85D402DE08351BC3B77BBFB9CB929238
(not available)
27 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\AntispamDefs\20101203.035\v.grd 569 bytes MD5: 0x39411BE8CD50E5BB5ADB988E4B5AF6BD
SHA-1: 0x482DE13DC68228C55EB04EF461D6F3184F9A3E9D
(not available)
28 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\AntispamDefs\20101203.035\v.sig 2,605 bytes MD5: 0xBD209B05A08BF99584EEC0624BD6B155
SHA-1: 0x158B33BB28C432ECA50C86D7FEC60E150AE49F6E
(not available)
29 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\AntispamDefs\20101203.035\VIRSCAN1.DAT 16 bytes MD5: 0xD4CAECB974ABECE8597753C6F5611F16
SHA-1: 0x243F236AFF151692D222FC6438264BD15E575E4E
(not available)
30 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\AntispamDefs\definfo.dat 34 bytes MD5: 0x83940641068BFFAA4665E0A2D362699F
SHA-1: 0xA841EC72226D2F9981098672ABCD1D73CA122BED
(not available)
31 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\AntispamDefs\usage.dat 28 bytes MD5: 0x5899CE0B2116C0AB560173D452200164
SHA-1: 0x88DE193F8FF55CAAD8A8533E0FBE5AEFDA725865
(not available)
32 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BASH.dat 16,384 bytes MD5: 0x1F4FD77ABE79946EEA9327421E1C5F40
SHA-1: 0xB2E61930B531B4A7F25E34073C8A67F2B3EC6913
(not available)
33 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\bbRGen.dll 661,392 bytes MD5: 0x2D62C653368F090B34D07FEC4E44551D
SHA-1: 0x61C01B07C50B359B2377066E7065C1F182B4AA11
(not available)
34 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.CAT 7,452 bytes MD5: 0x4D92FCCD3663E580D7F8589C09314037
SHA-1: 0x1513C88472692F8A54EECB89802C31E231C15F55
(not available)
35 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.inf 639 bytes MD5: 0xC37C7545B841FC67AA101C3A975EB3F8
SHA-1: 0xB39434CE542E3706EF522A501AC36488DC23A7BE
(not available)
36 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys 953,904 bytes MD5: 0x446B2C459A7D11CD71350235D6977E2A
SHA-1: 0xF69BC21775C923168ADDCC6816260B02241222CB
(not available)
37 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.CAT 7,490 bytes MD5: 0x2FDECE3D7449A32CDD293DC208B8601B
SHA-1: 0xA17CF728B1DC872A0E8808E87677506AB7134A17
(not available)
38 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.inf 639 bytes MD5: 0xAEF402E18691DC88DC00B9C0B78278DB
SHA-1: 0x534659C3F54CEB16DA2B92385162AF8F1CC5A944
(not available)
39 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.sys 691,248 bytes MD5: 0x83A2FEC59A0A0FC73BF6598E901B2FBD
SHA-1: 0x1886B3D93115FAF14712CBD9AA2AF91B6E170BCB
(not available)
40 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHEngine.dll 1,426,832 bytes MD5: 0xEB215907FC51F5780D8E9246F1AC27CD
SHA-1: 0x5C6181424889F2D87C1680B6C4ADAB5F0404B676
(not available)
41 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHRules.dll 210,832 bytes MD5: 0x8AF47D604AC52DEC00EAB644729D8CD9
SHA-1: 0xDC5071EB8C2A3903EC97B18368A176DF564F1894
(not available)
42 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\bhscda.dat
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\bhscdp.dat
688 bytes MD5: 0x416486455312FA85370B23619E4D7CB3
SHA-1: 0xFF4BB913D0A23219AAFE2174FB2627B77B9A23B0
(not available)
43 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\bhscdad.dat 528 bytes MD5: 0x0ABD508505E182E1B8EB3764E7364AEF
SHA-1: 0xC22880556742797CA7A8DB52BA4415B031247F70
(not available)
