ThreatExpert Report

Submission Summary:

Submission details:

Submission received: 15 August 2012, 00:49:34
Processing time: 8 min 43 sec
Submitted sample:

File MD5: 0x9292A599B236772F08D07A8119E24982
File SHA-1: 0xD86B8A892333AC00E86042823E24E2672B46E909
Filesize: 6,065,984 bytes

Summary of the findings:

What's been found	Severity Level
Attempts to use BITS (Background Intelligent Transfer Service). Some threats are known to use BITS to evade firewall filtering and download files without firewall inspection.
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.

Technical Details:

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%CommonAppData%\Microsoft\Network\Downloader\qmgr0.dat	4,232 bytes	MD5: 0xBBB64BE3392253BD10F602B3675ED913 SHA-1: 0x764B6C5287A6DD5F845C5E3DB0397138374B0460	(not available)
2	%CommonAppData%\Microsoft\Network\Downloader\qmgr1.dat	5,272 bytes	MD5: 0x6E01C8C3792F5E7BBDDF67E2093566CC SHA-1: 0xAB58DD9657DC14FD487E0BA60AD716133A1DCD05	(not available)
3	%CommonPrograms%\Filehog.com\Startup Repair For Windows\Help.lnk	850 bytes	MD5: 0xD11333176105AA849D06B0544EC4A749 SHA-1: 0xB884856CA8D4DC44AC12EA604215AE1B657B4D18	(not available)
4	%CommonPrograms%\Filehog.com\Startup Repair For Windows\Startup Repair.lnk	899 bytes	MD5: 0xDD8B840D89365ECD860CA0D6C945AD9F SHA-1: 0xF7A5FB5ECE6943F6C33D3C8285142341CC8192BA	(not available)
5	%CommonPrograms%\Filehog.com\Startup Repair For Windows\Uninstall.lnk	874 bytes	MD5: 0x0423369044108644AA47DD3F5276D894 SHA-1: 0x4F8A081FBF3D90426B779F40741B1C501793F431	(not available)
6	%DesktopDir%\FH Startup Repair.lnk	881 bytes	MD5: 0x00A5023301AA27EAB12822570EEB5518 SHA-1: 0x097FA53CAF4B53C3A20506683942F717C8FE36D4	(not available)
7	%Temp%\APN-Stub\Stb71e6296e-3346-48dc-8dae-b7f66f6a01d8.log	1,143 bytes	MD5: 0xDAF6577BD394F324D05F9F993E27A8C9 SHA-1: 0x1981C2C4C639F1AE5AB64191A4ECC973A39851DA	(not available)
8	%ProgramFiles%\Filehog.com\Startup Repair\add.swf	67,320 bytes	MD5: 0xF3D238B85B03AD8D7377D3E2C30BF704 SHA-1: 0x4888CD619526D102983E3BE596925EF2F5B6CE52	(not available)
9	%ProgramFiles%\Filehog.com\Startup Repair\chiefzip.dll	68,608 bytes	MD5: 0x4B81877530B5BC51F711CF0304202D76 SHA-1: 0xBA09160BAE50CD74EBC3581D9C3F8590B8BDAF22	(not available)
10	%ProgramFiles%\Filehog.com\Startup Repair\Help.chm	33,427 bytes	MD5: 0xECBAD7A96293B1A3FDBDB3010CE255ED SHA-1: 0x750CA2C702FB89085110A0F5789810AD8F613E60	(not available)
