Submission Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile Hash
1 %CommonAppData%\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}\20120425141746.log 126,204 bytes MD5: 0x91EF9860FE764AADBEF387023155EB2F
SHA-1: 0x480AD220C6750F7629076E0D0C95CEC0F00BF0D5
2 %CommonAppData%\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}\20120425141931.log 52,528 bytes MD5: 0x053E74ED0DD11C32B8E69ECF91ED1502
SHA-1: 0xA9D50DD8C83DC93BAC2BE65F439473D45C36F0F6
3 %CommonAppData%\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}\Setup.dat 483,151 bytes MD5: 0x1A6806DE1A45CC30DDCA0AA60FA194BC
SHA-1: 0xBCC1028F143B07A58DFD3DE402B5632934110A47
4 %CommonAppData%\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}\Setup.exe 15,496 bytes MD5: 0x016708DD413139185343CED9FD9C3272
SHA-1: 0x02C0EE22F3B3E7CC139DC2E7F44C70D21162FB32
5 %CommonAppData%\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}\Setup.ico 4,846 bytes MD5: 0xC3926CEF276C0940DADBC8142153CEC9
SHA-1: 0xF8B350D2B7158F5AB147938961439860D77B9CB4
6 %CommonAppData%\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}\TsuDll.dll 255,624 bytes MD5: 0x1723B9B13F5FC3CF7A785F85FA35802B
SHA-1: 0x4B97D952D4BF7C21D3BE5E01D96F4D47E30D54C7
7 %CommonAppData%\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}\_Setup.dll 173,568 bytes MD5: 0xDDC2B3DBAEAEEAF8C227495354897442
SHA-1: 0xD9FA7FDF07EEEBAA65EE1A0781AB0D9A977A57D3
8 %CommonAppData%\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}\_Setupx.dll 23,040 bytes MD5: 0xFAF6319624DEAE130BF3AEA6F92C3421
SHA-1: 0xDC3D95D004460A1CD104C2004CEA90B33AFA6C1D
9 [file and pathname of the sample #1] 290,432 bytes MD5: 0x6D64D787D77C66B50525D1609C283D99
SHA-1: 0x856314200046A68E21246DE37F844105E87EBF4C

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]303,104 bytes
setup.exe%CommonAppData%\installmate\{c1e28b35-42ca-43f0-8b8b-85f6e7255916}\setup.exe24,576 bytes

 

Registry Modifications

 

Other details

Server NameServer PortConnect as UserConnection Password
www.premiumsave.info80www.premiumsave.infowww.premiumsave.info
www.premiumsave.info80(null)(null)

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.