Submission Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.
Creates a startup registry entry.

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %CommonAppData%\Anti-phishing Domain Advisor\guid.dat 38 bytes MD5: 0x58ABA43EDE3DB58B42C9FE64A446FF7C
SHA-1: 0xC3765F3832A43DBF538E112833D9B7DEEF02F3B7
(not available)
2 %CommonAppData%\Anti-phishing Domain Advisor\uninstall.exe 108,184 bytes MD5: 0x015D8BF6A651E6CE335BAA327C5ADE3D
SHA-1: 0x535F4CA48E82A9899192AC1E6A63F85A5542A560
(not available)
3 %CommonAppData%\Anti-phishing Domain Advisor\visicom_antiphishing-tray.exe 200,152 bytes MD5: 0x4863DAE6059676D5E26437254999E6E1
SHA-1: 0x967849254ACC4490EB72FAAEA4E434F6AECEA56D
(not available)
4 %CommonAppData%\Anti-phishing Domain Advisor\visicom_antiphishing.dll 351,400 bytes MD5: 0x2ACAB92228E705A1F4B7C233D6B26D5C
SHA-1: 0xAB5723C0913E128CF9434F5FC67721740ED25462
packed with PE_Patch [Kaspersky Lab]
5 %CommonAppData%\Anti-phishing Domain Advisor\visicom_antiphishing.exe 231,592 bytes MD5: 0xC6C4827D3E175AC654C6FF80B55FB406
SHA-1: 0x83EF7F0AA8C7B178BB0DEBCA2644CC965067315B
(not available)
6 %AppData%\antiphishing-vmn1_0dn\catalog.list 2,197 bytes MD5: 0x1B397E578F0D2ABD6E02ACF903B163D2
SHA-1: 0xB9BD2CDB0049D71D4742D06BED5F024E6D7A3126
(not available)
7 %AppData%\antiphishing-vmn1_0dn\data\110518134233-f.list 3,618,785 bytes MD5: 0x99ED948A807CCFC8F1BE2FD3054C3AB1
SHA-1: 0xA936037B2EA3D41BC226C2D4F43E80CCF5D9A912
(not available)
8 %AppData%\antiphishing-vmn1_0dn\data\temp.zip 972,892 bytes MD5: 0x19835689EF3D58BC0B3F299A2838FC08
SHA-1: 0xF76AA6F1B3498B610BFD2A33CE92AFEE41D4C78A
(not available)
9 [file and pathname of the sample #1] 443,112 bytes MD5: 0x6542A802100DD1A38D899389B50BC94D
SHA-1: 0x107735326E8562007919ED56F203F1F1B1CB22BF
(not available)

 

Registry Modifications

 

Other details

Remote HostPort Number
67.205.74.14480
69.50.130.9680

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.