11	%ProgramFiles%\Filehog.com\Startup Repair\isxdl.dll	50,176 bytes	MD5: 0x02ECC74F7F91E9FFD84DE708683236A6 SHA-1: 0x3532DE0B77DF8B0FC89E9C7EDDEC3FA71F98F5A2	(not available)
12	%ProgramFiles%\Filehog.com\Startup Repair\Main.swf	167,252 bytes	MD5: 0x31451EC1573E130EA2DA5D003BFF5320 SHA-1: 0xFFC4BE5C8BE640E09DE6BE4036FDCD17103747EF	packed with Swf2Swc [Kaspersky Lab]
13	%ProgramFiles%\Filehog.com\Startup Repair\Message.swf	50,835 bytes	MD5: 0x87CB5BB5AD3E669BBD5F3EF8E92FC1CE SHA-1: 0x7F934B8CC41D3238AF0BAE34BBE05130283BF979	packed with Swf2Swc [Kaspersky Lab]
14	%ProgramFiles%\Filehog.com\Startup Repair\Partner.inf	277 bytes	MD5: 0x1A19204201C96213B598C4CDD6189A6A SHA-1: 0xA85D62D6CF0E95C5B12C8C019331EC3788889E51	(not available)
15	%ProgramFiles%\Filehog.com\Startup Repair\StartupRepair.exe	114,688 bytes	MD5: 0x5F294D2AB1BE85717107B172B6115D3D SHA-1: 0x43C8A51137449D0672564AD44F45C2FFFA4055E7	(not available)
16	%ProgramFiles%\Filehog.com\Startup Repair\unins000.dat	21,492 bytes	MD5: 0x17765D97812787B2D07084D5425EF14C SHA-1: 0x7E98307F8FA6715B048856E5C0424B51E4A2580E	(not available)
17	%ProgramFiles%\Filehog.com\Startup Repair\unins000.exe %Windir%\is-DATRG.exe	708,280 bytes	MD5: 0x48EE33B98CF7EEE201CF75C7271FADE7 SHA-1: 0xCFB4FCB27F7A43E4D5671290663EE35BA3EB094D	(not available)
18	%ProgramFiles%\Filehog.com\Startup Repair\unins000.msg %Windir%\is-DATRG.msg	10,498 bytes	MD5: 0x849FA862E15EBAA3738EC3D19695DF0E SHA-1: 0xA526A893150F530F5D41DC3F66CFD95D2F26F088	(not available)
19	%Windir%\is-DATRG.lst	595 bytes	MD5: 0x98777C915F054AF7EC49F5745E7348B9 SHA-1: 0xC12C5F4AF8359E66EDFF318E2DECE16DC5998A55	(not available)
20	%System%\Flash.ocx	2,267,368 bytes	MD5: 0xB01E2A41389FBA42B7B5A026EA88C9B7 SHA-1: 0x925427388F3B93998DD385611C9E3BA1F9D9D857	(not available)
21	%System%\IGUltraGrid20.ocx	1,140,472 bytes	MD5: 0x60FF106A688012E44DD708FD460B5FF6 SHA-1: 0x56AFBB8E78FAD94D56B50238A7E805D124B932F8	(not available)
22	[file and pathname of the sample #1]	6,065,984 bytes	MD5: 0x9292A599B236772F08D07A8119E24982 SHA-1: 0xD86B8A892333AC00E86042823E24E2672B46E909	(not available)
23	%System%\StartupManager.dll	155,648 bytes	MD5: 0xF13B7CF4121F09DD851FE0A690BC5965 SHA-1: 0x3E68C3CDA0F132AD8B5E34C4E8FB43727495C7A4	(not available)
24	%System%\VB6STKIT.DLL	101,888 bytes	MD5: 0xCFF867572B44212B01B711C1FA009537 SHA-1: 0x3978C9F7A3D77C0BDFF4353949E2143757EEBC79	(not available)

