Submission Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.

 

Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

 

File System Modifications

#Filename(s)File SizeFile Hash
1 %DesktopDir%\Continue SweetIM Installation.lnk 1,883 bytes MD5: 0xCC871025BA6F89B9E7F0B6B66B642258
SHA-1: 0x197EF8CC867E271AC7A64B716E9B52F92F162FB5
2 %Temp%\Shortcut_[filename of the sample #1]
%Temp%\Shortcut_shortcut_[filename of the sample #1]
[file and pathname of the sample #1]
334,128 bytes MD5: 0x831FFBBD4F25531DDE034A6879FFB565
SHA-1: 0x48C026F6B0F6206FE86949230AD3457B91362685

 

Memory Modifications

Process NameProcess FilenameMain Module Size
Shortcut_[filename of the sample #1]%Temp%\shortcut_[filename of the sample #1]831,488 bytes
[filename of the sample #1][file and pathname of the sample #1]831,488 bytes

 

Registry Modifications

 

Other details

 

 

Downloaded File Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.
Creates a startup registry entry.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile Hash
1 %CommonAppData%\SweetIM\Communicator\conf\communicator.xml 428 bytes MD5: 0x6F329973BCEF5075413CC1E7ACB26793
SHA-1: 0xE613C80BF685602FEF8FF96BF1CB3EDEF6CBCBCC
2 %CommonPrograms%\PriceGong\PriceGong Contact Us.lnk 833 bytes MD5: 0x68CC70F1B2C4B8ABA89EC2ACE708EC78
SHA-1: 0xFF91F1591B17DDC3E5F230E15DB47128FEA5B5DE
3 %CommonPrograms%\PriceGong\PriceGong Help.lnk 823 bytes MD5: 0x9ADE33DA7A8FE53D73B8F0B82FE19222
SHA-1: 0x32BDC6F4819F705A2CD570D306682E250A166E6B
4 %CommonPrograms%\PriceGong\PriceGong Homepage.lnk 803 bytes MD5: 0x7EEEE817C8BB10D5ECD59FAF130C9881
SHA-1: 0x5055DD97A3C1B530CFD372A731304B29A25F60E3
5 %CommonPrograms%\PriceGong\Uninstall PriceGong.lnk 1,565 bytes MD5: 0x451FEF3031502114434317291ADCBCB2
SHA-1: 0x2AFEB7750002063884DD3EF765DF0AE970DC5AC4
6 %ProgramFiles%\PriceGong\2.6.4\FF\chrome\content\options.js 969 bytes MD5: 0x26222D91BDD08C53E74EE7991B22AC74
SHA-1: 0x1806C84D356D00B0A1087F2373300E5952E11449
7 %ProgramFiles%\PriceGong\2.6.4\FF\chrome\content\options.xul 1,387 bytes MD5: 0x74D151337F5913536E1FEA56FFBD733B
SHA-1: 0x92E7CEBE88E7CCE1D49044D0E0271B8E25CFD9AE
8 %ProgramFiles%\PriceGong\2.6.4\FF\chrome\content\overlay.js 4,934 bytes MD5: 0xCA21165B6D20FE7695EBCF18CE2326E6
SHA-1: 0xC63594D8E4CD6FE38E3F13DC3C4687A46D60A6CD
9 %ProgramFiles%\PriceGong\2.6.4\FF\chrome\content\PriceGong.png 1,735 bytes MD5: 0x1EDEBF07B9B5B3778AC4522D10867AEA
SHA-1: 0xEF7AA4397C810425AFC9CD3256FD35A4B6B97E1D
10 %ProgramFiles%\PriceGong\2.6.4\FF\chrome\content\pricegong.xul 622 bytes MD5: 0x076E41C37C85AF19562325E02E5D1797
SHA-1: 0x568B959A23B0230B25805A967704B3F2E18BA8DF
11 %ProgramFiles%\PriceGong\2.6.4\FF\chrome\locale\en-US\overlay.dtd 71 bytes MD5: 0xB9AAF766F2DD6846F2D9B9468A130AE7
SHA-1: 0xF9D2BF29574DCE160B1C5C6F203384EE625B8FB4
12 %ProgramFiles%\PriceGong\2.6.4\FF\chrome\locale\en-US\pricegong.dtd 194 bytes MD5: 0x6F0B1DE6824D39622D3EEB6DE0FC6C36
