ThreatExpert Report: Adware.Doza!sd5, Adware.Gen, not-a-virus:AdWare.Win32.Doza.a, Generic PUP.x..

Submission Summary:

Submission details:

Submission received: 13 November 2009, 22:11:28
Processing time: 7 min 4 sec
Submitted sample:

File MD5: 0xADB2169D964586671442D4A6A7EDBB2E
File SHA-1: 0x40E3A38EA570210C39C148F2A8A4FFB873EFB909
Filesize: 1,762,221 bytes

Summary of the findings:

What's been found	Severity Level
Downloads/requests other files from Internet.
Contains characteristics of an identified security risk.

Technical Details:

The new window was created, as shown below:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

Possible Security Risk

Attention! Characteristics of the following security risk was identified in the system:

Security Risk	Description
Adware.Doza!sd5	Adware.Doza!sd5 is a potentially unwanted adware program that could be used to display various pop-up advertisements.

Attention! The following threat category was identified:

Threat Category	Description
	A potentially unwanted adware program designed to deliver various advertisements to the users' systems

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%CommonDesktopDir%\Komunikator Tlen.pl.lnk %CommonStartMenu%\Komunikator Tlen.pl.lnk	649 bytes	MD5: 0x833E16A805929A06DA8A2EC0DF63B37D SHA-1: 0xE0B43E62189776A791FE5BE5AA4EF9352DB0F911	(not available)
2	%CommonPrograms%\Tlen.pl\Komunikator Tlen.pl.lnk	661 bytes	MD5: 0xD1839AAA43AD6528B2F4AF9972087E44 SHA-1: 0x44FB036BD0651066177D2BC0CFD9AF256D57C989	(not available)
3	%CommonPrograms%\Tlen.pl\Narzï¿½dzia WWW.lnk	710 bytes	MD5: 0x9771F44DC51503DDBE8436E49EAAC21F SHA-1: 0x1EE4A4D2092025A2E745CAEC1931A73865A3ED6E	(not available)
4	%CommonPrograms%\Tlen.pl\Odinstaluj.lnk	690 bytes	MD5: 0x4243A0E3F8415141DA1E9ED5BDAF51B8 SHA-1: 0x4C0609AE0E6181798116D04A6CD70316A1DB46F3	(not available)
5	%CommonPrograms%\Tlen.pl\Pomoc.lnk	666 bytes	MD5: 0xEAF8ABF9BEAFD9C1960B1C43F3336BB9 SHA-1: 0x78832246133252D8B3194D2DED37B598B5C63F60	(not available)
6	%CommonPrograms%\Tlen.pl\Portal o2.pl.lnk	705 bytes	MD5: 0x40151EA1034DC8AA3BCBA3177AC18F6C SHA-1: 0xDF3B843F01619427B4E37109A0B734A8D808B135	(not available)
7	%CommonPrograms%\Tlen.pl\Samouczek.lnk	690 bytes	MD5: 0x33C00601D6593CCDF6C54A7CBF06DA40 SHA-1: 0xA8AC134F02A6A56F6FBA073FF7FD6FDF0C22B7BD	(not available)
8	%CommonPrograms%\Tlen.pl\Serwis Tlen.pl.lnk	715 bytes	MD5: 0x545219E45AD580ED5F9112EA693289FC SHA-1: 0x53D731AE590C8B11BC169B3554A97D68C9E02359	(not available)
9	%ProgramFiles%\Tlen.pl\hook.dll	4,096 bytes	MD5: 0xAD07B544287AE87E9BDDD54C1DFDDC32 SHA-1: 0x30AB46C001CCF0919BD23FD79F11172A96F37C72	(not available)
10	%ProgramFiles%\Tlen.pl\languages\polish.dll	23,040 bytes	MD5: 0xB007CD96406A94287B3E3DE03EDEB274 SHA-1: 0xD6B012E3F1BE918E1F1C301A259EDB9F8D260827	packed with UPX [Kaspersky Lab]
11	%ProgramFiles%\Tlen.pl\libs\codec.dll	80,896 bytes	MD5: 0xAF037EAF9794EF9D997764812C4F9509 SHA-1: 0x93C4FAAEE2846C10DED15B99BE32AE6F7AC6E30B	packed with UPX [Kaspersky Lab]
12	%ProgramFiles%\Tlen.pl\libs\copying.txt	1,206 bytes	MD5: 0x966CA29F72883BBA7BE929F03BFAA8B7 SHA-1: 0xECDD73103844AADBB4449B3CF994D00486571611	(not available)
