ThreatExpert Report: W32.Spybot.Worm, Mal/Generic-L, TrojanDownloader:Win32/Troxen!rts..

Submission Summary:

Submission details:

Submission received: 12 August 2012, 03:12:42
Processing time: 9 min 19 sec
Submitted sample:

File MD5: 0x5DEC9779DF1A92BD311348A7A002AD41
File SHA-1: 0x8BE7D3EAC896C32D7A6184E7E61AE7D7244CAD2C
Filesize: 4,815,458 bytes

Summary of the findings:

What's been found	Severity Level
Contains characteristics of an identified security risk.

Technical Details:

Possible Security Risk

Attention! Characteristics of the following security risk was identified in the system:

Security Risk	Description
Adware.FlashTrack	FlashTrack is an Internet Explorer Browser Helper Object that monitors users search activities and sends the information back to flashtrack.net. No personal information such as username, password or machine name are sent. The information sent out is used by FlashTrack to analyze a users search behaviours.

Attention! The following threat categories were identified:

Threat Category	Description
	A network-aware worm that attempts to replicate across the existing network(s)
	A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%CommonPrograms%\Biromsoft WebAlbum\Biromsoft WebAlbum Help.lnk	738 bytes	MD5: 0x84DB8878F2D2B54F77049FD55BC706EC SHA-1: 0x08487CC23E93E1C153D08B0549DFD7ED27457C13	(not available)
2	%CommonPrograms%\Biromsoft WebAlbum\Biromsoft WebAlbum.lnk	798 bytes	MD5: 0xF2811F41BE30BC825C75180E67E984D5 SHA-1: 0xEC0066DEB319A38F775146F877B1ACAE37F3F486	(not available)
3	%CommonPrograms%\Biromsoft WebAlbum\Register WebAlbum.lnk	798 bytes	MD5: 0x8CFB0D225142A09727464867A8DE2F1D SHA-1: 0x8958406029EA7F0C7D6E2402ED95A4AB4F3B5B00	(not available)
4	%CommonPrograms%\Biromsoft WebAlbum\Uninstall Biromsoft WebAlbum.lnk	786 bytes	MD5: 0x6A71436F2C6A21824ACCBF434359C0F3 SHA-1: 0xC369C5DF9446FF94D1A4D23EFF6754687A00FFF0	(not available)
5	%CommonPrograms%\Biromsoft WebAlbum\Visit Biromsoft.lnk	779 bytes	MD5: 0xE352C84BDFE16C4A5FD23207C4637DDC SHA-1: 0x612B5243379F2E8A47C7411485F78D0E24CBD9EF	(not available)
6	%Temp%\1.exe	2,669,310 bytes	MD5: 0x8C15113EA27EF6CD98813D99FA6693D4 SHA-1: 0xD73A8540B684196AFCA85089868D4F1D9DDC95F2	(not available)
7	%Temp%\10.exe	9,486 bytes	MD5: 0x57F506C1B907FE8D620179D5DF7E98F6 SHA-1: 0x7C7D565056C1ED53B3E83191E1670820D5D5C99F	W32.Spybot.Worm [Symantec] Mal/Generic-L [Sophos] TrojanDownloader:Win32/Troxen!rts [Microsoft] Constructor.Win32.MicroJoiner [Ikarus] Win-Trojan/Konix.9486.F [AhnLab]
8	%Temp%\11.exe	43,711 bytes	MD5: 0x6C0C34F19E1A8CAC841DDC9C94AE5624 SHA-1: 0x1242F2A2B63CB029FEE051851B7674F10DFED3B0	(not available)
9	%Temp%\12.exe	6,113 bytes	MD5: 0xD9870E4E10326BF0A852FB3EACD7BED6 SHA-1: 0xA6D14DBE0A0C6E44EE72EC1780A05CD27AF2882B	(not available)
10	%Temp%\13.exe	43,938 bytes	MD5: 0xFBBA11C7696436AAF1AD81A0A687F12D SHA-1: 0x7DE001403A6BCB64FED842E3EC7E8A76D13993E6	packed with UPX [Kaspersky Lab]
11	%Temp%\14.exe	18,061 bytes	MD5: 0xFFC40EB7E1B4176B36B69D2EB502BC68 SHA-1: 0x87C155A0EA7B5E32720A4C4FF1C5129C6A69875B	packed with UPX [Kaspersky Lab]
12	%Temp%\15.exe	18,080 bytes	MD5: 0x2122400C0C3C54419F8D42B392C94698 SHA-1: 0x57D6BF1E239FCDEDDC646D44CC8D4E215ED9E3F3	packed with UPX [Kaspersky Lab]
13	%Temp%\2.exe	41,472 bytes	MD5: 0xC6443A897D00CE59B1F3DEC1BE3CC6BD SHA-1: 0x58D15177E0EE0358B48A8524DDAFF25ED48D0CBB	packed with Petite [Kaspersky Lab]
14	%Temp%\3.exe	23,040 bytes	MD5: 0x1BA9CBDCAE7F03D5318D6FA6F5382D45 SHA-1: 0x51497331B438135A03FB5E366A2A58A9B775ACA0	Generic FakeAlert.ama [McAfee] Trojan.Crypt [Ikarus]
15	%Temp%\4.exe	86,528 bytes	MD5: 0x7464EFF8BB79FBE35244909FA43034A6 SHA-1: 0x9DAAAEF7664572902B9996536BF19859424BDE81	Trojan Horse [Symantec] Mal/Behav-381 [Sophos] possible-Threat.Patch.SuspectCRC [Ikarus]
16	%Temp%\5.exe	907,028 bytes	MD5: 0xA7717C672A42D295C521177D919A8140 SHA-1: 0x174BB724ADABADF24748685EF70FFDDC31FE423D	Mal/Packer [Sophos] packed with NSPack [Kaspersky Lab]
17	%Temp%\6.exe	231,751 bytes	MD5: 0xDC4EF5E78222E21922C809904474E67E SHA-1: 0x1491959BA1FE6CC8A201DE18DE38853E22E82476	Tool-TPatch [McAfee] Trojan.Feutel.AV [Ikarus]
18	%Temp%\7.exe	898,353 bytes	MD5: 0x089939801DE8A3E5126B609897CBBB08 SHA-1: 0xD633486BE9DF63E7D2E17CAC20AC397A5276A7E6	(not available)
19	%Temp%\8.exe	36,864 bytes	MD5: 0xACD9C74809D48C7DBE9A59B109515E60 SHA-1: 0xDCB9626125773C36D62B53405ECF6F36CA35C948	Virus.Win32.Delf [Ikarus]