44 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\bhscdpd.dat 528 bytes MD5: 0x2CB1501BE5C8BCC6213A810753CB2403
SHA-1: 0x8DA6889612E442F864A5B2271CB34F9E4CA32A13
(not available)
45 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\bhscexa.dat 3,664 bytes MD5: 0x90803D47082F19C3A95C57A199E5C287
SHA-1: 0x37CD79968C08B47C0BEEB2A0491CE3F5D42D30A4
(not available)
46 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\bhscexp.dat 3,568 bytes MD5: 0xF70CA5E3A0595578DFDEA5070EBC1AF7
SHA-1: 0xFC15383B8BA52870B3EEF0B27D8EB3FC54F446C6
(not available)
47 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\bhscpa.dat 122,112 bytes MD5: 0x25C08F56A89E1C5364B080B5E31C1729
SHA-1: 0xD895FD8D5DF59EB0DD1A475001A24DA1EE703C7E
(not available)
48 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\bhscpad.dat 163,496 bytes MD5: 0xA392DEE2230911C454EEE8AE461847FF
SHA-1: 0xBC471B8B3124C18D2797DFAC59012A720B1547C9
(not available)
49 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\bhscpp.dat 40,112 bytes MD5: 0x7767FB1706F1C9437058DF262AC68882
SHA-1: 0xBA7D38EA801D9D3736BBE308515A50656EA9FB4B
(not available)
50 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\bhscppd.dat 54,816 bytes MD5: 0x6B6C551DAA1FCFA449C89CD5F8C7A278
SHA-1: 0xD1BF5061D71440D29B2955785FC7EE4209EA3D35
(not available)
51 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\CATALOG.DAT 1,219 bytes MD5: 0xFE41170DB40AEE958C1BAE949DDD6CC5
SHA-1: 0x201305E69E67059571DE98AA73523BB2C6276187
(not available)
52 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\MISLAPP.dat 14,360 bytes MD5: 0x031B1C8B59F8242B0F58EEC13B5E1369
SHA-1: 0x64CC22D8D5526DB67F710468E29376ABEFF1774A
(not available)
53 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\v.grd 1,772 bytes MD5: 0xD3FF03CCD02D9636A276F182B80140FF
SHA-1: 0x39C11CF9F2020227D4CCEA983B4B596433D651BF
(not available)
54 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\v.sig 2,605 bytes MD5: 0xB1F6D1A2E653312CC8433211818D2026
SHA-1: 0x51DFBAC0353F2D4B3CBF4E7389776462D4582059
(not available)
55 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\Virscan1.dat 32 bytes MD5: 0x10CC2DC54062D1CF06A100CA2D9E3D1F
SHA-1: 0x0CE3C4AE6DAAF275CAB1894478DC98A99815193B
(not available)
56 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\zdone.dat
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\Zdone.dat
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\BinHub\zdone.dat
224 bytes MD5: 0x2EA09C8B4B4669C516433AE31982E259
SHA-1: 0x2A81643BD087028E56B8B7E89E13407CE3911383
(not available)
57 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\definfo.dat 34 bytes MD5: 0x4688138A1797F29C2E82346690F60E68
SHA-1: 0x983397E5D88041AC82905C0151F112B5EF7F036B
(not available)
58 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\usage.dat 24 bytes MD5: 0xAB52BBD3402F2A32CA15B92C8231D893
SHA-1: 0x63B4EA3B668A34E2206DDFFFF6172AB982D46A85
(not available)
59 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\CATALOG.DAT
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\BinHub\catalog.dat
982 bytes MD5: 0x3730B7B3E8305A6AD4822A413203D57A
SHA-1: 0x020A90032EE663B42716329434D60C803BBA1918
(not available)
60 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSVia64.cat
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\BinHub\IDSVia64.CAT
7,835 bytes MD5: 0xB7AB6CFD7C60CDD6F6DC3AC95721F682
SHA-1: 0x43A044575E6BB539D41116682E0E5B50E5AD5E28