SHA-1: 0x29658F88C4EC69CDE8D0FB668123727E85A15F84
13 %ProgramFiles%\PriceGong\2.6.4\FF\chrome\skin\overlay.css 110 bytes MD5: 0xAEAA4AA895F961412C1BD3C8A0DE55A5
SHA-1: 0x025E58B717252F79D864E793E0412809A66ED130
14 %ProgramFiles%\PriceGong\2.6.4\FF\chrome.manifest 1,055 bytes MD5: 0x2CB764D395723BA17E4FD75A9BE469AF
SHA-1: 0x78407DC7AD8AB8E505A013AB06C3AD80BD9D0775
15 %ProgramFiles%\PriceGong\2.6.4\FF\components\pg_inst.txt 14 bytes MD5: 0x3B50C0A78224A80F216ABB68A98AC97D
SHA-1: 0x9880F54E0AB6CA173768907606F57EC8E66E3DDF
16 %ProgramFiles%\PriceGong\2.6.4\FF\components\PriceGong.xpt 414 bytes MD5: 0x69A0E44277DBC96523E55CD194197A0F
SHA-1: 0x3C91765468834C4EB4CC2591B2638A1BF9675256
17 %ProgramFiles%\PriceGong\2.6.4\FF\components\PriceGongFF.dll 396,160 bytes MD5: 0xD20688D2579B08251ACB06C35D292981
SHA-1: 0x7AAF163A90F53578958A13362D1E9BF3E6A84F02
18 %ProgramFiles%\PriceGong\2.6.4\FF\components\PriceGongFF_100.dll 390,016 bytes MD5: 0x5DB1F0C5B46708DA5EC7FC08C8E783C6
SHA-1: 0x1DC567E1BDF620111CA39419630479BBBD448D3D
19 %ProgramFiles%\PriceGong\2.6.4\FF\components\PriceGongFF_110.dll 390,016 bytes MD5: 0x1ADE002DB6396723B0E221A45FD9A129
SHA-1: 0x62CC6C9DC9CF93855E3DC4EF2388FB92AD243F1E
20 %ProgramFiles%\PriceGong\2.6.4\FF\components\PriceGongFF_50.dll 392,576 bytes MD5: 0xD8616EAFF4840BF469EB33387E57FA46
SHA-1: 0x2A726AB72493C6A7D7F71BD76660236F201AE11F
21 %ProgramFiles%\PriceGong\2.6.4\FF\components\PriceGongFF_60.dll 392,064 bytes MD5: 0xC631BBFA2EE0689073BACDACD0BEB652
SHA-1: 0x308D0C484362FC62AF0041D2B634135F09503C50
22 %ProgramFiles%\PriceGong\2.6.4\FF\components\PriceGongFF_70.dll 391,552 bytes MD5: 0x4E59410B5DE64DC0EDA08F28650FFF13
SHA-1: 0xDDA524BD37AA1B60225F66D58C86E2CCC0A56397
23 %ProgramFiles%\PriceGong\2.6.4\FF\components\PriceGongFF_80.dll 391,552 bytes MD5: 0x33C42DC051B9EEBC2D01BBC76734B521
SHA-1: 0xEB9B3666E29AD728A1F1C21F73EBD60C578B8C01
24 %ProgramFiles%\PriceGong\2.6.4\FF\components\PriceGongFF_90.dll 390,016 bytes MD5: 0x223E4ED4D99C76825A0AB3D699192BAA
SHA-1: 0xEA465122317DD1AF4F08D73CF97FAEEDA21B6AE0
25 %ProgramFiles%\PriceGong\2.6.4\FF\components\PriceGong_10.xpt 414 bytes MD5: 0xD899060F764819A6EFF2E8A2AB26C019
SHA-1: 0x9999F783FAEA557472B3EF55ED4C1B1877539A0F
26 %ProgramFiles%\PriceGong\2.6.4\FF\install.rdf 1,105 bytes MD5: 0xBDE168AB9CAF81E56DE8A3BDBFA548C3
SHA-1: 0xF1C355B98FA568B43561433E03C62A8131F3C2D8
27 %ProgramFiles%\PriceGong\2.6.4\PriceGong.crx 54,238 bytes MD5: 0x650ADAF57DFB8E03234F08F401980B97
SHA-1: 0xCCEABF90DBB62D33FDE35BE8B423FD255B834786
28 %ProgramFiles%\PriceGong\2.6.4\PriceGongIE.dll 413,568 bytes MD5: 0x8297586728E07C12AFD8537DECF9B95D
SHA-1: 0x003478816669F9577CE9BD4B8C3B7EC8E86F3138
29 %ProgramFiles%\PriceGong\uninst.exe 52,162 bytes MD5: 0x1E6F9A840F4376C545624935E528FD62
SHA-1: 0x6CDDAB76AB7D34C1B99FFEC7FFF368262EB6F86E
