Submission Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).

 

Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %AppData%\GetRightToGo\[filename of the sample #1 without extension].data 1,255 bytes MD5: 0xACB214242E1135413F9749AA1BDF668F
SHA-1: 0x3B88803A77B81758093E7B06A55A2C2020E145BF
(not available)
2 %AppData%\GetRightToGo\[filename of the sample #1 without extension].data0 873 bytes MD5: 0x7CDEC6126CF6F72667767BC4162CAF7C
SHA-1: 0x55216804240DB132701F28978070AF8174024A28
(not available)
3 %AppData%\GetRightToGo\[filename of the sample #1 without extension].htm 635 bytes MD5: 0x33F09577707D079A40F706A18E126D92
SHA-1: 0x0CEF1F55B72A84E584A51E79A6787EA78D74A603
(not available)
4 %AppData%\BrotherSoft_Extreme\tbBrot.dll
%AppData%\ConduitEngine\ConduitEngine.dll
%Temp%\GLF14.tmp.ConduitEngine.dll
%Temp%\GLF26.tmp.tbBrot.dll
%Temp%\GLF2D.tmp.tbBrot.dll
%Temp%\GLF3A.tmp.ConduitEngine.dll
%Temp%\GLFD.tmp.tbBrot.dll
%ProgramFiles%\BrotherSoft_Extreme\tbBrot.dll
%ProgramFiles%\ConduitEngine\ConduitEngine.dll
4,215,080 bytes MD5: 0x69E0A670A2C0D82E849B488FDD9DD7B1
SHA-1: 0xADA73AFCA1A2B703B4ABF863EB2B1C6ABB03B689
(not available)
5 %AppData%\BrotherSoft_Extreme\toolbar.cfg
%ProgramFiles%\BrotherSoft_Extreme\toolbar.cfg
31 bytes MD5: 0x51DA7F76E329A9EECD2988874AAC6E28
SHA-1: 0x12A3CA14300FEC7D86146ABF957A7E8CD905DAA2
(not available)
6 %AppData%\Conduit\CT2776682\BrotherSoft_ExtremeAutoUpdateHelper.exe
%ProgramFiles%\BrotherSoft_Extreme\BrotherSoft_ExtremeToolbarHelper.exe
%ProgramFiles%\ConduitEngine\ConduitEngineHelper.exe
38,496 bytes MD5: 0xA320DF2B47CFCAF98D06EB59CD72084C
SHA-1: 0xED0A3155E7256B1EE3DAEA9B5251A4A3141592DC
(not available)
7 %AppData%\ConduitEngine\EngineSettings.json
%ProgramFiles%\ConduitEngine\EngineSettings.json
2,999 bytes MD5: 0x09BE516C4F7713E594A437E852293C92
SHA-1: 0x7187E49DF00C790F692ACB022A298969D2148DFB
(not available)
8 %AppData%\ConduitEngine\toolbar.cfg
%ProgramFiles%\ConduitEngine\toolbar.cfg
25 bytes MD5: 0x7BBB07039B2B2CC073E44F50FAFDAF11
SHA-1: 0x72EFF70D121CD84307401973BD33114AF0246C67
(not available)
9 %Temp%\BrotherSoft_Extreme.exe 2,743,120 bytes MD5: 0x4B5EE0A0DFCB54168B8F74676FC45460
SHA-1: 0x2990F123D661004FAC5D2F89DE61CAB6E5959F35
packed with WiseSFXDropper [Kaspersky Lab]
10 %Temp%\GLB15.tmp 71,680 bytes MD5: 0x8CFAEA76FB3D02D753CA46148A792949
SHA-1: 0xFBA23621EC559C2DC539ABCC3100ABE1DC1BE277
(not available)
11 %Temp%\GLB18.tmp 71,680 bytes MD5: 0xF654FAC2E46987230F38ED1819A9B885
SHA-1: 0x1A197311706940D9714002A580D63F233ACAB822
(not available)
12 %Temp%\GLC17.tmp
%Temp%\GLC1A.tmp
165,376 bytes MD5: 0x8C97D8BB1470C6498E47B12C5A03CE39
SHA-1: 0x15D233B22F1C3D756DCA29BCC0021E6FB0B8CDF7
(not available)
13 %Temp%\GLF22.tmp 10,752 bytes MD5: 0x3B2E23D259394C701050486E642D14FA
SHA-1: 0x4E9661C4BA84400146B80B905F46A0F7EF4D62EB
(not available)
14 %Temp%\GLF26.tmp
%MyDocuments%\Downloads\mp4_player_4_0.exe
0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
(not available)
15 %Temp%\GLF2D.tmp.ConduitEngineSetup.exe
%Temp%\GLFD.tmp.ConduitEngineSetup.exe
158,048 bytes MD5: 0x8DF6E3853F4A6A5BFDA19F8DF3094902
SHA-1: 0xD81F96C881043511F502FE523FC4D36B0E8703D5
packed with WiseSFXDropper [Kaspersky Lab]
16 %Temp%\GLG21.tmp 173 bytes MD5: 0xE4D5CB6D291A3B86FE637B07AE4B5B3E