Notes:

%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%DesktopDir% is a variable that refers to the file system directory used to physically store file objects on the desktop. A typical path is C:\Documents and Settings\[UserName]\Desktop.
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

The following directories were created:

%CommonAppData%\Microsoft\Network\Downloader
%CommonPrograms%\Filehog.com
%CommonPrograms%\Filehog.com\Startup Repair For Windows
%Temp%\APN-Stub
%ProgramFiles%\Filehog.com
%ProgramFiles%\Filehog.com\Startup Repair

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
[generic host process]	[generic host process filename]	20,480 bytes
[filename of the sample #1]	[file and pathname of the sample #1]	81,920 bytes
is-datrg.exe	%Windir%\is-datrg.exe	770,048 bytes
startuprepair.exe	%ProgramFiles%\filehog.com\startup repair\startuprepair.exe	118,784 bytes
[filename of the sample #1 without extension].tmp	%Temp%\is-P61FQ.tmp\[filename of the sample #1 without extension].tmp	770,048 bytes
APNStub.exe	%Temp%\is-IFHU7.tmp\APNStub.exe	159,744 bytes

Notes:

[generic host process filename] is a full path filename of [generic host process].

The following system service was modified:

Service Name	Display Name	New Status	Service Filename
BITS	Background Intelligent Transfer Service	"Running"	%System%\svchost.exe -k netsvcs

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage\.mfp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Control
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Implemented Categories
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Implemented Categories\{0DE86A54-2BAA-11CF-A229-00AA003D7352}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Implemented Categories\{157083E1-2368-11CF-87B9-00AA006C8166}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Implemented Categories\{40FC6ED9-2438-11CF-A3DB-080036F12502}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\MiscStatus
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\MiscStatus\1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Printable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\ToolboxBitmap32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}\Implemented Categories
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0333CD40-7689-11D3-B31B-0000C0494A96}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0333CD40-7689-11D3-B31B-0000C0494A96}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0333CD40-7689-11D3-B31B-0000C0494A96}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0333CD40-7689-11D3-B31B-0000C0494A96}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{054B7D10-8D45-11D3-949B-00104B9E078A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{054B7D10-8D45-11D3-949B-00104B9E078A}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{054B7D10-8D45-11D3-949B-00104B9E078A}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{054B7D10-8D45-11D3-949B-00104B9E078A}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212510-69EE-11D3-9476-00104B9E078A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212510-69EE-11D3-9476-00104B9E078A}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212510-69EE-11D3-9476-00104B9E078A}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212510-69EE-11D3-9476-00104B9E078A}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212511-69EE-11D3-9476-00104B9E078A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212511-69EE-11D3-9476-00104B9E078A}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212511-69EE-11D3-9476-00104B9E078A}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212511-69EE-11D3-9476-00104B9E078A}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212512-69EE-11D3-9476-00104B9E078A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212512-69EE-11D3-9476-00104B9E078A}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212512-69EE-11D3-9476-00104B9E078A}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212512-69EE-11D3-9476-00104B9E078A}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{075016E0-8BC4-11D3-9499-00104B9E078A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{075016E0-8BC4-11D3-9499-00104B9E078A}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{075016E0-8BC4-11D3-9499-00104B9E078A}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{075016E0-8BC4-11D3-9499-00104B9E078A}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1225B760-775A-11D3-B31B-0000C0494A96}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1225B760-775A-11D3-B31B-0000C0494A96}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1225B760-775A-11D3-B31B-0000C0494A96}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1225B760-775A-11D3-B31B-0000C0494A96}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C60-817A-11D3-948F-00104B9E078A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C60-817A-11D3-948F-00104B9E078A}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C60-817A-11D3-948F-00104B9E078A}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C60-817A-11D3-948F-00104B9E078A}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C62-817A-11D3-948F-00104B9E078A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C62-817A-11D3-948F-00104B9E078A}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C62-817A-11D3-948F-00104B9E078A}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C62-817A-11D3-948F-00104B9E078A}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C64-817A-11D3-948F-00104B9E078A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C64-817A-11D3-948F-00104B9E078A}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C64-817A-11D3-948F-00104B9E078A}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C64-817A-11D3-948F-00104B9E078A}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C66-817A-11D3-948F-00104B9E078A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C66-817A-11D3-948F-00104B9E078A}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C66-817A-11D3-948F-00104B9E078A}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C66-817A-11D3-948F-00104B9E078A}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C68-817A-11D3-948F-00104B9E078A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C68-817A-11D3-948F-00104B9E078A}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C68-817A-11D3-948F-00104B9E078A}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C68-817A-11D3-948F-00104B9E078A}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{210F3180-671E-11D3-8CE0-A6E28F44752B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{210F3180-671E-11D3-8CE0-A6E28F44752B}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{210F3180-671E-11D3-8CE0-A6E28F44752B}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{210F3180-671E-11D3-8CE0-A6E28F44752B}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{28054EE0-774D-11D3-B31B-0000C0494A96}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{28054EE0-774D-11D3-B31B-0000C0494A96}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{28054EE0-774D-11D3-B31B-0000C0494A96}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{28054EE0-774D-11D3-B31B-0000C0494A96}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A748087-0088-4578-B7EB-BB34E5367041}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A748087-0088-4578-B7EB-BB34E5367041}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A748087-0088-4578-B7EB-BB34E5367041}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A748087-0088-4578-B7EB-BB34E5367041}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2BDC93D6-85CD-4663-A164-430DA1778293}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2BDC93D6-85CD-4663-A164-430DA1778293}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2BDC93D6-85CD-4663-A164-430DA1778293}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2BDC93D6-85CD-4663-A164-430DA1778293}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C0D2210-A987-11D3-94B3-00104B9E078A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C0D2210-A987-11D3-94B3-00104B9E078A}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C0D2210-A987-11D3-94B3-00104B9E078A}\ProxyStubClsid32