13	%ProgramFiles%\Tlen.pl\libs\libexpat.dll	54,784 bytes	MD5: 0xBB5F4ED0C725960D1282D87278295C81 SHA-1: 0xC64F738649811A59A5E0B3C8C653FA07ABA43221	packed with UPX [Kaspersky Lab]
14	%ProgramFiles%\Tlen.pl\Licencja.txt	3,795 bytes	MD5: 0x24C2A4CB8AAAC9378A6D95B5C796CC50 SHA-1: 0x0C14B957830D93F87438213AF5A9B09AC631B7E4	(not available)
15	%ProgramFiles%\Tlen.pl\Narzï¿½dzia WWW.url	45 bytes	MD5: 0x53611866C3BC4073039C9867C93B0C54 SHA-1: 0x5B8CC89041C06B62114979595E9A1709944BAFFF	(not available)
16	%ProgramFiles%\Tlen.pl\options.dat	374 bytes	MD5: 0x7E79597D97B9B39B936FC84B7FEC38E0 SHA-1: 0x6D5F2C97C403E3E4071F2808FF3C9446D8B76342	(not available)
17	%ProgramFiles%\Tlen.pl\plugins\DozaKultury\sound.wav %ProgramFiles%\Tlen.pl\plugins\TlenNewsy\sound.wav	10,748 bytes	MD5: 0xA73844DF46344E0C52D3BACF9621B9E3 SHA-1: 0x70C4E015E836F692E544B6CDE2389F80C01707ED	(not available)
18	%ProgramFiles%\Tlen.pl\plugins\DozaKultury.tpl	29,208 bytes	MD5: 0xCAA8D9317F8729BDA8AA2216AC966EFB SHA-1: 0xC944056C3DB905015AC4A0F537725238A9185B47	Adware.Doza!sd5 [PCTools] Adware.Gen [Symantec] not-a-virus:AdWare.Win32.Doza.a [Kaspersky Lab] Generic PUP.x [McAfee] not-a-virus:AdWare.Win32.DigitalNames.l [Ikarus] Win-Trojan/Doza.29208 [AhnLab] packed with UPX [Kaspersky Lab]
19	%ProgramFiles%\Tlen.pl\plugins\TlenDostep.tpl	44,056 bytes	MD5: 0xAAAE892CB50A70AC7F595A6BFE07AAF2 SHA-1: 0x2ADB596D172D87FC772E1FE59D689464E125883C	packed with UPX [Kaspersky Lab]
20	%ProgramFiles%\Tlen.pl\plugins\TlenNewsy.tpl	31,768 bytes	MD5: 0xD9AA72F6BA77016A9F12388AA3E6ED3A SHA-1: 0x077DFD9B5CA56A04E4FA54C6AB94028258219C22	packed with UPX [Kaspersky Lab]
21	%ProgramFiles%\Tlen.pl\plugins\TlenSMS.tpl	18,456 bytes	MD5: 0x201D1B05A1EC377EDC3BBB9C035AB3D8 SHA-1: 0x3ED22521B4C4747413BF488BCED1E11D3F48F902	packed with UPX [Kaspersky Lab]
22	%ProgramFiles%\Tlen.pl\plugins\Video.tpl	87,064 bytes	MD5: 0xA2215583D34E50C03381B236981EFED9 SHA-1: 0xE2D559CA911FF4480EB242FBADB7BDFB89038AB2	packed with UPX [Kaspersky Lab]
23	%ProgramFiles%\Tlen.pl\pomoc.chm	24,285 bytes	MD5: 0x896C4AF82D244B56C4C93E37DCDF80AB SHA-1: 0xC8D21E59764E63D33380BC97E3587C3042568A47	(not available)
24	%ProgramFiles%\Tlen.pl\Pomoc.url	46 bytes	MD5: 0xC749A405FD923BCF032A0B889D74D404 SHA-1: 0x22D7B462E3684044299E369301E463CED424AFFD	(not available)
25	%ProgramFiles%\Tlen.pl\Portal o2.pl.url	39 bytes	MD5: 0x7EE3B5E7D8485BD3B02C117105A801A7 SHA-1: 0x360518DE9F85303511F3729161212641EA0DE2DF	(not available)
26	%ProgramFiles%\Tlen.pl\profiles.dat	0 bytes	MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709	(not available)
27	%ProgramFiles%\Tlen.pl\Samouczek.url	80 bytes	MD5: 0x6FC7CFDADF055D2BAA329EFA3B7CD914 SHA-1: 0x9CADECE54A1D4DFF52B04A32D6DB82CCF1ADA0E0	(not available)
28	%ProgramFiles%\Tlen.pl\Serwis Tlen.pl.url	41 bytes	MD5: 0xBBE2BF4EED74EAD7106B50A9DE5DD1C6 SHA-1: 0x970F7F7FC3F7A01A4FD70DF70F389D2B9A535531	(not available)
29	%ProgramFiles%\Tlen.pl\skins\chat_sets\czaty\chat.xml	2,285 bytes	MD5: 0x5ECECD5364F8C355B0BB2FFDE43E40C5 SHA-1: 0x8C6433DEE6D6D6718F4ACC78DDDEAEF8A661B7E0	(not available)