20	%Temp%\9.exe	46,080 bytes	MD5: 0x5564B5024AD35BE1FEC55196620B3CAD SHA-1: 0xE68CA32736006AA8AA10C30F1E119A467ADA703B	Win32.VB.aa [Ikarus]
21	%Temp%\GLF8.tmp %Temp%\GLFF.tmp	9,728 bytes	MD5: 0xB9B41E50D612E00BF3A49A6405B89D74 SHA-1: 0x88063EE643C64F18FEDDA1890C717122634AEDFD	(not available)
22	%ProgramFiles%\Biromsoft\webalbum\bsoft.url	50 bytes	MD5: 0x898D0857733B187002F8518ABFDCAF47 SHA-1: 0x40D8F506709ACE12CE9AA9355E634088F75C01A6	(not available)
23	%ProgramFiles%\Biromsoft\webalbum\INSTALL.LOG	75,146 bytes	MD5: 0x5AF6584D5592C1626E43E277F9C6942E SHA-1: 0x03B9C84246AE79887ADCCBAC5ECF571F08BE08F0	(not available)
24	%ProgramFiles%\Biromsoft\webalbum\license.txt	2,239 bytes	MD5: 0x6B482F033D67800A35683F5C2321DC38 SHA-1: 0xB01F215BB8F16ED6616491995AB02B7CD47FAB96	(not available)
25	%ProgramFiles%\Biromsoft\webalbum\readme.txt	2,240 bytes	MD5: 0xD42F94CBF04FD0D5D18BAFBEED89D7DB SHA-1: 0x157AD348BA0BB1B933C7DE769535F3C7A9AFE792	(not available)
26	%ProgramFiles%\Biromsoft\webalbum\register.url	61 bytes	MD5: 0x2D94AED3C9FB51BB108E404F736B48A4 SHA-1: 0xF8F8FD75057861CC900C3A96474C9B1215E31CAF	(not available)
27	%ProgramFiles%\Biromsoft\webalbum\Themes\Aibo\bottom.htm %ProgramFiles%\Biromsoft\webalbum\Themes\Autumn\bottom.htm %ProgramFiles%\Biromsoft\webalbum\Themes\Birthday\bottom.htm %ProgramFiles%\Biromsoft\webalbum\Themes\Lighthouse\bottom.htm %ProgramFiles%\Biromsoft\webalbum\Themes\Palm\bottom.htm %ProgramFiles%\Biromsoft\webalbum\Themes\Smack\bottom.htm %ProgramFiles%\Biromsoft\webalbum\Themes\Train\bottom.htm	573 bytes	MD5: 0x450FF4A3F664BADA2411D55510B19521 SHA-1: 0x3BFA44DBDDD0FC1ABAB01B333907F3A7C8DE45BC	(not available)
28	%ProgramFiles%\Biromsoft\webalbum\Themes\Aibo\bwa1.jpg	9,209 bytes	MD5: 0x4BDE4CFCC64A883B8E454C18F93F4229 SHA-1: 0xDC4FA6126512B80605221BB4240D511662A38041	(not available)
29	%ProgramFiles%\Biromsoft\webalbum\Themes\Aibo\bwa2.jpg	14,135 bytes	MD5: 0xDEBC0091F4861AA64AC7F85699642AF4 SHA-1: 0x50BA4A3C784A7A9C1CED439A67536D45898FEC05	(not available)
30	%ProgramFiles%\Biromsoft\webalbum\Themes\Aibo\bwa3.gif	2,616 bytes	MD5: 0xF07ADBDF739132D2855F8A0525CC5CB6 SHA-1: 0x08D5CF4CC81359D7140AA395F13FF5FD34EF35DB	(not available)
31	%ProgramFiles%\Biromsoft\webalbum\Themes\Aibo\bwab.gif	45 bytes	MD5: 0x115F78713A9EF5B990868F5053B2990F SHA-1: 0x45902387D597588E773CD5E0C3249A5F2E026AD3	(not available)
32	%ProgramFiles%\Biromsoft\webalbum\Themes\Aibo\bwalogo.gif	2,200 bytes	MD5: 0x980B0B9AC7D72981D40F07C29AA85DA2 SHA-1: 0x754353DA3772BFA9235515C247D8006F14008EE5	(not available)
33	%ProgramFiles%\Biromsoft\webalbum\Themes\Aibo\dishome_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Album\dishome_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Aquamarine\dishome_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Autumn\dishome_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Beagle\dishome_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Birthday\dishome_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Bmw\dishome_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Cala\dishome_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Film\dishome_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Forest\dishome_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Lighthouse\dishome_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Love\dishome_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Orange\dishome_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Palm\dishome_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Red\dishome_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Smack\dishome_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Sportcar\dishome_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Train\dishome_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Yellow\dishome_bswa.gif	974 bytes	MD5: 0x623B2A874A9087AA1E1DF41804E5292F SHA-1: 0xEE61558A5608F199046B6402E6865A8BB0B412CD	(not available)
