ThreatExpert Report: Trojan.Win32.Agent.ayed, Generic.dx, Trojan.Win32.Agent..

Visit ThreatExpert web site

Close Report

Submission Summary:

Submission details:

Submission received: 1 November 2009, 16:15:50
Processing time: 7 min 16 sec
Submitted sample:

File MD5: 0x9410CB191FBF4B66019EB3B282C45163
File SHA-1: 0x60CA8013612F4DBD3591A342386198DEA9D70A72
Filesize: 1,021,632 bytes
Alias:

Trojan.Win32.Agent.ayed [Kaspersky Lab]
Generic.dx [McAfee]
Trojan.Win32.Agent [Ikarus]
Win-Trojan/Agent.78479 [AhnLab]

Summary of the findings:

What's been found	Severity Level
Registers a 32-bit in-process server DLL.
Contains characteristics of an identified security risk.

Technical Details:

Possible Security Risk

Attention! Characteristics of the following security risk was identified in the system:

Security Risk	Description
Trojan.Agent!sd6	Trojan.Agent!sd6 is a malicious program that does not infect other files but may represents security risk for your computer and/or network environment.

Attention! The following threat category was identified:

Threat Category	Description
	A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%AppData%\Microsoft\Installer\{E2B64929-B616-4235-B10E-D26D686296F9}\Icon8FD64119.exe	55,808 bytes	MD5: 0x514454067377EE557DFCCF3BAD99F15E SHA-1: 0x1F0538FFF94D2E5F679760F9E4788F29FCFF095B	(not available)
2	%AppData%\Microsoft\Installer\{E2B64929-B616-4235-B10E-D26D686296F9}\Icon8FD641192.chm	49,152 bytes	MD5: 0x88A968F13EF8F2F9E8F01D066BC5EC4F SHA-1: 0xC84368595B194049D430152CAF326FBFFC1736CD	(not available)
3	%AppData%\Microsoft\Installer\{E2B64929-B616-4235-B10E-D26D686296F9}\Icon8FD641193.url	106,496 bytes	MD5: 0x19EEF3DEBAC9C2EC6720E6110A4762EC SHA-1: 0xCECAB3E7948C4AAEC74B79D69E97EB502108E10A	(not available)
4	%AppData%\Microsoft\Installer\{E2B64929-B616-4235-B10E-D26D686296F9}\Icon8FD641194.exe	14,336 bytes	MD5: 0x2B6142C4D6B464F81E23710DFE4BB8DE SHA-1: 0xECD0F59503F84ED84AF76FD44B5C14A7BFC76105	(not available)
5	%AppData%\Microsoft\Installer\{E2B64929-B616-4235-B10E-D26D686296F9}\IconD233FA33.chm	3,584 bytes	MD5: 0x06F1872462FBA06615F683CDA1487B4F SHA-1: 0xC781B444C1879BBDF8ED4A3DAEFEA55A8959A2F9	(not available)
6	%AppData%\Microsoft\Installer\{E2B64929-B616-4235-B10E-D26D686296F9}\IconD233FA331.exe	14,336 bytes	MD5: 0x9B27053620DC808B3208672441FE80E6 SHA-1: 0xE0A8F88F40ECD8AACE7A7979C3D354FD9A5AB549	(not available)
7	%AppData%\Microsoft\Installer\{E2B64929-B616-4235-B10E-D26D686296F9}\IconE1E241C7.chm	28,672 bytes	MD5: 0x6191E58B00EF4DD859DE905CDE3FFC87 SHA-1: 0xDB9D3C538FD1D59EAFBA91E157D6B16DD09042A8	(not available)
8	%Temp%\1c9c3.msi %Windir%\Downloaded Installations\Gibinsoft Installations\fileutil.msi	1,486,848 bytes	MD5: 0x4F08BC2B6E1A7A9D84102FCEB714CEE8 SHA-1: 0x2271297FB56A287FA3F0D61B8C0E0C9DCBC80384	(not available)
9	%Temp%\MSI41e52.LOG	390 bytes	MD5: 0x7B8167EFFA8271B09BF80499CB81EE95 SHA-1: 0xF587E81C39CF392CC9217528A8CE6FB9E3EF50B4	(not available)
10	%Programs%\GiPo@Utilities\GiPo@FileUtilities\DirMonitor.lnk	2,016 bytes	MD5: 0x84188CAB54A6DA01B7AA80DDFFCB4C54 SHA-1: 0x28C08C4F03B0D1A12967CDA2999D2063680FDE85	(not available)
11	%Programs%\GiPo@Utilities\GiPo@FileUtilities\FileUtilities Configuration.lnk	2,012 bytes	MD5: 0x6276B100D8DD97FAE84A0ED03C811FD3 SHA-1: 0xFE8E8706DF7D6EDCC3F29FAF37C3CA760D05E93C	(not available)
12	%Programs%\GiPo@Utilities\GiPo@FileUtilities\HardLink.lnk	2,018 bytes	MD5: 0x6B1CF8B6A3213EA6976B59D7670AC082 SHA-1: 0x1E902CC29A72A63E40B48C7005B3EEB5A477B3B5	(not available)
13	%Programs%\GiPo@Utilities\GiPo@FileUtilities\Help\Deutsch\DirMonitor.lnk	2,012 bytes	MD5: 0x96774DEA1E9F24E00955B92A36DBC07B SHA-1: 0x8416628FCFD5D1A9C18F2B7660798E2162E5E5F4	(not available)
14	%Programs%\GiPo@Utilities\GiPo@FileUtilities\Help\Deutsch\HardLink.lnk	2,010 bytes	MD5: 0xA98F187F70568110A5DAC27E62C5CF07 SHA-1: 0x1DBEBB79C3D1B62F4F643B10DC6762D50A62B48E	(not available)
15	%Programs%\GiPo@Utilities\GiPo@FileUtilities\Help\Deutsch\Mount.lnk	2,012 bytes	MD5: 0x8B8DECA6DFA0336D78AC7D97C4516F91 SHA-1: 0x9B65E2F1B6FA48B49FBA8A12AAD89BBCB47C7953	(not available)
16	%Programs%\GiPo@Utilities\GiPo@FileUtilities\Help\Deutsch\MoveOnBoot.lnk	2,012 bytes	MD5: 0xEAB0C770AD64124594935FDFD5DDA55C SHA-1: 0xBFB2CC9B504925FB6496D8737054823DCF66A330	(not available)