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\MiscStatus\1]

(Default) = "164241"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\VersionIndependentProgID]

(Default) = "UltraGrid.SSUltraGrid"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\Version]

(Default) = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\ToolboxBitmap32]

(Default) = "%System%\IGUltraGrid20.ocx, 102"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\ProgID]

(Default) = "UltraGrid.SSUltraGrid.2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\MiscStatus]

(Default) = "0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}\InprocServer32]

(Default) = "%System%\IGUltraGrid20.ocx"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3014671-7872-4671-BE73-5D05EB5B2AF5}]

(Default) = "Infragistics UltraGrid Control 2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}\VersionIndependentProgID]

(Default) = "UltraGrid.SSLayout"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}\Version]

(Default) = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}\ProgID]

(Default) = "UltraGrid.SSLayout.2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}\InprocServer32]

(Default) = "%System%\IGUltraGrid20.ocx"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0F5728-DAAF-45A0-B069-DF57E7692D4C}]

(Default) = "Infragistics UltraGrid Layout Object 2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0333CD40-7689-11D3-B31B-0000C0494A96}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0333CD40-7689-11D3-B31B-0000C0494A96}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0333CD40-7689-11D3-B31B-0000C0494A96}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0333CD40-7689-11D3-B31B-0000C0494A96}]

(Default) = "ISSHeader"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{054B7D10-8D45-11D3-949B-00104B9E078A}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{054B7D10-8D45-11D3-949B-00104B9E078A}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{054B7D10-8D45-11D3-949B-00104B9E078A}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{054B7D10-8D45-11D3-949B-00104B9E078A}]

(Default) = "ISSCollectionBaseWithClear2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212510-69EE-11D3-9476-00104B9E078A}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212510-69EE-11D3-9476-00104B9E078A}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212510-69EE-11D3-9476-00104B9E078A}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212510-69EE-11D3-9476-00104B9E078A}]

(Default) = "ISSObjectBase"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212511-69EE-11D3-9476-00104B9E078A}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212511-69EE-11D3-9476-00104B9E078A}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212511-69EE-11D3-9476-00104B9E078A}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212511-69EE-11D3-9476-00104B9E078A}]

(Default) = "ISSRowScrollRegions"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212512-69EE-11D3-9476-00104B9E078A}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212512-69EE-11D3-9476-00104B9E078A}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212512-69EE-11D3-9476-00104B9E078A}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07212512-69EE-11D3-9476-00104B9E078A}]

(Default) = "ISSColScrollRegions"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{075016E0-8BC4-11D3-9499-00104B9E078A}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{075016E0-8BC4-11D3-9499-00104B9E078A}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{075016E0-8BC4-11D3-9499-00104B9E078A}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{075016E0-8BC4-11D3-9499-00104B9E078A}]

