Submission Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile Hash
1 %Temp%\nsd5.tmp
%Temp%\nse4.tmp
%Temp%\nso3.tmp
%Temp%\nswE.tmp
0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
2 %Temp%\nsn2\Helper.dll 1,697,344 bytes MD5: 0xCF8526F711DB2BC90DAD8F1680FC3954
SHA-1: 0xD477FF3D54613EBF23B1D5723D31702A4EBB9337
3 %Temp%\nsn2\nsd5.tmp\lang_pack_en.exe
%Temp%\nsn2\nsd5.tmp\pack.exe
%Temp%\nsn2\nse4.tmp\lang_pack_en.exe
%Temp%\nsn2\nse4.tmp\pack.exe
%Temp%\nsn2\nswE.tmp\pack.exe
125 bytes MD5: 0x7C5F5A68051F6B0C0E9A2AD33C40D415
SHA-1: 0x120865765927A61AF83F02B83DC297EEDE61EC41
4 %Temp%\nsn2\TorchBackground.bmp 460,554 bytes MD5: 0xD47A2F8E57C487F32561D44CCFA49970
SHA-1: 0xBD001B9DE123E1726267B24BF23EB907628F8E0E
5 %Temp%\nsn2\Uninstall.exe 283,312 bytes MD5: 0x1E46D146BA2289578A1E7DF19576E568
SHA-1: 0x814B437EF8D2A707FBA1B1735CC0581C22B07EC9
6 %Temp%\nsn2.tmp\System.dll 11,264 bytes MD5: 0x959EA64598B9A3E494C00E8FA793BE7E
SHA-1: 0x40F284A3B92C2F04B1038DEF79579D4B3D066EE0
7 %ProgramFiles%\BearShare\log.log 2,646 bytes MD5: 0x69D014FCBB54A2033B369D2A24379394
SHA-1: 0xB16A4BCEF56C7438265497E87856B0BF162CDE31
8 [file and pathname of the sample #1] 1,299,368 bytes MD5: 0x5FF0621FE22DED05A7147F0DAFA6D15B
SHA-1: 0xFB1FF5C733FA1E0F3D96BEFE2DF28EEE06FB1F32

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]4,788,224 bytes

 

Other details

Russian Federation

Server NameServer PortConnect as UserConnection Password
download.cdn.bearshare.com80(null)(null)

 

 

Downloaded File Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.

 

Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]184,320 bytes
[filename of the sample #2][file and pathname of the sample #2]5,263,360 bytes

 

Registry Modifications

 

Other details

Server NameServer PortConnect as UserConnection Password
download.cdn.bearshare.com80(null)(null)

 

 

Downloaded Files Summary (Generation #2):

What's been foundSeverity Level
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.

 

Technical Details:

 

File System Modifications

 

Memory Modifications

Process NameProcess FilenameMain Module Size
BearShareMediaBar.exe%Temp%\nsf4\nsg8.tmp\BearShareMediaBar.exe348,160 bytes
ns28.tmp%Temp%\nsf4.tmp\ns28.tmp20,480 bytes
Starter.exe%Temp%\nsf4\Starter.exe1,073,152 bytes
ns9.tmp%Temp%\nsf4.tmp\ns9.tmp20,480 bytes
[filename of the sample #1][file and pathname of the sample #1]4,894,720 bytes
nsC.tmp%Temp%\nsf4.tmp\nsC.tmp20,480 bytes
mediabar.exe%Temp%\nsf4\nsg8.tmp\mediabar.exe184,320 bytes
[filename of the sample #2][file and pathname of the sample #2]184,320 bytes
[generic host process][generic host process filename]45,056 bytes
pack.exe%Temp%\nsf4\nsg8.tmp\pack.exe184,320 bytes
datamngrcoordinator.exe%ProgramFiles%\music toolbar\datamngr\datamngrcoordinator.exe3,203,072 bytes
nsF.tmp%Temp%\nsf4.tmp\nsF.tmp20,480 bytes
ns24.tmp%Temp%\nsf4.tmp\ns24.tmp20,480 bytes
ns15.tmp%Temp%\nsf4.tmp\ns15.tmp20,480 bytes
ns1B.tmp%Temp%\nsf4.tmp\ns1B.tmp20,480 bytes
ns21.tmp%Temp%\nsf4.tmp\ns21.tmp20,480 bytes
Internet Explorer Settings.exe%ProgramFiles%\Music Toolbar\Datamngr\Internet Explorer Settings.exe1,003,520 bytes

Service NameDisplay NameStatusService Filename
DatamngrCoordinatorDatamngr Coordinator"Running"%ProgramFiles%\Music Toolbar\Datamngr\DatamngrCoordinator.exe

 

Registry Modifications

 

Other details

Server NameServer PortConnect as UserConnection Password
service.imeshbe.com80service.imeshbe.comservice.imeshbe.com
www.search.ask.com80(null)(null)

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.