17	%Programs%\GiPo@Utilities\GiPo@FileUtilities\Help\Deutsch\ReadTest.lnk	2,012 bytes	MD5: 0xBDED9F5E7302492F4774D7B7D86560C0 SHA-1: 0x81357E5BB11B0D04D79039D090C1C3BEC2575070	(not available)
18	%Programs%\GiPo@Utilities\GiPo@FileUtilities\Help\English\DirMonitor.lnk	2,012 bytes	MD5: 0x4B1C457BC91D66D2BFB4577AF06C09F2 SHA-1: 0x21C9DFE0FE410DB6648B6747E6BCDA5C768E8BBC	(not available)
19	%Programs%\GiPo@Utilities\GiPo@FileUtilities\Help\English\HardLink.lnk	2,010 bytes	MD5: 0xA8340A7CA61E96CA9579461BD57F93C3 SHA-1: 0x251B4188E197990E9AA2B8162A754F1168214E18	(not available)
20	%Programs%\GiPo@Utilities\GiPo@FileUtilities\Help\English\Mount.lnk	2,012 bytes	MD5: 0x0D10BEF95942EC2458D7A39E23CED0C1 SHA-1: 0xB25DA4EF8C7178406CE7CAB22520A968D14A7C4C	(not available)
21	%Programs%\GiPo@Utilities\GiPo@FileUtilities\Help\English\MoveOnBoot.lnk	2,012 bytes	MD5: 0x4E99D05AEC54A4EF2F057C639CFC5BCA SHA-1: 0xA1105F63027A01EC9E52342EB60ABD079A41ECBC	(not available)
22	%Programs%\GiPo@Utilities\GiPo@FileUtilities\Help\English\ReadTest.lnk	2,012 bytes	MD5: 0xC6F261DA4227A218E80430F39FD59761 SHA-1: 0xE45708A80E720805823BA5E823683919FD17772D	(not available)
23	%Programs%\GiPo@Utilities\GiPo@FileUtilities\Help\French\DirMonitor.lnk	2,010 bytes	MD5: 0xDD290E1A43D3E98890015F6FAE42E6D9 SHA-1: 0x8465AD1506560F6B8AE730E580A847AAD4153D39	(not available)
24	%Programs%\GiPo@Utilities\GiPo@FileUtilities\Help\French\HardLink.lnk	2,010 bytes	MD5: 0x576C8DBBF80BBAB731278C30B188B90C SHA-1: 0x34E2804018487CB8EA3D1834349518DD036A1160	(not available)
25	%Programs%\GiPo@Utilities\GiPo@FileUtilities\Help\French\Mount.lnk	2,010 bytes	MD5: 0x45E1E525FEAB138EF142C4A43D66DF3B SHA-1: 0x412D9A9DE5315E6F0F02B00EA15F21606492202D	(not available)
26	%Programs%\GiPo@Utilities\GiPo@FileUtilities\Help\French\MoveOnBoot.lnk	2,010 bytes	MD5: 0x2B6FF5565C4F95BF67E0D1BBB651D456 SHA-1: 0x9C1FE6D921DD9F028F0FA4576E5A841384C8DCB3	(not available)
27	%Programs%\GiPo@Utilities\GiPo@FileUtilities\Help\French\ReadTest.lnk	2,010 bytes	MD5: 0x9BF388BFACDA4C4888DF169D081D1444 SHA-1: 0x86ACDD8976233D81ED9A29E2073720A430C4BA55	(not available)
28	%Programs%\GiPo@Utilities\GiPo@FileUtilities\Home Page.lnk	2,012 bytes	MD5: 0xB67751EEE708D50594F4FA861E8FF62D SHA-1: 0xB7DFC2A6F577B4AE8719DF7C603FCC9C496EE44F	(not available)
29	%Programs%\GiPo@Utilities\GiPo@FileUtilities\Mount.lnk	2,016 bytes	MD5: 0xFF1501D438A38066609D3A0BD1E8CE72 SHA-1: 0x532091C165FA34AD331EBC121024A2070D05CA52	(not available)
30	%Programs%\GiPo@Utilities\GiPo@FileUtilities\MoveOnBoot - Task Manager.lnk	2,026 bytes	MD5: 0x47213879116BC9909F6C3D3492FCEB0D SHA-1: 0x017D9C4207C13E28ACA3665A5C77E9AE27A89F6C	(not available)
31	%Programs%\GiPo@Utilities\GiPo@FileUtilities\MoveOnBoot.lnk	2,026 bytes	MD5: 0x7F002DAF710E66CFC22234342EF8E8DA SHA-1: 0x5558F3391D46785A01B01E23653C91EA2D50C593	(not available)
32	%Programs%\GiPo@Utilities\GiPo@FileUtilities\On-Line Support.lnk	2,012 bytes	MD5: 0x39C031D1BFB9F7AF08BF7CFC6D7F7929 SHA-1: 0x24C61E678F6F2161A76C8618F4C5DF78F9444F33	(not available)
33	%Programs%\GiPo@Utilities\GiPo@FileUtilities\ReadTest.lnk	2,016 bytes	MD5: 0x0F78A5872A5078C562B9577F8FF0A63F SHA-1: 0xA743C82B100355E818235AD9A6E0B461F94AD863	(not available)
34	[pathname with a string SHARE]\gu_shell.dll	88,576 bytes	MD5: 0x13C4001AEA9DF03A65A9B1D43424C306 SHA-1: 0xCAF9D290626AF1DEDA39EC8CED27971A4A296FAA	(not available)
35	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\dmon.chm	13,749 bytes	MD5: 0xCCFAFC93B2F16D53699249C691AD485B SHA-1: 0x3A3DC8B2D529BA54A089391EB8ED64B71BE13BD8	(not available)
36	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\dmon.exe	367,104 bytes	MD5: 0x269DC951566067A1C8620B2E8954A64F SHA-1: 0x1FAD16FCC6E7E748BEACC255C5F9E28EFBDD575B	(not available)
37	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\dmonDE.chm	13,715 bytes	MD5: 0x168DD4447A2CF6A9CB9D0141D743FBEA SHA-1: 0xC7BC4BEC71F296C13F4DABC28CD9B84503A41CB7	(not available)
38	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\dmonDE.rll	163,328 bytes	MD5: 0x06CC521A72C000C2D2F6D169854EF46D SHA-1: 0x3E3F3A7026F64CEAFC9350356A587AAC0F4E40A4	(not available)