(Default) = "ISSGroupCols"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1225B760-775A-11D3-B31B-0000C0494A96}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1225B760-775A-11D3-B31B-0000C0494A96}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1225B760-775A-11D3-B31B-0000C0494A96}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1225B760-775A-11D3-B31B-0000C0494A96}]

(Default) = "ISSPreviewInfo"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C60-817A-11D3-948F-00104B9E078A}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C60-817A-11D3-948F-00104B9E078A}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C60-817A-11D3-948F-00104B9E078A}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C60-817A-11D3-948F-00104B9E078A}]

(Default) = "ISSVisibleRows"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C62-817A-11D3-948F-00104B9E078A}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C62-817A-11D3-948F-00104B9E078A}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C62-817A-11D3-948F-00104B9E078A}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C62-817A-11D3-948F-00104B9E078A}]

(Default) = "ISSSelectedCells"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C64-817A-11D3-948F-00104B9E078A}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C64-817A-11D3-948F-00104B9E078A}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C64-817A-11D3-948F-00104B9E078A}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C64-817A-11D3-948F-00104B9E078A}]

(Default) = "ISSSelectedCols"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C66-817A-11D3-948F-00104B9E078A}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C66-817A-11D3-948F-00104B9E078A}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C66-817A-11D3-948F-00104B9E078A}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C66-817A-11D3-948F-00104B9E078A}]

(Default) = "ISSHeaders"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C68-817A-11D3-948F-00104B9E078A}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C68-817A-11D3-948F-00104B9E078A}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C68-817A-11D3-948F-00104B9E078A}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A131C68-817A-11D3-948F-00104B9E078A}]

(Default) = "ISSSortedCols"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{210F3180-671E-11D3-8CE0-A6E28F44752B}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{210F3180-671E-11D3-8CE0-A6E28F44752B}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{210F3180-671E-11D3-8CE0-A6E28F44752B}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{210F3180-671E-11D3-8CE0-A6E28F44752B}]

(Default) = "ISSColScrollRegion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{28054EE0-774D-11D3-B31B-0000C0494A96}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{28054EE0-774D-11D3-B31B-0000C0494A96}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{28054EE0-774D-11D3-B31B-0000C0494A96}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{28054EE0-774D-11D3-B31B-0000C0494A96}]

(Default) = "ISSPrintInfo"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A748087-0088-4578-B7EB-BB34E5367041}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A748087-0088-4578-B7EB-BB34E5367041}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A748087-0088-4578-B7EB-BB34E5367041}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A748087-0088-4578-B7EB-BB34E5367041}]

(Default) = "ISSLayouts"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2BDC93D6-85CD-4663-A164-430DA1778293}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2BDC93D6-85CD-4663-A164-430DA1778293}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2BDC93D6-85CD-4663-A164-430DA1778293}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2BDC93D6-85CD-4663-A164-430DA1778293}]

(Default) = "ISSAddNewBox"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C0D2210-A987-11D3-94B3-00104B9E078A}\TypeLib]

(Default) = "{5A9433E9-DD7B-4529-91B6-A5E8CA054615}"
Version = "2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C0D2210-A987-11D3-94B3-00104B9E078A}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

The following Registry Values were modified:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\CurVer]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\0\win32]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\HELPDIR]

(Default) =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

C:\WINDOWS\system32\comcat.dll =
C:\WINDOWS\system32\olepro32.dll =
C:\WINDOWS\system32\stdole2.tlb =
C:\WINDOWS\system32\oleaut32.dll =
C:\WINDOWS\system32\asycfilt.dll =
C:\WINDOWS\system32\msvbvm60.dll =

Other details

To mark the presence in the system, the following Mutex objects were created:

{1B655094-FE2A-433c-A877-FF9793445069}
FHStartuprepairforwindows
_SHuassist.mtx

The data identified by the following URL was then requested from the remote web server:

http://apnmedia.ask.com/media/toolbar/stub/1.0.0.0/ApnIC.dll?tb=KSO&version=1.0.0.0