(not available)
61 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSVia64.inf
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\BinHub\IDSVia64.INF
971 bytes MD5: 0xFC1A224A6772E48F61811EE1BF212E4C
SHA-1: 0xDB257C3E8B2AE1E0E8954EA539ABBF868B40D13A
(not available)
62 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSviA64.sys
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\BinHub\IDSvia64.sys
476,792 bytes MD5: 0x6F9B281BC4AFFF5FE784D7DA699D347F
SHA-1: 0x51D170F3918E464CE52E1D76B10D5BA9D2C6C52F
(not available)
63 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSVix86.cat
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\BinHub\IDSVix86.CAT
7,835 bytes MD5: 0xA788E397BCEBD8358FF30924BBB42FEB
SHA-1: 0x5B42E51E4DF1FA2567FCA4AA70779DF6B84B664B
(not available)
64 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSVix86.inf
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\BinHub\IDSVix86.INF
1,020 bytes MD5: 0x8ECAA5C773993ED158458BD1F0E12055
SHA-1: 0x8B6CDB12AE8694908323F85B18680A2F2D40588F
(not available)
65 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSvix86.sys
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\BinHub\IDSvix86.sys
353,912 bytes MD5: 0x33CA0E61EAB15D439A1F592DDC020712
SHA-1: 0x2577E84B9681D23E3C3FE6A9ECFA902828FFB72A
(not available)
66 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSxpx86.dll
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\BinHub\idsxpx86.dll
504,760 bytes MD5: 0x6DAEFB0699E86A0BADFEBBE6E1DE85FA
SHA-1: 0x60C0E648B78A43D53609C594F80AE9CA5C66C3FD
(not available)
67 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSXpx86.sys
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\BinHub\IDSxpx86.sys
341,944 bytes MD5: 0x0308238C582A55D83D34FEEE39542793
SHA-1: 0xDB07A91DADEDA78D2AA3ACA32A6721AE057ADFA3
(not available)
68 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\MetaData.dat
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\BinHub\metadata.dat
280,504 bytes MD5: 0xBB91E908C349217DAF0EFC9567530190
SHA-1: 0x0F4246D80E860CA884CED938E4CB5A4A92886C20
(not available)
69 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\scrx86ff.dat
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\BinHub\Scrx86FF.dat
39,413 bytes MD5: 0x002768371DB53DB045D2CF1B512849F4
SHA-1: 0x6B758CFB2FC9340210373317EF554A896E66A592
(not available)
70 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\scrx86ie.dat
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\BinHub\Scrx86IE.dat
146,033 bytes MD5: 0xECD1CC52820B723533E5B86CD51176AA
SHA-1: 0xD4F54A6A9732079B069BE51AC4DE1E5E0F0FF500
(not available)
71 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\Scxpx86.dll
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\BinHub\scxpx86.dll
817,080 bytes MD5: 0x0576E95EC1B96C2C3938F481A7077A7E
SHA-1: 0xE7E96F7C62A5B1E700FFC1E9012172E1E02F135C
(not available)
72 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\sigs.dat
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\BinHub\sigs.dat
760,428 bytes MD5: 0x718C86EA28B0E8C92BF4265554950571
SHA-1: 0xA2931E1ECCF60353E16FD53F9A0717565C396415
(not available)
73 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\v.grd
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\BinHub\v.grd
1,375 bytes MD5: 0x9475F0389C2E978109E6F42B311F12DE