39	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\dmonFR.chm	14,127 bytes	MD5: 0x54630364C03505F7DBB612D4BC735214 SHA-1: 0x873D12E10E92708BE707DA8B92B3ECFC1428C9B0	(not available)
40	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\dmonFR.rll	163,840 bytes	MD5: 0xFF5C434EA19DF4B15D132D63C6975537 SHA-1: 0xF154D11E576EC5A02A3B2FDC5D3FA1F93680AAEF	(not available)
41	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\fugen.dll	176,640 bytes	MD5: 0x3AC9EC6E44D4DF4492B423206728E2AB SHA-1: 0xC20EDFE81EF55C633B60626D41DFC237D4E139AC	(not available)
42	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\fugenDE.rll	86,528 bytes	MD5: 0xE4641AED3C09CFC1EDF69E4E8E53D875 SHA-1: 0x958D5B40EC0E843EE92A0AA0FC714E909D2E3667	(not available)
43	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\fugenFR.rll	86,528 bytes	MD5: 0x7D0F55166B4A96CC534551EEEC34D3A8 SHA-1: 0xED2F11CB0B8724FF47DFD282508A3416C2A1A709	(not available)
44	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\fumgr.exe	160,768 bytes	MD5: 0x407E881AA245652810FBF09BE310DB55 SHA-1: 0x4E459A5DA18A80130DB47AD2718CB364669C85FF	(not available)
45	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\fumgrDE.rll	68,096 bytes	MD5: 0x6907C7EA6A7A7B5E23A1EA33556178BC SHA-1: 0x9A4441985170ED8AAF0994E89A2EAE9469CCF960	(not available)
46	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\fumgrFR.rll	68,096 bytes	MD5: 0xA5F8322C5B3BE7025D3B7507D653B3E2 SHA-1: 0x2E28BE769F46B1049DDFC6521024C3365C824BCD	(not available)
47	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\fush.dll	195,072 bytes	MD5: 0xAD7532F3D5EDBFA5922A893218B9A3D3 SHA-1: 0xDDD0546421DCF0CDCECE06E6CDF3A36CA43B8E43	(not available)
48	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\fushDE.rll	27,136 bytes	MD5: 0x279A28AFDF0C04B6A8F6C08BF94E8437 SHA-1: 0xBE34C4218D85F4A89A46CDB8D91C1D87D687CC83	(not available)
49	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\fushFR.rll	29,184 bytes	MD5: 0xD5C1C39F5D0CF458D8433957474309FF SHA-1: 0xCCD0C57CC3408E10337C100EFE3A4FC2C0B13EB5	(not available)
50	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\gsubst.exe	13,059 bytes	MD5: 0x7CCA49A608062D85AD86703F5CE6AA4B SHA-1: 0xD3F8F917D4C874DCB172D6E3CDD409147801F66C	(not available)
51	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\hlink.chm	13,549 bytes	MD5: 0xE1553BB9878C6261DDDC9A30ABD42264 SHA-1: 0xA809B49702D061B472AEDA45E2799601D453ACD8	(not available)
52	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\hlink.exe	331,776 bytes	MD5: 0x788C1E45B9363669067E768952F33E2B SHA-1: 0x631C5944ED067B53D163D028054F71F3C9EB90E0	(not available)
53	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\hlinkDE.chm	13,539 bytes	MD5: 0x6471A3EC39D824F54301C93546E1448C SHA-1: 0x97F001A2593065DEBE7600CDECF6F3DD37F1A19D	(not available)
54	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\hlinkDE.rll	175,104 bytes	MD5: 0x5C5CFF442FB8A9B02178A839BE037EE4 SHA-1: 0xB93AAF2264D9646F9563221348DDBA24B26C9A6C	(not available)
55	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\hlinkFR.chm	13,799 bytes	MD5: 0x66E8D1BB91AF1C71F05C7B1E79959DB1 SHA-1: 0x04137DCC4FFC53DD1B26B443DBED2B061DF04E30	(not available)
56	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\hlinkFR.rll	175,104 bytes	MD5: 0x51F0511D7192AB5BB19EF6EE3D013D59 SHA-1: 0x0855AB810C24DE9D1F5C604D2948EBF7F1163B80	(not available)
57	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\Home Page.url	70 bytes	MD5: 0x5A5A6CF80788A1B1AE986ED5CD2EEC69 SHA-1: 0x3F0D16B5D3C1B35CE90CC87E8A13E11725554F3F	(not available)
58	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\lanmgr.ini	111 bytes	MD5: 0x05FAA2A04485599D682056C8AC00F3D9 SHA-1: 0x061ABB36D92DE49A1569A00CF7A795114F811A9F	(not available)
59	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\Licence.txt %ProgramFiles%\GiPo@Utilities\FileUtilities.3\License.txt	722 bytes	MD5: 0xD7EFFB3038DFECF23FE29FC90FB13D95 SHA-1: 0x4B8A1281D661F6BDBB5845C894860457310E3771	(not available)
60	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\Lizenz.txt	634 bytes	MD5: 0x149C9A0ED9093F7FF6B4A5B113865715 SHA-1: 0xC38B8210EE2572887AF0136B01B2A97F06D82411	(not available)
