Submission Summary:

What's been foundSeverity Level
Registers a 32-bit in-process server DLL.

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jauxstb.dll 30,224 bytes MD5: 0x22AE719E91B4BFCDF6122D3E2A0F272E
SHA-1: 0x99DF98DFEF4B483889FA88162D20EE46340A5DBE
(not available)
2 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jbar.dll 689,552 bytes MD5: 0xF2B77BA18CB741C0B924D441C0EFEF6D
SHA-1: 0xA2291A55257865E3B311D421CF89EFDC020E517B
not-a-virus:WebToolbar.Win32.MyWebSearch.ri [Kaspersky Lab]
3 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jbarsvc.exe 42,504 bytes MD5: 0x622FCF264119F7DF127BE353F796B319
SHA-1: 0x56CF4F2AC44C6ADD5CDCD419BA4B99D22DC7A0E3
(not available)
4 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jbrmon.exe 30,096 bytes MD5: 0x35D6CAAA9E4D82974A74DBDB53801F98
SHA-1: 0x0F78FE90AF015B0A511EDE007BD1791A341E891E
(not available)
5 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jbrstub.dll 34,192 bytes MD5: 0xD3EFE03300CAF0FA2215206280D31220
SHA-1: 0x12FF3195BDACA5482034AAC3C3E132D5ADA421A9
(not available)
6 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jdatact.dll 99,840 bytes MD5: 0x70A6B86CB0A6A3F7B35421EC7B9F5B7F
SHA-1: 0xBAEFCB03679575349E01668C4F0938643BAAA022
(not available)
7 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jdlghk.dll 50,704 bytes MD5: 0xCFC3FF05478E454681E6F1CB2AA8396F
SHA-1: 0xEE6ACFDFC1E0B2327DD18F4AD6E8C64B3E91E20E
(not available)
8 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jdyn.dll 54,672 bytes MD5: 0x8D721A2BC356A862AC8B2349BBEB614C
SHA-1: 0x8090E240F528004402B29C11E5072BED79D95384
(not available)
9 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jfeedmg.dll 91,648 bytes MD5: 0xF18D8BCB38DFD1409CF19F3EBD3DE3EA
SHA-1: 0x2CA2EA6CF1AD1FE87C25D4AB6B1C7729E48C6390
(not available)
10 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jhighin.exe 22,048 bytes MD5: 0x635F5E4B01597D0BAF2422245C8FF541
SHA-1: 0x9788294F2B8AB28DBAE4C73BB61A6B1200BDD89D
(not available)
11 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jhkstub.dll 34,344 bytes MD5: 0x78867EE7A6ECFCF5F37FB2F46493DB1F
SHA-1: 0x5ADFF50C2A1B6C3C673134819343E7FA2E7D72D2
(not available)
12 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jhtml.dll 95,736 bytes MD5: 0x977731FD992E5190DE741D6D1631F251
SHA-1: 0x91434EB0C345139654B34C6D76531FA3B5F0DC00
(not available)
13 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jhtmlmu.dll 161,272 bytes MD5: 0x568C1F7D72E5EEDDC97B05FB3E786CCF
SHA-1: 0x53F3044159FFCF82C746898941DBE3DC2AC9A24C
(not available)
14 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jhttpct.dll 83,456 bytes MD5: 0x6DF45CD8B40014F94F1A949FB96D3284
SHA-1: 0x978867B422339E68971E56C49C66F14F2ACD745D
(not available)
15 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jidle.dll 34,192 bytes MD5: 0x121FE87B463651D75C9BFF704883C978
SHA-1: 0xDC971C75FFCE77CC952FB6660A2603E09D62D4D9
(not available)
16 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jieovr.dll 42,384 bytes MD5: 0xB315203E6D9995156946194516CF5332
SHA-1: 0x92AC05FFF3AD68271062A3DCB87E12EE6B816DDB
(not available)
17 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jimpipe.exe 24,695 bytes MD5: 0x9495E4A0E2241259D6DC0C5C7DD8648E
SHA-1: 0x5AE09DF85A30864BBE5F3E6D782358C8F95CDB95
(not available)
18 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jmedint.exe 22,048 bytes MD5: 0x04826C949A4DE20B5A95AD88363EA3C6
SHA-1: 0x556C4FCA5D890F17B7B5040A601B42452A205E29
(not available)
19 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jmlbtn.dll 46,480 bytes MD5: 0x896943B4B92B7E3F406844674F629076
SHA-1: 0x3EB4A6A25199E6339EC04F36189C71738DE63CE7
(not available)
20 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jmsg.dll 161,288 bytes MD5: 0x92AAD41D2E12E797AF52D4BCD75CBED7
SHA-1: 0xDFD07B722E317D1CDDAAB7D5B31BFAB57CC5E739
(not available)
21 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jPlugin.dll 62,864 bytes MD5: 0xC2D3D2DE66B7ED064FF6B96AA9599215
SHA-1: 0x58B593186C002382ADB9B3DDB26B1BF82334D6F5
(not available)
22 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jradio.dll 124,304 bytes MD5: 0x4876E787ED8D945838235F8CFE079D05
SHA-1: 0x77C8DC985373B1E5D9035ECB3A831C7DD1ABFD55
(not available)