30 %ProgramFiles%\SweetIM\Communicator\mgcommon.dll 313,136 bytes MD5: 0x19AB1050837E842BF3819C59740E1A1B
SHA-1: 0x111A45CFC3B90E7EFC5F8A29CA7B671527AE3FC0
31 %ProgramFiles%\SweetIM\Communicator\mgcommunication.dll 41,264 bytes MD5: 0x22CD71A2F8C4FBF53E85F7EBA776E82C
SHA-1: 0x843091CC4B11E7DBCA7260148854EF0263B6FD41
32 %ProgramFiles%\SweetIM\Communicator\mgsimcommon.dll 50,480 bytes MD5: 0x07C124D08951119765311D00ECDE63D5
SHA-1: 0x05B88F770FF4CF803620ECF6841DD6F8E4C7F55F
33 %ProgramFiles%\SweetIM\Communicator\mgxml_wrapper.dll 61,232 bytes MD5: 0x4F402C22CC44F84BC4A74B2702F9095E
SHA-1: 0x477C9030A086A0EF33EE020061EECBBFFB711E34
34 %ProgramFiles%\SweetIM\Communicator\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest 1,860 bytes MD5: 0x587DBE91CF548669E8C8EC8F6D56CE47
SHA-1: 0x6FB31347347C7D8BACAE4A4CB6B113C7648A2700
35 %ProgramFiles%\SweetIM\Communicator\Microsoft.VC90.CRT\msvcm90.dll 225,280 bytes MD5: 0xD34A527493F39AF4491B3E909DC697CA
SHA-1: 0xAFEE32FCD9CE160680371357A072F58C5F790D48
36 %ProgramFiles%\SweetIM\Communicator\Microsoft.VC90.CRT\msvcp90.dll 569,680 bytes MD5: 0x4C39358EBDD2FFCD9132A30E1EC31E16
SHA-1: 0x70AC82988285F9F7069FAA9A0612AEBA7FB001C4
37 %ProgramFiles%\SweetIM\Communicator\Microsoft.VC90.CRT\msvcr90.dll 653,136 bytes MD5: 0xCDBE9690CF2B8409FACAD94FAC9479C9
SHA-1: 0x4BCDFE2C1B354645314A4CE26B55B2B1A0212DB9
38 %ProgramFiles%\SweetIM\Communicator\resources\sqlite\mgSqlite3.dll 393,016 bytes MD5: 0x8A4AF3B0695F29186AD02E2FD766FA3B
SHA-1: 0xC8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C
39 %ProgramFiles%\SweetIM\Communicator\SweetPacksUpdateManager.exe 295,728 bytes MD5: 0x45945F39F2F6D08A0FAEC275E68FFC5A
SHA-1: 0x8570D63803C2FC0F944F46C2144009209B573DFF
40 %Windir%\Installer\19f3c.msi 1,417,728 bytes MD5: 0x4BD49B9F5B2996665D249BC4658AA16A
SHA-1: 0x414C76F1BE475F4D7947C4A0A43BCC965B6D8D37
41 %Windir%\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}\ARPPRODUCTICON.exe 1,150 bytes MD5: 0x0A42A905C50E3C492086B377FF5FE750
SHA-1: 0x2CAB3F2ED53916B746FCFF1600A162BEDF851B1E
42 [file and pathname of the sample #1] 1,823,880 bytes MD5: 0x8D4423906BBF4E9031BC18CDA662C5E9
SHA-1: 0x0414BF07595EA03D37C455F49AF2452E4D179D53
43 [file and pathname of the sample #2] 2,626,512 bytes MD5: 0x1A3D1A7349253561EF89D017F6EDD5FC
SHA-1: 0x34C32F59202CC42081B8282C4B67EDB577C13457

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]258,048 bytes
SweetPacksUpdateManager.exe%ProgramFiles%\SweetIM\Communicator\SweetPacksUpdateManager.exe299,008 bytes
[filename of the sample #2][file and pathname of the sample #2]380,928 bytes

Service NameDisplay NameNew StatusService Filename
MSIServerWindows Installer"Running"%System%\msiexec.exe /V

 

Registry Modifications

 

Other details

Remote HostPort Number
www.sweetim.com1038

Server NameServer PortConnect as UserConnection Password
www.sweetim.com80www.sweetim.comwww.sweetim.com

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.