61	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\mboot.chm	13,701 bytes	MD5: 0x59FD67A1EBE7ED71479F48C4E36A06D8 SHA-1: 0xFF7DF6288B0733DAE068C9DAC18A731AE58A42F3	(not available)
62	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\mboot.exe	419,328 bytes	MD5: 0x94B0DEBFD4CDDFF39108A9DA8DACEF5A SHA-1: 0x3F3BA8BF20CB809789F7E25C5D0B3043C9F3CC9F	(not available)
63	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\mbootDE.chm	13,693 bytes	MD5: 0x7AE32F378C82361E9B453180F1628E74 SHA-1: 0x2EA55FD471B3207A283DFEBCB0519F8F0A7EB62D	(not available)
64	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\mbootDE.rll	252,928 bytes	MD5: 0xDAC46225DFDB327D1262DB249A44FDA2 SHA-1: 0xD7CD7802A3891B18FF98402ECFAE32238927564A	(not available)
65	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\mbootFR.chm	14,005 bytes	MD5: 0x28EC8C8B278055FF3E3D9737C51772DC SHA-1: 0x5E28BD41330CBF8AF9A9B9B87288389A18810FCE	(not available)
66	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\mbootFR.rll	256,000 bytes	MD5: 0x5AD501BD13B69C50DEFC0604999229B5 SHA-1: 0x2ABE4C672004A891D2585EFE65DE239C6A1B4CBB	(not available)
67	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\mount.chm	13,619 bytes	MD5: 0x19CC6A5913F5B46E8E17CAD2A079B657 SHA-1: 0xCD52B52379DE13317970108BA61573DB56CC03C1	(not available)
68	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\mount.exe	374,272 bytes	MD5: 0x25B83731D6FBBE1F69A3E3ED13CDAC3F SHA-1: 0xBBAE41DBFCF199EFBB15A8C22289FAF509E71659	(not available)
69	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\mountDE.chm	13,685 bytes	MD5: 0x0A0E6782DB1270CAEFBFBB54810EA9D8 SHA-1: 0xB46E9B4D6349C53522C2D3EB78FEAAFE0815F7ED	(not available)
70	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\mountDE.rll	160,256 bytes	MD5: 0xB62F4A5E1DB40D99167919ED7CA2E354 SHA-1: 0xE5088A28AA2BC8D7817FE696F2A3E1B9DC79B50D	(not available)
71	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\mountFR.chm	13,901 bytes	MD5: 0x04D4ADE10CB069EA37C5BBEC2ABE3F7A SHA-1: 0x497163E4561143AD80345C3FE84D7F7234830D90	(not available)
72	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\mountFR.rll	160,768 bytes	MD5: 0x58947B6792AFE9CD0AB9144329887DAD SHA-1: 0x534C46DDC4B17C8756A992F4772E76EC7917E365	(not available)
73	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\On-Line Support.url	78 bytes	MD5: 0x7FBB725A7D3C4E3782F3DE30D99AD1B8 SHA-1: 0x04630E96C6F1988F786A0DE1C6C073280FF7887A	(not available)
74	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\rtest.chm	13,749 bytes	MD5: 0xB28732186261BC2C61856D629BC03720 SHA-1: 0x363815D720CB88C5792A2A28DC36DE00D99A6348	(not available)
75	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\rtest.exe	408,064 bytes	MD5: 0x726FE1F15DE91361193FB953549DE682 SHA-1: 0x246FB9891BF188A58F6AF3D47698C04AA6D3D015	(not available)
76	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\rtestDE.chm	13,791 bytes	MD5: 0xB715EF0996B19E3F50F6EE30848771EB SHA-1: 0x1165737C7F9983FC47CB256B290D60C059DFD113	(not available)
77	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\rtestDE.rll	221,184 bytes	MD5: 0xBC034A7035C3D1DB13815AF656A12268 SHA-1: 0x9C23FB9C0B8FC30B2961F9D86830AA64D9D6707E	(not available)
78	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\rtestFR.chm	14,103 bytes	MD5: 0x711737A1B0E9881099F736D639BD67F1 SHA-1: 0x99C139FFB1D39564CB90F3F6767FFA444300E08F	(not available)
79	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\rtestFR.rll	211,968 bytes	MD5: 0xF255F9ED5901AEBA304A9BDD602350E3 SHA-1: 0x051B0A017306D4235D8A162D38F8202DB4517D5E	(not available)
80	%ProgramFiles%\GiPo@Utilities\FileUtilities.3\unicows.dll	246,424 bytes	MD5: 0x006401678CFBCCBCB97E405E2F83D2FA SHA-1: 0x0976DB1B5B9AA69E77FA25C35C8189E3EF851FFC	(not available)
81	%Windir%\Installer\41117.msi	658,432 bytes	MD5: 0x7AA1588FE76FCCD71840D41D968D11B5 SHA-1: 0x4371A66F0E059D879E61942EEC77B0BF54F4468A	(not available)
82	[file and pathname of the sample #1]	1,021,632 bytes	MD5: 0x9410CB191FBF4B66019EB3B282C45163 SHA-1: 0x60CA8013612F4DBD3591A342386198DEA9D70A72	Trojan.Win32.Agent.ayed [Kaspersky Lab] Generic.dx [McAfee] Trojan.Win32.Agent [Ikarus] Win-Trojan/Agent.78479 [AhnLab]