SHA-1: 0x7665256F3778349F3F806D57B1EBB26917814289
(not available)
17 %Temp%\GLK1D.tmp 34,304 bytes MD5: 0x517419CAE37F6C78C80F9B7D0FBB8661
SHA-1: 0xA9E419F3D9EF589522556E0920C84FE37A548873
(not available)
18 %Temp%\GLM1C.tmp 12,800 bytes MD5: 0x484CB68472473A1A84FF07996BB8C1F6
SHA-1: 0xBCE9D810F2558E73854E7C8E05F122B002558E9A
(not available)
19 %Temp%\prxGLF26.tmp.tbBrot.dll
%Temp%\prxGLF2D.tmp.tbBrot.dll
%Temp%\prxGLFD.tmp.tbBrot.dll
%ProgramFiles%\BrotherSoft_Extreme\prxtbBrot.dll
%ProgramFiles%\ConduitEngine\prxConduitEngine.dll
175,912 bytes MD5: 0xB92293778555CE3DABE7F0A7E98B34C0
SHA-1: 0x685D65CCD52FD9D90C402CF9026344267E8B6FD9
(not available)
20 %MyDocuments%\Downloads\Integrated_BrotherSoft_TB.exe 4,813,312 bytes MD5: 0x0441333F8D45B94C9BC086D72EF12B99
SHA-1: 0x894D413CCB58223FF6C99C01ECF6524F886738F5
packed with WiseSFXDropper [Kaspersky Lab]
21 %ProgramFiles%\BrotherSoft_Extreme\GottenAppsContextMenu.xml 7,044 bytes MD5: 0xCE0449AC66B68DD896965167D460B135
SHA-1: 0xAB7C13818BE707B1599690FB84D4FFDBCAB821DD
(not available)
22 %ProgramFiles%\BrotherSoft_Extreme\OtherAppsContextMenu.xml 5,738 bytes MD5: 0xA9CAA49F5C0DDD88168E857E3670EBDF
SHA-1: 0x8500953B2600EFDB42EFFFC03FB9D7CC03F22CCC
(not available)
23 [pathname with a string SHARE]\SharedAppsContextMenu.xml 6,588 bytes MD5: 0x6816D08A668E0D9A3A79831400177C04
SHA-1: 0xA90B7303F688679A4065879E1E50B0F865D0AB05
(not available)
24 %ProgramFiles%\BrotherSoft_Extreme\ToolbarContextMenu.xml 5,737 bytes MD5: 0x815C07C40CEC4CF53861DA7A7C6EC639
SHA-1: 0xD48FA137FD2D543B555470BDFC46D2D5D637B877
(not available)
25 %ProgramFiles%\BrotherSoft_Extreme\uninstall.exe 93,792 bytes MD5: 0xB7754D6963C1AE4FA66F60605618FD7A
SHA-1: 0x0ED4C25E4292E37E4177C5C6AAAA36F481414315
(not available)
26 %ProgramFiles%\Conduit\Community Alerts\Alert.dll 634,976 bytes MD5: 0x775D1655DCEF4AA65EBF89E744E511A0
SHA-1: 0x664270A860DDB3D6F23F617D0615070330A71A30
(not available)
27 %ProgramFiles%\ConduitEngine\appContextMenu.xml 6,560 bytes MD5: 0x68451D444D8AF7483B9A5A6A244B9540
SHA-1: 0xAA4B354AB24C483A9C8A951611F8EFB87C7F98A6
(not available)
28 %ProgramFiles%\ConduitEngine\ConduitEngineUninstall.exe 23,648 bytes MD5: 0xDF465BE110DC0F7E5329D1B8065A405F
SHA-1: 0x4CBEA1ADF328E3DAF17DE451C4DEDB9FF17DEA43
(not available)
29 %ProgramFiles%\ConduitEngine\engineContextMenu.xml 4,013 bytes MD5: 0x2185FA6EB24E54A78F1913C33B5408BC
SHA-1: 0xCAD066F69CB76BD4CB2BA79D2DED45F8DC299688
(not available)
30 %ProgramFiles%\ConduitEngine\INSTALL.LOG 605 bytes MD5: 0x215F2C5F749A78AD6748A98F1CE51EC7
SHA-1: 0xD35CF8FD71BFBD9EC640867482A1DBBAE8CC7D45
(not available)

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]1,101,824 bytes
GLB15.tmp%Temp%\glb15.tmp28,672 bytes
GLB18.tmp%Temp%\glb18.tmp28,672 bytes
BROTHE~1.EXE%Temp%\brothersoft_extreme.exe2,752,512 bytes
GLB27.tmp%Temp%\glb27.tmp28,672 bytes
GLF2DT~1.EXE%Temp%\glf2d.tmp.conduitenginesetup.exe167,936 bytes
GLB2E.tmp%Temp%\glb2e.tmp28,672 bytes

 

Registry Modifications

 

Other details

PortProtocolProcess
1050UDP[file and pathname of the sample #1]

Remote HostPort Number
174.132.118.4280
204.0.5.4380
204.0.5.5680
208.93.142.8080
216.137.43.16280
74.125.227.480

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.