SHA-1: 0x89232722BF8456C86E0243E0E2E1CCD064A8D6C8
(not available)
74 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\v.sig
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\BinHub\v.sig
2,605 bytes MD5: 0x4F535116AE11F3623A94297B663D2915
SHA-1: 0x4A6DE2EC88BE2C12E28DDFE29C50748CC2DC2CFC
(not available)
75 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\virscan1.dat
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\BinHub\virscan1.dat
32 bytes MD5: 0x5B363029B0584473A811A2B27A4E2800
SHA-1: 0xAC211E0EBF774CB935A7D3B17ADF0403B521F8AE
(not available)
76 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\vulnxml.z
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\BinHub\vulnxml.z
30,271 bytes MD5: 0x31C9BA2630A13D1A32A1AFDAA5168B4E
SHA-1: 0xB90A8D143598ED2D47C657E5C0D746CDCBF213D2
(not available)
77 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\vulnxsd.z
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\BinHub\vulnxsd.z
978 bytes MD5: 0xE2F06FEB2AAC2C0F9651CEBC708DEDFF
SHA-1: 0x4765624D825F37DCF41FE3A19D47AD4CCD422978
(not available)
78 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\definfo.dat 34 bytes MD5: 0xD25F1F8947328A84EFC936F6A17A96FD
SHA-1: 0x84BE8C20D1CEE7C55CE700D0BA69F71AAAD80885
(not available)
79 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\usage.dat 37 bytes MD5: 0x4ECB8A42A0716B34714247C7E3D5ECB9
SHA-1: 0x4CD993D7F40ED8DEC2646F102DCD89BAA63E85F2
(not available)
80 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\WebProtectionDefs\20101110.006\Catalog.dat
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\WebProtectionDefs\BinHub\catalog.dat
2,410 bytes MD5: 0xE1C87930A55CD6A1CAABA3CFAA7452B4
SHA-1: 0x4C5B7ADDD47B7F020C294CFF2DC725EFED6D17AE
(not available)
81 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\WebProtectionDefs\20101110.006\v.grd
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\WebProtectionDefs\BinHub\v.grd
1,336 bytes MD5: 0xEE0EA9836B71B808CE58636C2B62614B
SHA-1: 0xD795EF34C0045F6817D33E1F6C50FA9AD247AE2E
(not available)
82 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\WebProtectionDefs\20101110.006\v.sig
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\WebProtectionDefs\BinHub\v.sig
2,605 bytes MD5: 0x56996EE44DC7FE99A52F72BBF6BB20B2
SHA-1: 0xB780E3BD76F93BCD17DB8E68F845E6BD993FDD85
(not available)
83 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\WebProtectionDefs\20101110.006\virscan1.dat
%CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\WebProtectionDefs\BinHub\virscan1.dat
32 bytes MD5: 0xCE630E42E64BA2D6D4B4361CE2D8A24C
SHA-1: 0x0B3EC9DE51DCE26E0DBC006B5BA34E428234FAFB
(not available)
84 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\WebProtectionDefs\definfo.dat 34 bytes MD5: 0xF0E4BA0DD7599061794DC4C69D8CF7F9
SHA-1: 0x7DA992D044C45F8B0949518A40B90C0799F50304
(not available)
85 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\WebProtectionDefs\NcoDefs.ncz 1,629,280 bytes MD5: 0xF17785860CAA7465DB35D24E42D2280D
SHA-1: 0xB8D99E435083F67ADF9EC2182E37D7169C29E777
(not available)
86 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\WebProtectionDefs\usage.dat 37 bytes MD5: 0x46C528DCC6A67F663781C26FE8014E19
SHA-1: 0x5EA6928FEA5878CCA2F3B4995F1A03777B1FEDF8
(not available)
87 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\diMaster\service.dat 468 bytes MD5: 0x75AA323155448E14A5E6C23B04144348
