| Visit ThreatExpert web site | | | Close Report |
| What's been found | Severity Level |
| Downloads/requests other files from Internet. |  |
| Creates a startup registry entry. |  |
| Registers a 32-bit in-process server DLL. | |
| Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module). | |
| Contains characteristics of an identified security risk. |  |
 | Possible Security Risk |
| Security Risk | Description |
Adware.Adsponsor |
Adsponsor is a Browser Helper Object which was installed by other malware. It contacts remote servers and display pop up advertisements. Adsponsor is a potential unwanted software. |
| Threat Category | Description |
 |
A potentially unwanted adware program designed to deliver various advertisements to the users' systems |
 | File System Modifications |
| # | Filename(s) | File Size | File Hash | Alias |
| 1 | %Programs%\Internet Speed Monitor\Check Now.lnk | 622 bytes | MD5: 0xAAC4D0CFDF01857B1165B99FF73F9EF3 SHA-1: 0x58B8EAD555441074ECA5E3106ED1DBEDBC7773C5 |
(not available) |
| 2 | %Programs%\Internet Speed Monitor\Uninstall.lnk | 658 bytes | MD5: 0x7BBD30A0914636B84550287B0B793302 SHA-1: 0x4FC12AC754E6E013F4AE8E5D7A0682D2D0AC6390 |
(not available) |
| 3 |
%ProgramFiles%\ISM\ism.exe
|
233,472 bytes | MD5: 0x060F7412C8D89D54D615140800310D5B SHA-1: 0x09275ECBFC1813E97312A45DC671A587CA9C96B8 |
Adware-ISM [McAfee] |
| 4 |
%ProgramFiles%\ISM\Uninstall.exe
|
32,761 bytes | MD5: 0xEE9BBE13F05406D23493C0464B00321D SHA-1: 0xFC05B22E3A924FCF9C4068A58AC5624039F50291 |
(not available) |
| 5 |
%ProgramFiles%\QdrDrive\QdrDrive9.dll
|
192,512 bytes | MD5: 0x3A20567F1BF12F7BA9AB2315A899F3AE SHA-1: 0x83CAED68B513F7361B0E3F0C8C0D7D338BAF9AB1 |
Adware-ISM [McAfee] |
| 6 |
%ProgramFiles%\QdrDrive\qdrloader.exe
|
31,744 bytes | MD5: 0x9E16AD106973B94A41EB8AAF5E274213 SHA-1: 0xB5A561D6B1FB40EE3C765EB7054679DF40D1018B |
Adware.Adsponsor [PCTools] |
| 7 |
%ProgramFiles%\QdrModule\QdrModule11.exe
|
397,312 bytes | MD5: 0xB1C15C8BADB2479A00BAC8C6D9F65A39 SHA-1: 0x2A45B0D12CCBC990AE29F30AC270824589DD5702 |
(not available) |
| 8 | [file and pathname of the sample #1] | 286,288 bytes | MD5: 0x69943768B6F8052F2B54390CB19EF18D SHA-1: 0x7FD71EB98DD1434D35A1B13E77BAFA9DCEBF530E |
(not available) |
 | Memory Modifications |
| Process Name | Process Filename | Main Module Size |
| QdrModule11.exe | %ProgramFiles%\qdrmodule\qdrmodule11.exe | 413,696 bytes |
| [filename of the sample #1] | [file and pathname of the sample #1] | 184,320 bytes |
| Module Name | Module Filename | Address Space Details |
| QdrDrive9.dll | %ProgramFiles%\QdrDrive\QdrDrive9.dll | Process name: IEXPLORE.EXE Process filename: %ProgramFiles%\internet explorer\iexplore.exe Address space: 0xF70000 - 0xFA1000 |
 | Registry Modifications |
 | Other details |
 |
Russian Federation |
All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.
The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2010 ThreatExpert. All rights reserved.