23 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jregfft.dll 42,512 bytes MD5: 0x5DE55F0F8967FDB31EE5B259A5ABA975
SHA-1: 0xC5F26031D5E0C487BFF0D60AA44603135BF60395
(not available)
24 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jreghk.dll 42,528 bytes MD5: 0xD81C2100DB96422794BED6F3C3957BCE
SHA-1: 0xD3675555EF2FD6E5D4D9646D3261FEA127B53BE8
(not available)
25 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jregiet.dll 42,512 bytes MD5: 0xA4C73C71941826DB74AF6598336EDA99
SHA-1: 0x65D604A070334183E5034CDEEC5838E46D705794
(not available)
26 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jscript.dll 46,480 bytes MD5: 0x2C0327BAA4C4E39BC839FCAEB7156DD2
SHA-1: 0x72E48F7F37E208A52AD975EAECAB29FC50223C27
(not available)
27 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jskin.dll 128,512 bytes MD5: 0x00FBBB2B564DD1F2F54ED0810A08B8D9
SHA-1: 0x857980A7B7AB77FF8E34A090CCD76B8BA628E7E4
(not available)
28 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jskplay.exe 30,216 bytes MD5: 0xE7E6659416CE35444FE1E91D95F780CE
SHA-1: 0xF5946D49A70A64072739370E7BAD592FE4799EA1
(not available)
29 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jSrcAs.dll 62,864 bytes MD5: 0x57DD8AED0E235B1BB1E588199883C84B
SHA-1: 0xC4B330EF102BF596943503B0E8C5D39A5B3DCFE2
(not available)
30 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jSrchMn.exe 38,440 bytes MD5: 0xC04E676CDA28972D41B85256A8D10483
SHA-1: 0x05E1921CA1AD596504766F060380A086FFD9B605
(not available)
31 %ProgramFiles%\RadioRage_4j\bar\1.bin\4jtpinst.dll 165,408 bytes MD5: 0xAA2931D735D7F0A58BE82F8C71A39AED
SHA-1: 0xE401834E35441DF1CC412899E414AE3B2B8DE716
(not available)
32 %ProgramFiles%\RadioRage_4j\bar\1.bin\4juabtn.dll 42,384 bytes MD5: 0x6335D76EB910F4AE1FC616B208C7C300
SHA-1: 0x110033F4A78DCA521E8BA73F75747E4E3B6AE545
(not available)
33 %ProgramFiles%\RadioRage_4j\bar\1.bin\chrome\4jffxtbr.jar 27,204 bytes MD5: 0x824A45854F8E18D278B6D3C1BCA5CB20
SHA-1: 0xA82ECB7828C053B52200927B2A25CE263CC35CCF
(not available)
34 %ProgramFiles%\RadioRage_4j\bar\1.bin\CHROME.MANIFEST 265 bytes MD5: 0x2BE49ED2896F48F8D01D66B8E9F74A5E
SHA-1: 0x5EB9BC4A2CB9C54E7210D27AD45D959065A8A199
(not available)
35 %ProgramFiles%\RadioRage_4j\bar\1.bin\INSTALL.RDF 937 bytes MD5: 0xE92C1FDEBB704BC828A0F33BB1D7165B
SHA-1: 0xB659E130F0DC8FE42B9A5A646272AECDD541B595
(not available)
36 %ProgramFiles%\RadioRage_4j\bar\1.bin\LOGO.BMP 10,054 bytes MD5: 0x09010DA31D8E6E61145E54A65EAEF744
SHA-1: 0xDFAC06EFDCB83F9121753D463ADA8972359717D3
(not available)
37 %ProgramFiles%\RadioRage_4j\bar\1.bin\NP4jStub.dll 30,648 bytes MD5: 0x42597CA035CDC3DF188DC6324FAD66EE
SHA-1: 0x98CDE529EDAC3B75B321CDFF88F90D02E36A2ABE
(not available)
38 %ProgramFiles%\RadioRage_4j\bar\1.bin\T8RES.DLL 165,816 bytes MD5: 0x6519C8A8C71BFB784BF090ED4D7BF9C1
SHA-1: 0x6A43ECC3205D8AEED28A23AB02604E7F5BA42C1E
(not available)
39 %ProgramFiles%\RadioRage_4j\bar\IE9Mesg\COMMON.T8S 447,767 bytes MD5: 0x9C94F79AF783DEB988B9145A43931E1C
SHA-1: 0x408D82996EEBA1D71A0679855EB825835282FBA5
(not available)
40 %ProgramFiles%\RadioRage_4j\bar\Message\COMMON.T8S 18,793 bytes MD5: 0xD902CE2848028A42BECA3F5D466724A7
SHA-1: 0x43082A609A33168AC5321FFD611F40C031C8F949
(not available)
41 %ProgramFiles%\RadioRage_4j\bar\Settings\s_pid.dat 4 bytes MD5: 0x780FE501EADAD92D711A8122D096172C
SHA-1: 0x1D14175F50694B20B5532350A0944FD6A95DA9ED
(not available)
42 [file and pathname of the sample #1] 1,390,520 bytes MD5: 0x87440ED48135F167BF92A4997CD54609
SHA-1: 0x6DC191605C97CB7DB4C761E3BB3546F6C69FFCFA
(not available)

 

Memory Modifications

Process NameProcess FilenameMain Module Size
4jbrmon.exeC:\PROGRA~1\RADIOR~1\bar\1.bin\4jbrmon.exe24,576 bytes

Process NameProcess FilenameAllocated Size
4jbrmon.exe%ProgramFiles%\radiorage_4j\bar\1.bin\4jbrmon.exe167,936 bytes
4jbrmon.exe%ProgramFiles%\radiorage_4j\bar\1.bin\4jbrmon.exe167,936 bytes
4jimpipe.exe%ProgramFiles%\radiorage_4j\bar\1.bin\4jimpipe.exe167,936 bytes
4jimpipe.exe%ProgramFiles%\radiorage_4j\bar\1.bin\4jimpipe.exe167,936 bytes

Service NameDisplay NameStatusService Filename
RadioRage_4jServiceRadioRageService"Stopped"C:\PROGRA~1\RADIOR~1\bar\1.bin\4jbarsvc.exe

 

Registry Modifications

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.