34	%ProgramFiles%\Biromsoft\webalbum\Themes\Aibo\disleft_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Album\disleft_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Aquamarine\disleft_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Autumn\disleft_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Beagle\disleft_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Birthday\disleft_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Bmw\disleft_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Cala\disleft_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Film\disleft_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Forest\disleft_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Lighthouse\disleft_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Love\disleft_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Orange\disleft_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Palm\disleft_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Red\disleft_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Smack\disleft_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Sportcar\disleft_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Train\disleft_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Yellow\disleft_bswa.gif	982 bytes	MD5: 0x75726709B6EB330CA8935F250C273E5B SHA-1: 0x1B65108967C13FDE8939332F9DFD7AF04C269D48	(not available)
35	%ProgramFiles%\Biromsoft\webalbum\Themes\Aibo\disright_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Album\disright_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Aquamarine\disright_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Autumn\disright_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Beagle\disright_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Birthday\disright_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Bmw\disright_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Cala\disright_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Film\disright_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Forest\disright_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Lighthouse\disright_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Love\disright_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Orange\disright_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Palm\disright_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Red\disright_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Smack\disright_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Sportcar\disright_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Train\disright_bswa.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Yellow\disright_bswa.gif	1,466 bytes	MD5: 0x1892D69823EFD85170613C89FD934002 SHA-1: 0xCF4E52EAB9FF8552C63D2696B2EF157F12B68832	(not available)
36	%ProgramFiles%\Biromsoft\webalbum\Themes\Aibo\home.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Album\home.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Aquamarine\home.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Autumn\home.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Beagle\home.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Birthday\home.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Bmw\home.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Cala\home.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Film\home.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Forest\home.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Lighthouse\home.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Love\home.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Orange\home.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Palm\home.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Red\home.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Smack\home.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Sportcar\home.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Train\home.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Yellow\home.gif	1,029 bytes	MD5: 0x8960E6752FFC5515E7A6D4C592CBE7F9 SHA-1: 0x69B94BF020FE37C9A81619866B951BE820B7BE57	(not available)
37	%ProgramFiles%\Biromsoft\webalbum\Themes\Aibo\left.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Album\left.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Aquamarine\left.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Autumn\left.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Beagle\left.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Birthday\left.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Bmw\left.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Cala\left.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Film\left.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Forest\left.