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
%Programs% is a variable that refers to the file system directory that contains the user's program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.

The following directories were created:

%AppData%\Microsoft\Installer\{E2B64929-B616-4235-B10E-D26D686296F9}
%Programs%\GiPo@Utilities
[pathname with a string SHARE]\Gibinsoft Shared
%ProgramFiles%\GiPo@Utilities
%Programs%\GiPo@Utilities\GiPo@FileUtilities
%Programs%\GiPo@Utilities\GiPo@FileUtilities\Help
%Programs%\GiPo@Utilities\GiPo@FileUtilities\Help\Deutsch
%Programs%\GiPo@Utilities\GiPo@FileUtilities\Help\English
%Programs%\GiPo@Utilities\GiPo@FileUtilities\Help\French
%ProgramFiles%\GiPo@Utilities\FileUtilities.3
%Windir%\Downloaded Installations
%Windir%\Downloaded Installations\Gibinsoft Installations

Memory Modifications

The following system service was modified:

Service Name	Display Name	New Status	Service Filename
MSIServer	Windows Installer	"Running"	%System%\msiexec.exe /V

Notes:

%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\FileUtilities_MainContextMenu Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\GiPoPPShellEx Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shellex\ContextMenuHandlers\Launcher_ContextMenu Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A023EED-C32A-4A68-A149-D15CBF824617}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A023EED-C32A-4A68-A149-D15CBF824617}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A023EED-C32A-4A68-A149-D15CBF824617}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A023EED-C32A-4A68-A149-D15CBF824617}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A023EED-C32A-4A68-A149-D15CBF824617}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB773C31-BB7F-491D-8266-E85B2068FA96}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB773C31-BB7F-491D-8266-E85B2068FA96}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB773C31-BB7F-491D-8266-E85B2068FA96}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB773C31-BB7F-491D-8266-E85B2068FA96}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB773C31-BB7F-491D-8266-E85B2068FA96}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6701C93-823F-4BBC-B1D2-BFA74C54E415}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6701C93-823F-4BBC-B1D2-BFA74C54E415}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D102A418-047F-40A7-95CE-943ED29BB412}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D102A418-047F-40A7-95CE-943ED29BB412}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D102A418-047F-40A7-95CE-943ED29BB412}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D102A418-047F-40A7-95CE-943ED29BB412}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D102A418-047F-40A7-95CE-943ED29BB412}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D102A418-047F-40A7-95CE-943ED29BB412}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shellex\ContextMenuHandlers\Launcher_ContextMenu Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile\shellex\ContextMenuHandlers\Launcher_ContextMenu Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\FileUtilities_MainContextMenu Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\PropertySheetHandlers\GiPoPPShellEx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\HardLinkShlExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\FileUtilities_MainContextMenu Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\PropertySheetHandlers\GiPoPPShellEx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\HardLinkShlExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Launcher_ContextMenu Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\FileUtilities_MainContextMenu Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\HardLinkShlExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\PropertySheetHandlers\GiPoPPShellEx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{817DE71C-03C2-4392-ABDF-F2EDC60BB83D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{817DE71C-03C2-4392-ABDF-F2EDC60BB83D}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{817DE71C-03C2-4392-ABDF-F2EDC60BB83D}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{817DE71C-03C2-4392-ABDF-F2EDC60BB83D}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{817DE71C-03C2-4392-ABDF-F2EDC60BB83D}\1.0\FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{817DE71C-03C2-4392-ABDF-F2EDC60BB83D}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AC50E040-738F-4580-B4CA-63E0ED30EA70}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AC50E040-738F-4580-B4CA-63E0ED30EA70}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AC50E040-738F-4580-B4CA-63E0ED30EA70}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AC50E040-738F-4580-B4CA-63E0ED30EA70}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AC50E040-738F-4580-B4CA-63E0ED30EA70}\1.0\FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AC50E040-738F-4580-B4CA-63E0ED30EA70}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Class'
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Class'\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Class'\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DropMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fush.FileUtilities_MainContextMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fush.FileUtilities_MainContextMenu\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fush.FileUtilities_MainContextMenu\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fush.FileUtilities_MainContextMenu.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fush.FileUtilities_MainContextMenu.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fush.Launcher_ContextMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fush.Launcher_ContextMenu\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fush.Launcher_ContextMenu\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fush.Launcher_ContextMenu.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fush.Launcher_ContextMenu.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Mbootsh.mboot_DropMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Mbootsh.mboot_DropMenu.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Mbootsh.mboot_DropMenu.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ppsex.GiPoPPShellEx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ppsex.GiPoPPShellEx\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ppsex.GiPoPPShellEx\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ppsex.GiPoPPShellEx.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ppsex.GiPoPPShellEx.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\18459ECA507DD5242AABA0F0316BC922
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\00E060743E3A21345A4BC64210BAAF7D
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\040FC97265CBA5A428411EE1E277898B
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\0D26DAE2DA86F5F4BB42CE8A3EB74AC2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\0D32374CFB8E3B841B6286D365EB9096
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\18D0E80A97B6A174BBBEE7D7B0B7EB5E
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\19DE366939AFD4842992A53901AC2A12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\1AE3536D58644E94D9C0FA5FCBB286FF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\28B8C23D3357C4C4C95D3786B193B9F8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\2BC7B149DA194A940A6D4135B238D57D
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\4540B7DF6A2F93D49883A65F489923D2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\470E707442BB0F943B8C06D875EF7B6E
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\498F1FAC5ADAF954CBB8B1894A2F2066
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\4CCB04BC0C2AFAB448BBB3DE8C4C487A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\4E3A774F09BD880469568837F25F0129
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\4F15EC05753208E41866EB2EA14CE534
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\559E3342428638D4DA4D1198994A1B2D
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\569CC3234EFE29B46A1C81EEC0C290CD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\57F30334B101F014F8DBA16BBCFE0282
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\5B1315FA536C88C4895658F2A198181A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\5B3F43425FF75F446A093B2CE7EC82D2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\5BAEF0C263D66B340B11CD6601C48118
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\6293C2A5D54C4794BB768FBC88FBA3DC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\698D2A9E2E59EC34888FA9E28D65F642
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\70004E532BA41EF46AB2267DD0172753
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\78B9AE5FC947A9A41980EC91098A5CDE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\799940CFDC97720418C5C215A2F58214

