Submission Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile Hash
1 %AppData%\Conduit\CT3084223\TV_Bar_2AutoUpdateHelper.exe
%ProgramFiles%\TV_Bar_2\TV_Bar_2ToolbarHelper.exe
65,832 bytes MD5: 0xDA11D78D765E4B8FA4CFA5A37E8A94FF
SHA-1: 0xE5AD99CE7C7362CA566156033ECB0F04F9437CA7
2 %AppData%\TV_Bar_2\ldrtbTV_B.dll
%ProgramFiles%\TV_Bar_2\ldrtbTV_B.dll
264,488 bytes MD5: 0x66544B26974FBA1616F31F9731759252
SHA-1: 0x0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6
3 %AppData%\TV_Bar_2\tbTV_B.dll
%ProgramFiles%\TV_Bar_2\tbTV_B.dll
4,398,376 bytes MD5: 0x1C1D673FB3EFC0643271226EA42A25D9
SHA-1: 0x8CA209A796CAB152BC9907BCEF283C221AC5F058
4 %AppData%\TV_Bar_2\toolbar.cfg
%ProgramFiles%\TV_Bar_2\toolbar.cfg
20 bytes MD5: 0x5A647F9EB9BD456E1BFBDDB3A1522DFD
SHA-1: 0x678EB1AC21A540C35F5DC4C06253334E124C69FE
5 %Temp%\nsq3.tmp 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
6 %ProgramFiles%\Conduit\Community Alerts\Alert.dll 638,560 bytes MD5: 0x6796F6E449F90A543DC3345538ACC46F
SHA-1: 0x97BCCD25561F44E9B13F05F6EEF083C9CE9BA529
7 %ProgramFiles%\TV_Bar_2\GottenAppsContextMenu.xml 7,044 bytes MD5: 0xCE0449AC66B68DD896965167D460B135
SHA-1: 0xAB7C13818BE707B1599690FB84D4FFDBCAB821DD
8 %ProgramFiles%\TV_Bar_2\OtherAppsContextMenu.xml 5,738 bytes MD5: 0xA9CAA49F5C0DDD88168E857E3670EBDF
SHA-1: 0x8500953B2600EFDB42EFFFC03FB9D7CC03F22CCC
9 %ProgramFiles%\TV_Bar_2\prxtbTV_B.dll 176,936 bytes MD5: 0x4C163BD2A5905D18893EE311608E8C54
SHA-1: 0xA2D929A9864513C0E8ED84AAD622EF6ADCC9B950
10 [pathname with a string SHARE]\SharedAppsContextMenu.xml 6,588 bytes MD5: 0x6816D08A668E0D9A3A79831400177C04
SHA-1: 0xA90B7303F688679A4065879E1E50B0F865D0AB05
11 %ProgramFiles%\TV_Bar_2\ToolbarContextMenu.xml 5,737 bytes MD5: 0x815C07C40CEC4CF53861DA7A7C6EC639
SHA-1: 0xD48FA137FD2D543B555470BDFC46D2D5D637B877
12 %ProgramFiles%\TV_Bar_2\uninstall.exe 97,576 bytes MD5: 0x5CA98C5E81E5EA890CC8D96D81013203
SHA-1: 0x28AA609FEAC1520EEDC7FF84332CD4F4C56585E5
13 [file and pathname of the sample #1] 2,150,944 bytes MD5: 0x761A800116FECFDF5A7FC52B8847F66D
SHA-1: 0xB7DE2C859389050151AE818835AAA1D81B3BB332

 

Memory Modifications

Process NameProcess FilenameMain Module Size
tv_bar_2autoupdatehelper.exe%AppData%\conduit\ct3084223\tv_bar_2autoupdatehelper.exe77,824 bytes
tv_bar_2toolbarhelper.exe%ProgramFiles%\tv_bar_2\tv_bar_2toolbarhelper.exe77,824 bytes
[generic host process][generic host process filename]45,056 bytes
[filename of the sample #1][file and pathname of the sample #1]3,776,512 bytes

 

Registry Modifications

 

Other details

Server NameServer PortConnect as UserConnection Password
tvbar2.toolbar.fm80(null)(null)
usage.toolbar.conduit-services.com80(null)(null)
servicemap.conduit-services.com80(null)(null)
users.conduit.com80(null)(null)
services.conduit.com80(null)(null)

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.