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Lighthouse\left.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Love\left.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Orange\left.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Palm\left.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Red\left.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Smack\left.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Sportcar\left.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Train\left.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Yellow\left.gif	1,020 bytes	MD5: 0xEAE67BED9E2CCDC9BBC38026217ED92B SHA-1: 0x13F25BAB5564B678510464AC45DD847C638C94E3	(not available)
38	%ProgramFiles%\Biromsoft\webalbum\Themes\Aibo\right.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Album\right.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Aquamarine\right.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Autumn\right.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Beagle\right.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Birthday\right.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Bmw\right.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Cala\right.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Film\right.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Forest\right.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Lighthouse\right.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Love\right.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Orange\right.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Palm\right.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Red\right.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Smack\right.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Sportcar\right.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Train\right.gif %ProgramFiles%\Biromsoft\webalbum\Themes\Yellow\right.gif	1,027 bytes	MD5: 0x66D28DDA18F87625F698F90EA335A3C5 SHA-1: 0xEAF2096A5FD2733DC6701CA642A6FFB0E97AE673	(not available)
39	%ProgramFiles%\Biromsoft\webalbum\Themes\Aibo\Thema.jpg	13,103 bytes	MD5: 0x6F55BB67CDD878AB9E6B2EFF3C2A9D09 SHA-1: 0xAB7CEF218A1893727379A6658FF96B0889140920	(not available)
40	%ProgramFiles%\Biromsoft\webalbum\Themes\Aibo\theme.ini	122 bytes	MD5: 0xA4D93F008A066D43560DB2BE1CE42DC7 SHA-1: 0xBC0C921963EEA941AFDC7AA375BF08F9B212C900	(not available)
41	%ProgramFiles%\Biromsoft\webalbum\Themes\Aibo\top.htm	1,047 bytes	MD5: 0xA33BF2AD6551A1001762D80F7FD6A54D SHA-1: 0x7C64C6B3F4C8F85EBFB3BFEBFBC25DC06D693FB7	(not available)
42	%ProgramFiles%\Biromsoft\webalbum\Themes\Album\bb.gif	752 bytes	MD5: 0x211C4058AA31D1656511F27B7C6D0005 SHA-1: 0x6A6FAB8AE74A9902EB901EB83B905526559F9579	(not available)
43	%ProgramFiles%\Biromsoft\webalbum\Themes\Album\bottom.htm	651 bytes	MD5: 0xA884EFC9502CB4FEBD09CEC43E8A0BA9 SHA-1: 0xCAA35AC2D1A3AF1F28C53DCAFCD26A0CCAA849F3	(not available)
44	%ProgramFiles%\Biromsoft\webalbum\Themes\Album\bs.gif	4,879 bytes	MD5: 0xF031F88F46F914EABCBBF5B1DE9DC31B SHA-1: 0x8E4BFADFB341BF154BF459E572ACF6CD5ED57AF8	(not available)
45	%ProgramFiles%\Biromsoft\webalbum\Themes\Album\lb.gif	1,262 bytes	MD5: 0x56ED89B56CC980839A249469FD4BE3A2 SHA-1: 0xF23C799ED33ADC2C9A262D80946858C24B7E08D4	(not available)
46	%ProgramFiles%\Biromsoft\webalbum\Themes\Album\lbc.gif	2,092 bytes	MD5: 0x05EA082277F749C27E2C9D7EC2BEEBE6 SHA-1: 0xB5A63073493CE66EEE8F520A7259752D6D2C6164	(not available)
47	%ProgramFiles%\Biromsoft\webalbum\Themes\Album\ltc.gif	1,664 bytes	MD5: 0x576787B4801D1DB3E4330BE64BDFBC05 SHA-1: 0x06100F029AC4CAD96119F38771008EC963CCCBA2	(not available)
48	%ProgramFiles%\Biromsoft\webalbum\Themes\Album\rb.gif	733 bytes	MD5: 0xCB4BC3F0C4EF3480C5ABD8686EEB5319 SHA-1: 0x4A2E7E4A81686A5AB0BFF9BCAB1712A396918666	(not available)
49	%ProgramFiles%\Biromsoft\webalbum\Themes\Album\rbc.gif	1,306 bytes	MD5: 0x5292425C957450D85EB3912AE8ECC1E4 SHA-1: 0xAEA8B93BF7576CFCF3738AC5827E6E2B8AB872C2	(not available)
50	%ProgramFiles%\Biromsoft\webalbum\Themes\Album\rtc.gif	1,036 bytes	MD5: 0x253E0EE0DA6D69F4FAB00E9355964FDF SHA-1: 0x8B937FD339BD3C86576DF54D672B92C4EE9007D6	(not available)
51	%ProgramFiles%\Biromsoft\webalbum\Themes\Album\tb.gif	313 bytes	MD5: 0xFAEF3B81B1BF48D3F5650B7BC2E483C4 SHA-1: 0x35D851C4FAD5E72910D81CDC8DBB512D9B662A0C	(not available)