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\FileUtilities_MainContextMenu Class]

(Default) = "{BB773C31-BB7F-491D-8266-E85B2068FA96}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\GiPoPPShellEx Class]

(Default) = "{C6701C93-823F-4BBC-B1D2-BFA74C54E415}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shellex\ContextMenuHandlers\Launcher_ContextMenu Class]

(Default) = "{5A023EED-C32A-4A68-A149-D15CBF824617}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A023EED-C32A-4A68-A149-D15CBF824617}\VersionIndependentProgID]

(Default) = "Fush.Launcher_ContextMenu"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A023EED-C32A-4A68-A149-D15CBF824617}\TypeLib]

(Default) = "{817DE71C-03C2-4392-ABDF-F2EDC60BB83D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A023EED-C32A-4A68-A149-D15CBF824617}\ProgID]

(Default) = "Fush.Launcher_ContextMenu.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A023EED-C32A-4A68-A149-D15CBF824617}\InprocServer32]

(Default) = "%ProgramFiles%\GiPo@Utilities\FileUtilities.3\fush.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A023EED-C32A-4A68-A149-D15CBF824617}]

(Default) = "Launcher_ContextMenu Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB773C31-BB7F-491D-8266-E85B2068FA96}\VersionIndependentProgID]

(Default) = "Fush.FileUtilities_MainContextMenu"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB773C31-BB7F-491D-8266-E85B2068FA96}\TypeLib]

(Default) = "{817DE71C-03C2-4392-ABDF-F2EDC60BB83D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB773C31-BB7F-491D-8266-E85B2068FA96}\ProgID]

(Default) = "Fush.FileUtilities_MainContextMenu.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB773C31-BB7F-491D-8266-E85B2068FA96}\InprocServer32]

(Default) = "%ProgramFiles%\GiPo@Utilities\FileUtilities.3\fush.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB773C31-BB7F-491D-8266-E85B2068FA96}]

(Default) = "FileUtilities_MainContextMenu Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6701C93-823F-4BBC-B1D2-BFA74C54E415}\InprocServer32]

(Default) = [pathname with a string SHARE]\gu_shell.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6701C93-823F-4BBC-B1D2-BFA74C54E415}]

(Default) = "GiPoPPShellEx Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D102A418-047F-40A7-95CE-943ED29BB412}\VersionIndependentProgID]

(Default) = "Mbootsh.mboot_DropMenu"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D102A418-047F-40A7-95CE-943ED29BB412}\TypeLib]

(Default) = "{31AF757E-0068-45A1-AD75-5FAA6CA0FF38}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D102A418-047F-40A7-95CE-943ED29BB412}\ProgID]

(Default) = "Mbootsh.mboot_DropMenu.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D102A418-047F-40A7-95CE-943ED29BB412}\InprocServer32]

(Default) = "%ProgramFiles%\GiPo@Utilities\FileUtilities.3\fush.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D102A418-047F-40A7-95CE-943ED29BB412}]

(Default) = "MoveOnBoot DropMenu Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shellex\ContextMenuHandlers\Launcher_ContextMenu Class]

(Default) = "{5A023EED-C32A-4A68-A149-D15CBF824617}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile\shellex\ContextMenuHandlers\Launcher_ContextMenu Class]