Heuristics Analysis

Heuristically identified capability to use BITS (Background Intelligent Transfer Service) to schedule the following download task:

http://apnmedia.ask.com/media/toolbar/stub/1.0.0.0/apnic.dll?tb=kso&version=1.0.0.0

Downloaded File Summary:

Download details:

Download retrieved: 15 August 2012 00:58:18
Processing time: 7 min 57 sec
Downloaded sample:

File MD5: 0xB9918718C6AF9F92F9E49A01AF35DEB7
File SHA-1: 0xEEAA8E7CBF57449AB12AB62B19A60C7ECE9C975B
Filesize: 248,008 bytes

Summary of the findings:

What's been found	Severity Level
Downloads/requests other files from Internet.

Technical Details:

File System Modifications

The following file was created in the system:

#	Filename(s)	File Size	File Hash
1	[file and pathname of the sample #1]	248,008 bytes	MD5: 0xB9918718C6AF9F92F9E49A01AF35DEB7 SHA-1: 0xEEAA8E7CBF57449AB12AB62B19A60C7ECE9C975B

Memory Modifications

There was a new process created in the system:

Process Name	Process Filename	Main Module Size
[generic host process]	[generic host process filename]	20,480 bytes

Note:

[generic host process filename] is a full path filename of [generic host process].

The following module was loaded into the address space of other process(es):

Module Name	Module Filename	Address Space Details
[filename of the sample #1]	[file and pathname of the sample #1]	Process name: [generic host process] Process filename: [generic host process filename] Address space: 0xB10000 - 0xB50000

Registry Modifications

The following Registry Keys were created:

HKEY_CURRENT_USER\Software\Ask.com.tmp
HKEY_CURRENT_USER\Software\Ask.com.tmp\General
HKEY_CURRENT_USER\Software\Ask.com.tmp\Installer

The newly created Registry Values are:

[HKEY_CURRENT_USER\Software\Ask.com.tmp\Installer]

guid = "2f23eb21-cdda-4f8e-ae2b-2ff2b7ba8b2e"

[HKEY_CURRENT_USER\Software\Ask.com.tmp\General]

apn_dbr = "ie_6.0.2900.2180"
client = "ic"
clientv = "9.9.9.9"
cr = "0"
dbr = "132"
dot = ""
dt = "0"
dtid = ""
fflu = "-2"
fv = ""
guid = "2f23eb21-cdda-4f8e-ae2b-2ff2b7ba8b2e"
harch = "32"
hloc = "en-US"
hos = "5.1.1.sp2.x86"
iedis = "0"
ielu = "-2"
iev = "6.0.2900.2180"
inst = "200"
iv = "6.0.2900.2180"
saguid = "20e1212a-f660-4704-b350-ea3d8f1d9e27"
tb = ""
wft = "remote"

Other details

The following Host Name was requested from a host database:

192.5.5.241

The following Internet Connections were established:

Server Name	Server Port	Connect as User	Connection Password
websearch.ask.com	80	websearch.ask.com	websearch.ask.com
img.apnanalytics.com	80	img.apnanalytics.com	img.apnanalytics.com

The following GET requests were made:

installed?client=ic&tb=&dtid=&id=2f23eb21-cdda-4f8e-ae2b-2ff2b7ba8b2e&ipid=&iev=6.0.2900.2180&iedis=0&ielu=-2&fflu=-2&iv=&nv=&clientv=9.9.9.9&said=20e1212a-f660-4704-b350-ea3d8f1d9e27&browser-lang=en&apn_dbr=ie_6.0.2900.2180&cr=0
images/nocache/apn/tr.gif?ev=eichk&cb=&encb=&chk=mkofno&ts=Al3uz&guid=2f23eb21-cdda-4f8e-ae2b-2ff2b7ba8b2e&dt=0&wft=remote&harch=32&hloc=en-US&iev=6.0.2900.2180&dbr=132&vb=&msi=&inst=200&tb=&hos=5.1.1.sp2.x86&dot=

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.