52	%ProgramFiles%\Biromsoft\webalbum\Themes\Album\Thema.jpg	15,570 bytes	MD5: 0x3CDDA07DEC3EF730D56110AEDD9E14C0 SHA-1: 0x7B969D352775C3BF373FDBD32642E414D0AAC874	(not available)
53	%ProgramFiles%\Biromsoft\webalbum\Themes\Album\theme.ini	123 bytes	MD5: 0x051F7EBE6A3F08AB15CFD022CC22AD4C SHA-1: 0xFCAA90BE71A1B33D40EFA5B447F66D41D46EFC3D	(not available)
54	%ProgramFiles%\Biromsoft\webalbum\Themes\Album\top.htm	990 bytes	MD5: 0x8C5830C860B093BBEE126F0C55A2382E SHA-1: 0xF11A977DB395749B0006F388482AC47787879CBD	(not available)
55	%ProgramFiles%\Biromsoft\webalbum\Themes\Aquamarine\1.gif	3,043 bytes	MD5: 0x81A15DB79C4722788B923C74A9DBF2E7 SHA-1: 0xBF863BBE15AA1647AA0222D6803FB29E4A3FAAD1	(not available)
56	%ProgramFiles%\Biromsoft\webalbum\Themes\Aquamarine\2.gif	2,035 bytes	MD5: 0x2D0A864E8E26C4E82C3415542AE8A824 SHA-1: 0x4EDDD2799A7764822004969966BDB83DCA73F25F	(not available)
57	%ProgramFiles%\Biromsoft\webalbum\Themes\Aquamarine\3.gif	3,142 bytes	MD5: 0x13ACCDB50E0E33EDD8DCB8AC6037C606 SHA-1: 0xEE6AFD2D5284DCA6133378E50968E7C085B77796	(not available)
58	%ProgramFiles%\Biromsoft\webalbum\Themes\Aquamarine\4.gif	10,084 bytes	MD5: 0x259B2F18AD9D4D75FD3E1DF9C96FAEBF SHA-1: 0x0A3D34A6596228060031D98FC29DECD57E1F2A90	(not available)
59	%ProgramFiles%\Biromsoft\webalbum\Themes\Aquamarine\bottom.htm	449 bytes	MD5: 0x86ED863E45E7E6E8A5D71DA20FCC4A1B SHA-1: 0x2B705FFE289BD804CA71B6B62819D18D3700EBD3	(not available)
60	%ProgramFiles%\Biromsoft\webalbum\Themes\Aquamarine\Thema.jpg	13,755 bytes	MD5: 0xB5B7A0EA86AA1556725250F485EC8EDD SHA-1: 0x223269AABA3B55CF8C1C0A1D091951FD19E89EB4	(not available)
61	%ProgramFiles%\Biromsoft\webalbum\Themes\Aquamarine\theme.ini	128 bytes	MD5: 0x2440C61D193E88CFFE7C0B48AF080C90 SHA-1: 0x54BAE8CC796E08E8E14F59C03AC5684C6FC62AC9	(not available)
62	%ProgramFiles%\Biromsoft\webalbum\Themes\Aquamarine\top.htm	1,165 bytes	MD5: 0x3A6407C0B0FE684E5516923BC02ED2D9 SHA-1: 0x4497F07C7958B640178746EE04D2F18576905F92	(not available)
63	%ProgramFiles%\Biromsoft\webalbum\Themes\Autumn\bwa1.jpg	15,910 bytes	MD5: 0x35FA8422E785A52F68A43D423F91B4CE SHA-1: 0xE93080904168D69142474CA7298B874371389F2D	(not available)
64	%ProgramFiles%\Biromsoft\webalbum\Themes\Autumn\bwa2.jpg	17,477 bytes	MD5: 0xA087F8AAC8E7B7B0825EE251D966B9E1 SHA-1: 0xD81319910B16A6F0F015CD76EE4756906C7FCD0B	(not available)
65	%ProgramFiles%\Biromsoft\webalbum\Themes\Autumn\bwa3.jpg	23,812 bytes	MD5: 0xE8611E808655365DBA7C168D5853CE77 SHA-1: 0xC99411B746DF70590EC602386F5D703F9E96EA5B	(not available)
66	%ProgramFiles%\Biromsoft\webalbum\Themes\Autumn\bwa4.jpg	15,261 bytes	MD5: 0x796CDE902AE21B74EC452C3EB3F660F4 SHA-1: 0x712AA1DA4347D40D90F3D99635BEC9E324E50665	(not available)
67	%ProgramFiles%\Biromsoft\webalbum\Themes\Autumn\bwab.gif	51 bytes	MD5: 0x201FB1189628D8207621DE10BCA75798 SHA-1: 0x2E1EEBD872A040375BE6562CB222BC3D16BD8428	(not available)
68	%ProgramFiles%\Biromsoft\webalbum\Themes\Autumn\bwalogo.gif	999 bytes	MD5: 0x59801D9147150CE147BD0CF6F6DEC5DD SHA-1: 0x905B7F33FBE6C0F9CCC6453803E2A9A3E79C1741	(not available)
69	%ProgramFiles%\Biromsoft\webalbum\Themes\Autumn\Thema.jpg	16,290 bytes	MD5: 0x9F91F3D67412396F500B401FFEF88F3E SHA-1: 0xF3240449990931EDF138BF7D3FC75B7B306095D5	(not available)
70	%ProgramFiles%\Biromsoft\webalbum\Themes\Autumn\theme.ini	124 bytes	MD5: 0x8B2701E373A12F4977D733D555A41B02 SHA-1: 0x2004D1D25F3FCB9204C058D1C282DDF986627CF5	(not available)
71	%ProgramFiles%\Biromsoft\webalbum\Themes\Autumn\top.htm	1,067 bytes	MD5: 0x11A2F775C0F1987851AD40A5AAB30DCD SHA-1: 0xC365AD175D3463BD2663AB64A54D18DCBDD727B8	(not available)
72	%ProgramFiles%\Biromsoft\webalbum\Themes\Beagle\bottom.htm %ProgramFiles%\Biromsoft\webalbum\Themes\Cala\bottom.htm	519 bytes	MD5: 0x4767749393F8CA6E67130D490314FE89 SHA-1: 0x9F3B25BC551F7749DBD9E7C7DEA33C8E72EC9D3C	(not available)
73	%ProgramFiles%\Biromsoft\webalbum\Themes\Beagle\bwa1.jpg	9,620 bytes	MD5: 0x7B13DA4C4B39BE23D729E0E871E1F78E SHA-1: 0xA2E7A2730D20EEDDB3BE2FDC5E1C66FCE269520F	(not available)
74	%ProgramFiles%\Biromsoft\webalbum\Themes\Beagle\bwa2.jpg	7,358 bytes	MD5: 0x7184997E84B56C6CA95A8B29DFFE4BD0 SHA-1: 0x41DE10E8999589229787B4622BDBFA4DE3BF0726	(not available)
75	%ProgramFiles%\Biromsoft\webalbum\Themes\Beagle\bwa3.jpg	7,083 bytes	MD5: 0x97B85FC60BCABA245D76595634921159 SHA-1: 0x47C1A888F7CFE6E586A2C8962AD761EE2BCCF787	(not available)
76	%ProgramFiles%\Biromsoft\webalbum\Themes\Beagle\bwa4.jpg	8,152 bytes	MD5: 0x2E4A9626367F5E3046C36B430BFCFDC8 SHA-1: 0x077FD8430DD3BC2885082C309703FA0ACC0C7920	(not available)