(Default) = "{5A023EED-C32A-4A68-A149-D15CBF824617}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\FileUtilities_MainContextMenu Class]

(Default) = "{BB773C31-BB7F-491D-8266-E85B2068FA96}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\PropertySheetHandlers\GiPoPPShellEx]

(Default) = "{C6701C93-823F-4BBC-B1D2-BFA74C54E415}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\HardLinkShlExt]

(Default) = "{D102A418-047F-40A7-95CE-943ED29BB412}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\FileUtilities_MainContextMenu Class]

(Default) = "{BB773C31-BB7F-491D-8266-E85B2068FA96}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\PropertySheetHandlers\GiPoPPShellEx]

(Default) = "{C6701C93-823F-4BBC-B1D2-BFA74C54E415}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\HardLinkShlExt]

(Default) = "{D102A418-047F-40A7-95CE-943ED29BB412}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Launcher_ContextMenu Class]

(Default) = "{5A023EED-C32A-4A68-A149-D15CBF824617}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\FileUtilities_MainContextMenu Class]

(Default) = "{BB773C31-BB7F-491D-8266-E85B2068FA96}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\HardLinkShlExt]

(Default) = "{D102A418-047F-40A7-95CE-943ED29BB412}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\PropertySheetHandlers\GiPoPPShellEx]

(Default) = "{C6701C93-823F-4BBC-B1D2-BFA74C54E415}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{817DE71C-03C2-4392-ABDF-F2EDC60BB83D}\1.0\0\win32]

(Default) = "%ProgramFiles%\GiPo@Utilities\FileUtilities.3\fush.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{817DE71C-03C2-4392-ABDF-F2EDC60BB83D}\1.0\HELPDIR]

(Default) = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{817DE71C-03C2-4392-ABDF-F2EDC60BB83D}\1.0\FLAGS]

(Default) = "0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{817DE71C-03C2-4392-ABDF-F2EDC60BB83D}\1.0]

(Default) = "fush 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AC50E040-738F-4580-B4CA-63E0ED30EA70}\1.0\0\win32]

(Default) = [pathname with a string SHARE]\gu_shell.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AC50E040-738F-4580-B4CA-63E0ED30EA70}\1.0\HELPDIR]

(Default) = [pathname with a string SHARE]\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AC50E040-738F-4580-B4CA-63E0ED30EA70}\1.0\FLAGS]

(Default) = "0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AC50E040-738F-4580-B4CA-63E0ED30EA70}\1.0]

(Default) = "ppsex 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Class'\CurVer]

(Default) = "Mbootsh.mboot_DropMenu.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Class'\CLSID]

(Default) = "{D102A418-047F-40A7-95CE-943ED29BB412}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fush.FileUtilities_MainContextMenu\CurVer]

(Default) = "Fush.FileUtilities_MainContextMenu.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fush.FileUtilities_MainContextMenu\CLSID]

(Default) = "{BB773C31-BB7F-491D-8266-E85B2068FA96}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fush.FileUtilities_MainContextMenu]

(Default) = "FileUtilities_MainContextMenu Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fush.FileUtilities_MainContextMenu.1\CLSID]

(Default) = "{BB773C31-BB7F-491D-8266-E85B2068FA96}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fush.FileUtilities_MainContextMenu.1]

(Default) = "FileUtilities_MainContextMenu Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fush.Launcher_ContextMenu\CurVer]

(Default) = "Fush.Launcher_ContextMenu.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fush.Launcher_ContextMenu\CLSID]

(Default) = "{5A023EED-C32A-4A68-A149-D15CBF824617}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fush.Launcher_ContextMenu]

(Default) = "Launcher_ContextMenu Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fush.Launcher_ContextMenu.1\CLSID]

(Default) = "{5A023EED-C32A-4A68-A149-D15CBF824617}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fush.Launcher_ContextMenu.1]

(Default) = "Launcher_ContextMenu Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Mbootsh.mboot_DropMenu]

(Default) = "MoveOnBoot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Mbootsh.mboot_DropMenu.1\CLSID]

(Default) = "{D102A418-047F-40A7-95CE-943ED29BB412}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Mbootsh.mboot_DropMenu.1]

(Default) = "MoveOnBoot DropMenu Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ppsex.GiPoPPShellEx\CurVer]

(Default) = "Ppsex.GiPoPPShellEx.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ppsex.GiPoPPShellEx\CLSID]

(Default) = "{C6701C93-823F-4BBC-B1D2-BFA74C54E415}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ppsex.GiPoPPShellEx]

(Default) = "GiPoPPShellEx Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ppsex.GiPoPPShellEx.1\CLSID]

(Default) = "{C6701C93-823F-4BBC-B1D2-BFA74C54E415}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ppsex.GiPoPPShellEx.1]

(Default) = "GiPoPPShellEx Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

%ProgramFiles%\GiPo@Utilities\FileUtilities.3\ = "1"
%ProgramFiles%\GiPo@Utilities\ = "1"
[pathname with a string SHARE]\ = ""
%Programs%\GiPo@Utilities\GiPo@FileUtilities\ = ""
%Programs%\GiPo@Utilities\ = ""
%Programs%\GiPo@Utilities\GiPo@FileUtilities\Help\English\ = ""
%Programs%\GiPo@Utilities\GiPo@FileUtilities\Help\ = ""
%Programs%\GiPo@Utilities\GiPo@FileUtilities\Help\Deutsch\ = ""
%Programs%\GiPo@Utilities\GiPo@FileUtilities\Help\French\ = ""
%AppData%\Microsoft\Installer\{E2B64929-B616-4235-B10E-D26D686296F9}\ = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\18459ECA507DD5242AABA0F0316BC922]

