Submission Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile Hash
1 %Temp%\aminsis.txt 63 bytes MD5: 0x5185B987439DE0884DCF8A83492873F6
SHA-1: 0x30C038B9A8CB898E5BF642D95E8DAE036F3888F0
2 %Temp%\nsa2.tmp\aminsis.dll 828,928 bytes MD5: 0xA2A6344E977675CA18E0C4B91A11F2AA
SHA-1: 0x6D6D3A4F3BCE1C3FD9373E3B9EC1287A16BFA300
3 c:\extensions.ini 75 bytes MD5: 0x8BF89B529B1B90756DC83FDC72066ADE
SHA-1: 0x6343074DFA7730F593E940DCA72D7B9E7583C869
4 c:\extensions.sqlite
%ProgramFiles%\BetterSurf\BetterSurfPlus\ff\chrome\content\utils\chback.js
0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
5 %ProgramFiles%\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx 29,288 bytes MD5: 0x292B0EDD37AC27192EF8E720242CFCCF
SHA-1: 0x63856AE12ADC7E92E46AB3B1BB9E5E9E0FAA6152
6 %ProgramFiles%\BetterSurf\BetterSurfPlus\ff\chrome\content\better-surf.js 537 bytes MD5: 0xFE68FA373857C215BBA217A4030C5CC0
SHA-1: 0x3274A9C1902310A0A1AFE709EBD39F92B12D8290
7 %ProgramFiles%\BetterSurf\BetterSurfPlus\ff\chrome\content\firefox1.js 704 bytes MD5: 0x219F49364B8795CDBA2BD194568FF34B
SHA-1: 0xB74E9C42898168B17C7B803B076796457B631AF1
8 %ProgramFiles%\BetterSurf\BetterSurfPlus\ff\chrome\content\icons\default\star1_32.png 537 bytes MD5: 0x12B84CEFE609C543687893514F321DDE
SHA-1: 0x484A6AEB3A3F4D0E7DD459A8AF770DBAE30B85B6
9 %ProgramFiles%\BetterSurf\BetterSurfPlus\ff\chrome\content\icons\Thumbs.db 36,352 bytes MD5: 0xC0C9DFDB30633083855E656945723C31
SHA-1: 0x4262E1FBE1FD019B1E4751CD66FC9AAFD8AEE7C6
10 %ProgramFiles%\BetterSurf\BetterSurfPlus\ff\chrome\content\overlay.xul 319 bytes MD5: 0x2E0B2B54828631FC792892511407976F
SHA-1: 0x037A2FE073913969FB97EDEE4E6537F8898DB419
11 %ProgramFiles%\BetterSurf\BetterSurfPlus\ff\chrome\content\utils\amiextension.js 32,850 bytes MD5: 0x8B647BD943D32BE27DD2E3702443B313
SHA-1: 0x0A85D9A0C418F864AB1DA97B9234DB1B2541DB3E
12 %ProgramFiles%\BetterSurf\BetterSurfPlus\ff\chrome\content\utils\amihelper.js 2,154 bytes MD5: 0xA37224DF30BEF0CE0D9D418E74FE5C39
SHA-1: 0x1FB72B6E507BAFD9E455DB7CBD03BBFE935C774B
13 %ProgramFiles%\BetterSurf\BetterSurfPlus\ff\chrome\content\utils\amilocal.js 130 bytes MD5: 0x6462AC7DFABA81AB6241FFB196E9156E
SHA-1: 0xBD1D8C1FE864E95D331ACC7A069E9B8B2173E97B
14 %ProgramFiles%\BetterSurf\BetterSurfPlus\ff\chrome\content\utils\chaddon.js 771 bytes MD5: 0x04523FFABE8AF5D1336A962F538F0C39
SHA-1: 0xC5B0FE21F75738ECC971375C91D65CA5EB75058C
15 %ProgramFiles%\BetterSurf\BetterSurfPlus\ff\chrome\content\utils\ffaddon.js 499 bytes MD5: 0x4F94047E01101751754683E1C515363F
SHA-1: 0x9A063DB9FD58C7235EBD974E9036CB9059329092
16 %ProgramFiles%\BetterSurf\BetterSurfPlus\ff\chrome\content\utils\hostutils.js 18,688 bytes MD5: 0x56096DC13A5AF33547D3DC2D3529FBE0
SHA-1: 0xEAC4CAEA2C6510331A16DDCFC218216BBB9C9608
17 %ProgramFiles%\BetterSurf\BetterSurfPlus\ff\chrome\content\utils\ieaddon.js 252 bytes MD5: 0x8DABEFE2B5FCD330DD3180B6726EED39
SHA-1: 0xABACB1238DA9AA573653639F692E30A7EA09B5C4
18 %ProgramFiles%\BetterSurf\BetterSurfPlus\ff\chrome.manifest 127 bytes MD5: 0x5071EF28E13A601C044EF56C024B4A0F
SHA-1: 0xD2D0906BBF5FA10280EB82BA670AD53E4FFD8E34
19 %ProgramFiles%\BetterSurf\BetterSurfPlus\ff\install.rdf 784 bytes MD5: 0x04F4473224C7FD2B13FD0C789DCA1032
SHA-1: 0xB399F443B60CCA0AEAF78140939CDC0F04183111
20 %ProgramFiles%\BetterSurf\BetterSurfPlus\ie\BetterSrf.dll 86,528 bytes MD5: 0x2B42F3C661E2C9E1AE76733B083E4B49
SHA-1: 0x509D7B3F7E70AD382DDA2955EDE9E770171721B7
21 %ProgramFiles%\BetterSurf\BetterSurfPlus\uninstall.exe 441,592 bytes MD5: 0x860CAC9BB7960DCD57B5627248945812
SHA-1: 0x2125AF894D228981DA844A174C61D313688B139E
22 [file and pathname of the sample #1] 965,280 bytes MD5: 0x7A6C483A4A41F550FA2E17050C416DC5
SHA-1: 0xF1BF51E0B860C740DC72E86410216D9C25DBDA5E

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]241,664 bytes
[generic host process][generic host process filename]20,480 bytes

 

Registry Modifications

 

Other details

Server NameServer PortConnect as UserConnection Password
www.jsutils.net80(null)(null)

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.