77	%ProgramFiles%\Biromsoft\webalbum\Themes\Beagle\bwab.gif	45 bytes	MD5: 0x4ED563192C3A6D651035A631DB0C42E8 SHA-1: 0x65719E4553D0C5C4BA8990CC87F3B294097361D7	(not available)
78	%ProgramFiles%\Biromsoft\webalbum\Themes\Beagle\bwalogo.gif	1,108 bytes	MD5: 0x98F608C71DBAA057E8DD572B5B8A5EFE SHA-1: 0x0E4D1AC4EEA1FEF2B8CE81BF778CBF13C9EA80F7	(not available)
79	%ProgramFiles%\Biromsoft\webalbum\Themes\Beagle\Thema.jpg	12,799 bytes	MD5: 0x673336EE9513B90623EC224549FAF8EB SHA-1: 0xB8468A818E50EF653DDE8A43A6B90DCF4CEA1C18	(not available)
80	%ProgramFiles%\Biromsoft\webalbum\Themes\Beagle\theme.ini	124 bytes	MD5: 0x3A54F9018C560B4CB1D210F058CEEB18 SHA-1: 0x0EFEF68577F8DF66C1E569A134B67E6A30D5AFF0	(not available)
81	%ProgramFiles%\Biromsoft\webalbum\Themes\Beagle\top.htm	1,103 bytes	MD5: 0x450DC4CDCC3CCFB7A8C02872C105CC1A SHA-1: 0xF346EC95822966BB1F4463F19F0EB6778B668C16	(not available)
82	%ProgramFiles%\Biromsoft\webalbum\Themes\Birthday\bwa1.jpg	12,489 bytes	MD5: 0xC005109E0900136A3B545A10DF82D2EB SHA-1: 0xBAD2143AAC6BDA94FE0B4DECCB5E4763C067C914	(not available)
83	%ProgramFiles%\Biromsoft\webalbum\Themes\Birthday\bwa2.jpg	9,866 bytes	MD5: 0xCA71D55ADBB96EA366167AB0274A5F97 SHA-1: 0x92AD1E9B431291F576DB1FB72EA4C04D02A075FE	(not available)
84	%ProgramFiles%\Biromsoft\webalbum\Themes\Birthday\bwa3.jpg	14,586 bytes	MD5: 0x2ED017197897D5B89DF87621707A1BDC SHA-1: 0xF5447C94A4929B6E5CC25E02E8B0BEB70DBD7C60	(not available)
85	%ProgramFiles%\Biromsoft\webalbum\Themes\Birthday\bwab.gif	45 bytes	MD5: 0x7577210858788B1D3D6E77324A464D49 SHA-1: 0x271364EBEC8F94281517EAC3B0CA40469B0582B5	(not available)
86	%ProgramFiles%\Biromsoft\webalbum\Themes\Birthday\bwalogo.gif	1,766 bytes	MD5: 0x05FEEF3B0C3D266B703BC7B38967907B SHA-1: 0xBD757F2E7CC77611FFC8953CE2CF7B70BDC786CC	(not available)
87	%ProgramFiles%\Biromsoft\webalbum\Themes\Birthday\Thema.jpg	14,771 bytes	MD5: 0x93E1C4C12E453F95CF5AC508C596708E SHA-1: 0x093D45ED5E0786AB47D6589CB45223AC6E5F1097	(not available)
88	%ProgramFiles%\Biromsoft\webalbum\Themes\Birthday\theme.ini	132 bytes	MD5: 0xEC208A372363792E510BDDAD8C4C5586 SHA-1: 0xB3F1C3CD6D9C77434EBC1B4BDD467A0005EFB2D8	(not available)
89	%ProgramFiles%\Biromsoft\webalbum\Themes\Birthday\top.htm	1,046 bytes	MD5: 0x4D4A81E40AA162DD6B9055B3C428E0C7 SHA-1: 0x28E549125C2397A4EC16BB6EA133EFA5F9747F74	(not available)
90	%ProgramFiles%\Biromsoft\webalbum\Themes\Bmw\1.gif	19,984 bytes	MD5: 0x75427F757A0987D5F21D03B08282058A SHA-1: 0xB0A99695B3CA006A55E5FD208730EB333582EDB0	(not available)
91	%ProgramFiles%\Biromsoft\webalbum\Themes\Bmw\2.gif	2,544 bytes	MD5: 0x3500BD07853B85925234B2DD89A6050B SHA-1: 0x45FBE82EA3353B1E66B804A558CF34A91921ACAF	(not available)
92	%ProgramFiles%\Biromsoft\webalbum\Themes\Bmw\b.gif	43 bytes	MD5: 0x134FA1E976F3D19080CCA23FB0CE646A SHA-1: 0xAB1CD2D48CDE73D492B63CEF14C01CDE1E10C424	(not available)
93	%ProgramFiles%\Biromsoft\webalbum\Themes\Bmw\bottom.htm %ProgramFiles%\Biromsoft\webalbum\Themes\Film\bottom.htm	447 bytes	MD5: 0x8BBF21490B84E8FE68FF646B878641AB SHA-1: 0xAE69794FB2E47A0EB2E29C2CE2B2E018C1E49C5D	(not available)
94	%ProgramFiles%\Biromsoft\webalbum\Themes\Bmw\Thema.jpg	13,469 bytes	MD5: 0x238F451EF7B659266483A3A1E7631BEA SHA-1: 0xDB4F93C29FD98DBC7F5076F80403C17F56E9EC25	(not available)
95	%ProgramFiles%\Biromsoft\webalbum\Themes\Bmw\theme.ini	111 bytes	MD5: 0x0BF4320A366325919B264D9FBF335B81 SHA-1: 0xFBB879A8510EBA7235F51E505206B35B4733C418	(not available)
96	%ProgramFiles%\Biromsoft\webalbum\Themes\Bmw\top.htm	1,041 bytes	MD5: 0x23DB73666717513651FB805922FCC86A SHA-1: 0xEFFF876ADDFDDF18455716873417F7ADBF2FC53D	(not available)
97	%ProgramFiles%\Biromsoft\webalbum\Themes\Cala\bwa1.jpg	14,075 bytes	MD5: 0xFAA9E791814986155A5932C2BF9B9408 SHA-1: 0x87F134862BD4368D0A9E7E871D9151DB8B7E2893	(not available)
98	%ProgramFiles%\Biromsoft\webalbum\Themes\Cala\bwa2.jpg	7,927 bytes	MD5: 0xBF0E530904A5BCC805146BB5ED764A47 SHA-1: 0xE982DDC39EF3D723341053139ED7C985A0B3F920	(not available)
99	%ProgramFiles%\Biromsoft\webalbum\Themes\Cala\bwa3.jpg	23,047 bytes	MD5: 0xEF578EDEB3ACF37D88C5D59887E36C8F SHA-1: 0xA2C97F6905C126A422777AE401A28E9B3210D7AF	(not available)
100	%ProgramFiles%\Biromsoft\webalbum\Themes\Cala\bwa4.jpg	13,656 bytes	MD5: 0xB1B32ADF277B629F24A3C85756AE2293 SHA-1: 0xC76E237AF517A2A3AA52DB93F1EB4B2B983CB8D6	(not available)