SHA-1: 0xDF83302D649C607834E96F75939C2C69C74CA9D5
(not available)
88 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\diStRptr\diStRptr.dat 236 bytes MD5: 0xF55469AAC28055DFB0C8F134BFE1E49C
SHA-1: 0xFA513284648738BC2944A46375A9826BDBFC5FDF
(not available)
89 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\diStRptr\SCD.dat 44,204 bytes MD5: 0x5554212405E4FCD95556CBDD8C1B0B5C
SHA-1: 0xD03D61BA0836BA683D9B4DFBFF379AE0B6A65055
(not available)
90 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\DuLuCbkPkg\{05DD78B7-77A1-4393-888E-D8EC961A3B19}.dat 524 bytes MD5: 0x22AE77225C3472275C6C0D195DCFDFA2
SHA-1: 0x4DB758207B2C5680DDE0E87CD66D08B1126E3AEF
(not available)
91 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\DuLuCbkPkg\{0693F93A-DEFD-22EE-B444-87D156D89593}.dat 556 bytes MD5: 0x34AA5B454A658AEC260EC3BEA8782533
SHA-1: 0xBCFBDB813187689B64CBEAE151F56975F0A4676E
(not available)
92 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\DuLuCbkPkg\{0EE02A82-DEFD-22EE-A5D1-BCD156D89593}.dat 556 bytes MD5: 0xED907BFF139920BB13BB9B7AFDE23361
SHA-1: 0xE4F6D62690D6A9D894D0795C334C1CD23F1EF307
(not available)
93 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\DuLuCbkPkg\{12589686-DEFD-22EE-9DA6-DDD156D89593}.dat 316 bytes MD5: 0x81EA9DF36A560770AF352C21E1E113C9
SHA-1: 0x85AB06DF81F71FE1E208FC4E66DA43DAF7F0326D
(not available)
94 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\DuLuCbkPkg\{15150957-2A4A-4090-907E-CF14E7013A21}.dat 700 bytes MD5: 0xFA6A98473B5C653DCA0F3E8550AEAD19
SHA-1: 0x9B8BC3F640535DBE3F1F350F25F61A4E98236BF1
(not available)
95 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\DuLuCbkPkg\{1EC30809-4D73-45e5-9FB7-4556BF2591F7}.dat 596 bytes MD5: 0xC7A909A96FFA2CA4B77032CE59509F23
SHA-1: 0x773555DEB4E9E9145513DAC7A6C92D13E147E118
(not available)
96 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\DuLuCbkPkg\{2F090208-20DC-42f0-BBD8-B68B472F7215}.dat 1,036 bytes MD5: 0x068CF2E4EB4592BAADE1312329B36BA1
SHA-1: 0x67B1646E6E832ECE9EF3410B15B3BE597DFFB918
(not available)
97 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\DuLuCbkPkg\{352A29CB-F796-4122-A5C1-F8001F96A569}.dat 604 bytes MD5: 0xA2EE575B76799DCF9BB245CDFD2543E4
SHA-1: 0x168CEB025B20DA569641C327F5353A699D77E389
(not available)
98 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\DuLuCbkPkg\{3AA31D7B-6C7D-4024-B1CC-E1055FA92A87}.dat 636 bytes MD5: 0xBCB6131A685CDF2D3B1F4015AA21FA8B
SHA-1: 0xE9CB837810D4D7F606463AA21915D0A1B1CD4238
(not available)
99 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\DuLuCbkPkg\{472D8358-D03B-4175-BD36-D479E4BBE105}.dat 492 bytes MD5: 0x83486DF7C2F8D152AD7BE4A07BC50890
SHA-1: 0xA4CA3254A557D61E65C407BDA71B156213C22B87
(not available)
100 %CommonAppData%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\DuLuCbkPkg\{50B092DE-40D5-4724-971B-D3D90E9EE987}.dat 524 bytes MD5: 0xB2D1665B02B0C94F0DD40F75D8D97319
SHA-1: 0x9121A03148FEA2095057CC42342F80A54E5C24DB
(not available)

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]1,404,928 bytes

 

Registry Modifications

 

Other details

Remote HostPort Number
204.0.5.5980
206.204.54.23680
64.208.241.3380
64.208.241.3580
64.208.241.6580
67.134.208.16080

 

Outbound traffic (potentially malicious)

 

Heuristics Analysis

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.