92946B2E616B53241BE02DD68626699F = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\00E060743E3A21345A4BC64210BAAF7D]

92946B2E616B53241BE02DD68626699F = "02:\SOFTWARE\GibinSoft\GiPo@Utilities\File_Utilities.3\rtest"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\040FC97265CBA5A428411EE1E277898B]

92946B2E616B53241BE02DD68626699F = "%ProgramFiles%\GiPo@Utilities\FileUtilities.3\fush.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\0D26DAE2DA86F5F4BB42CE8A3EB74AC2]

92946B2E616B53241BE02DD68626699F = "%ProgramFiles%\GiPo@Utilities\FileUtilities.3\mbootDE.chm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\0D32374CFB8E3B841B6286D365EB9096]

92946B2E616B53241BE02DD68626699F = "%ProgramFiles%\GiPo@Utilities\FileUtilities.3\mount.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\18D0E80A97B6A174BBBEE7D7B0B7EB5E]

92946B2E616B53241BE02DD68626699F = "%ProgramFiles%\GiPo@Utilities\FileUtilities.3\mount.chm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\19DE366939AFD4842992A53901AC2A12]

92946B2E616B53241BE02DD68626699F = "%ProgramFiles%\GiPo@Utilities\FileUtilities.3\dmonDE.chm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\1AE3536D58644E94D9C0FA5FCBB286FF]

92946B2E616B53241BE02DD68626699F = "%ProgramFiles%\GiPo@Utilities\FileUtilities.3\unicows.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\28B8C23D3357C4C4C95D3786B193B9F8]

92946B2E616B53241BE02DD68626699F = "01:\Software\GibinSoft\GiPo@Utilities\File_Utilities.3\deflang"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\2BC7B149DA194A940A6D4135B238D57D]

92946B2E616B53241BE02DD68626699F = "%ProgramFiles%\GiPo@Utilities\FileUtilities.3\mbootFR.chm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\4540B7DF6A2F93D49883A65F489923D2]

92946B2E616B53241BE02DD68626699F = "%ProgramFiles%\GiPo@Utilities\FileUtilities.3\rtestDE.chm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\470E707442BB0F943B8C06D875EF7B6E]

92946B2E616B53241BE02DD68626699F = "%ProgramFiles%\GiPo@Utilities\FileUtilities.3\dmon.chm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\498F1FAC5ADAF954CBB8B1894A2F2066]

92946B2E616B53241BE02DD68626699F = "%ProgramFiles%\GiPo@Utilities\FileUtilities.3\hlinkFR.chm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\4CCB04BC0C2AFAB448BBB3DE8C4C487A]

92946B2E616B53241BE02DD68626699F = "02:\SOFTWARE\GibinSoft\GiPo@Utilities\File_Utilities.3\core path"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\4E3A774F09BD880469568837F25F0129]

92946B2E616B53241BE02DD68626699F = "%ProgramFiles%\GiPo@Utilities\FileUtilities.3\fushFR.rll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\4F15EC05753208E41866EB2EA14CE534]

92946B2E616B53241BE02DD68626699F = "%ProgramFiles%\GiPo@Utilities\FileUtilities.3\fugen.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\559E3342428638D4DA4D1198994A1B2D]

92946B2E616B53241BE02DD68626699F = "%ProgramFiles%\GiPo@Utilities\FileUtilities.3\fushDE.rll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\569CC3234EFE29B46A1C81EEC0C290CD]

92946B2E616B53241BE02DD68626699F = "%ProgramFiles%\GiPo@Utilities\FileUtilities.3\rtestFR.rll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\57F30334B101F014F8DBA16BBCFE0282]

92946B2E616B53241BE02DD68626699F = "%ProgramFiles%\GiPo@Utilities\FileUtilities.3\mboot.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\5B1315FA536C88C4895658F2A198181A]

92946B2E616B53241BE02DD68626699F = "02:\SOFTWARE\GibinSoft\GiPo@Utilities\File_Utilities.3\mboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\5B3F43425FF75F446A093B2CE7EC82D2]

92946B2E616B53241BE02DD68626699F = "%ProgramFiles%\GiPo@Utilities\FileUtilities.3\hlink.chm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\5BAEF0C263D66B340B11CD6601C48118]

92946B2E616B53241BE02DD68626699F = "02:\SOFTWARE\GibinSoft\GiPo@Utilities\File_Utilities.3\dmon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\6293C2A5D54C4794BB768FBC88FBA3DC]

92946B2E616B53241BE02DD68626699F = "%ProgramFiles%\GiPo@Utilities\FileUtilities.3\fumgr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\698D2A9E2E59EC34888FA9E28D65F642]

92946B2E616B53241BE02DD68626699F = "%ProgramFiles%\GiPo@Utilities\FileUtilities.3\rtest.chm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\70004E532BA41EF46AB2267DD0172753]

92946B2E616B53241BE02DD68626699F = "%ProgramFiles%\GiPo@Utilities\FileUtilities.3\Home Page.url"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-606747145-764733703-839522115-1003\Components\78B9AE5FC947A9A41980EC91098A5CDE]

92946B2E616B53241BE02DD68626699F = "%ProgramFiles%\GiPo@Utilities\FileUtilities.3\dmonFR.rll"

The following Registry Values were modified:

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent]

(Default) =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent]

(Default) =

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.