Notes:

%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.

The following directories were created:

%CommonPrograms%\Biromsoft WebAlbum
%ProgramFiles%\Biromsoft
%ProgramFiles%\Biromsoft\webalbum
%ProgramFiles%\Biromsoft\webalbum\Themes
%ProgramFiles%\Biromsoft\webalbum\Themes\Aibo
%ProgramFiles%\Biromsoft\webalbum\Themes\Album
%ProgramFiles%\Biromsoft\webalbum\Themes\Aquamarine
%ProgramFiles%\Biromsoft\webalbum\Themes\Autumn
%ProgramFiles%\Biromsoft\webalbum\Themes\Beagle
%ProgramFiles%\Biromsoft\webalbum\Themes\Birthday
%ProgramFiles%\Biromsoft\webalbum\Themes\Bmw
%ProgramFiles%\Biromsoft\webalbum\Themes\Cala
%ProgramFiles%\Biromsoft\webalbum\Themes\Film
%ProgramFiles%\Biromsoft\webalbum\Themes\Forest
%ProgramFiles%\Biromsoft\webalbum\Themes\Lighthouse
%ProgramFiles%\Biromsoft\webalbum\Themes\Love
%ProgramFiles%\Biromsoft\webalbum\Themes\Orange
%ProgramFiles%\Biromsoft\webalbum\Themes\Palm
%ProgramFiles%\Biromsoft\webalbum\Themes\Red
%ProgramFiles%\Biromsoft\webalbum\Themes\Smack
%ProgramFiles%\Biromsoft\webalbum\Themes\Sportcar
%ProgramFiles%\Biromsoft\webalbum\Themes\Train
%ProgramFiles%\Biromsoft\webalbum\Themes\Yellow
%ProgramFiles%\Wondershare
%ProgramFiles%\Wondershare\DiaShow f?r iPod & iPhone

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
9.exe	%Temp%\9.exe	106,496 bytes
10.exe	%Temp%\10.exe	28,672 bytes
11.exe	%Temp%\11.exe	77,824 bytes
12.exe	%Temp%\12.exe	37,345 bytes
13.exe	%Temp%\13.exe	77,824 bytes
14.exe	%Temp%\14.exe	77,824 bytes
15.exe	%Temp%\15.exe	77,824 bytes
2.exe	%Temp%\2.exe	77,824 bytes
3.exe	%Temp%\3.exe	61,440 bytes
4.exe	%Temp%\4.exe	98,304 bytes
6.exe	%Temp%\6.exe	245,248 bytes
1.exe	%Temp%\1.exe	28,672 bytes
7.tmp	%Temp%\is-CUSH5.tmp\7.tmp	770,048 bytes
7.exe	%Temp%\7.exe	106,496 bytes

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Biromsoft WebAlbum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wondershare DiaShow f?r iPod & iPhone - Aktivator_is1

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Biromsoft WebAlbum]

DisplayName = "Biromsoft WebAlbum"
UninstallString = "C:\PROGRA~1\BIROMS~1\webalbum\UNWISE.EXE C:\PROGRA~1\BIROMS~1\webalbum\INSTALL.LOG"
DisplayVersion = "4.0"
Publisher = "Biromsoft"
URLInfoAbout = "http://www.biromsoft.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wondershare DiaShow f?r iPod & iPhone - Aktivator_is1]

Inno Setup: Setup Version = "5.2.3"
Inno Setup: App Path = "%ProgramFiles%\Wondershare\DiaShow f?r iPod & iPhone"
InstallLocation = "%ProgramFiles%\Wondershare\DiaShow f?r iPod & iPhone\"
Inno Setup: Icon Group = "Wondershare DiaShow f?r iPod & iPhone"
Inno Setup: User = "%UserName%"
DisplayName = "Wondershare DiaShow f?r iPod & iPhone 2.0.1.0"
UninstallString = ""%ProgramFiles%\Wondershare\DiaShow f?r iPod & iPhone\unins000.exe""
QuietUninstallString = ""%ProgramFiles%\Wondershare\DiaShow f?r iPod & iPhone\unins000.exe" /SILENT"
NoModify = 0x00000001
NoRepair = 0x00000001
InstallDate = "20120812"

Other details

To mark the presence in the system, the following Mutex object was created:

WBEMPROVIDERSTATICMUTEX

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.