30	%ProgramFiles%\Tlen.pl\skins\chat_sets\klasyczny\chat.xml	2,374 bytes	MD5: 0x4C0B265DCD811BB22725BDC207764463 SHA-1: 0xC53EE91739AE9FB76C0EEB65A466BE38B212FF4D	(not available)
31	%ProgramFiles%\Tlen.pl\skins\chat_sets\piaskowy\chat.xml	2,490 bytes	MD5: 0xFA18501F4DE12B045B20E00ACDAA75AF SHA-1: 0xE547783F326027A9BB6E94392F3E02FCC0F8EDE9	(not available)
32	%ProgramFiles%\Tlen.pl\skins\chat_sets\standardowy\chat.xml	2,488 bytes	MD5: 0x3365C27BF65F77C6B0CB4840B4C31A16 SHA-1: 0x01FD8D9322FF175735121D7776A016C35959BE51	(not available)
33	%ProgramFiles%\Tlen.pl\skins\chat_sets\stdstyles\archive.xml	2,260 bytes	MD5: 0xD22FC99D21CB581ABFCEE0016DAEB089 SHA-1: 0x968EC1F851D1CCBC5F9A187088F86E486E458B7E	(not available)
34	%ProgramFiles%\Tlen.pl\skins\chat_sets\stdstyles\msg.xml	1,882 bytes	MD5: 0x4C1784B426F4E858A2824F3503D7903A SHA-1: 0x2D9986DD44816B881F0F32576FBB987052CFFB34	(not available)
35	%ProgramFiles%\Tlen.pl\skins\chat_sets\stdstyles\sms.xml	1,882 bytes	MD5: 0xF605C03DCE7D3299F90769BC5304A4B2 SHA-1: 0x446FC3ECA2D178AEF2C129BB64702EB377DF3ABE	(not available)
36	%ProgramFiles%\Tlen.pl\skins\chat_sets\stdstyles\wwwmsg.xml	1,882 bytes	MD5: 0xBBE445E2FA8C3C3AD7198B03A69249FB SHA-1: 0x30CD3EF38689B9573575B704FB76FFDC8141B697	(not available)
37	%ProgramFiles%\Tlen.pl\skins\chat_sets\szary\chat.xml	2,490 bytes	MD5: 0x4B56AA2FD49A65F27612EED0FBA5B830 SHA-1: 0x9B39B9351A4A4395038D5F863980407BCA31B501	(not available)
38	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\10ton.gif	3,630 bytes	MD5: 0x0707F76EEB10E5F624910A124ABFD6E9 SHA-1: 0x3B55AC2582DD670FCAD3465D7CFA070ACFEAD4FF	(not available)
39	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\10ton_.gif	1,917 bytes	MD5: 0x43D18C37B68BF8C6CE57D811C497122A SHA-1: 0x761F2CD0794DC39606FB96C416673B8230AFBFA4	(not available)
40	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\3m_sie_.gif	1,834 bytes	MD5: 0xDCED8426380950B3DC4505B25C5729FC SHA-1: 0x10473F216D5B85648B68FC82C5165D12A5555A85	(not available)
41	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\all.bmp	125,398 bytes	MD5: 0x18A3FF1C94E9D9B1D8E4FE3473DEA176 SHA-1: 0xB5B60C25B93B61EE7E3F8971A7D3DEC197DA19A2	(not available)
42	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\aniolek.gif	1,415 bytes	MD5: 0xB41A0446CF3D27CE72000F806FA40521 SHA-1: 0x639D504423C098033113E205334D9FE00439F9AF	(not available)
43	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\aniolek_.gif	819 bytes	MD5: 0x5C8FA6BF301E98D5AC766CDBEA23EDE2 SHA-1: 0x50FC819878AEEDD22973F3F68DDE6111565CF0FA	(not available)
44	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\balwan.gif	3,414 bytes	MD5: 0x5616F87E7C8D380877D641F2D94062D8 SHA-1: 0x0437012E37107FAB7F2C0289ECDF7DE452800428	(not available)
45	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\balwan_.gif	874 bytes	MD5: 0x3C8D0CC655B0DBE50001077BF14E3D0B SHA-1: 0xDFDE43AF12A52D2DABBC24E38804EE43F83DBCBA	(not available)
46	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\beczy.gif	2,705 bytes	MD5: 0xECBC9493F9713680FB9AB48F8B681ACF SHA-1: 0x04ABC803F402828E0534740C39EB8CB4E63F5BE9	(not available)
47	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\beksa.gif	1,079 bytes	MD5: 0xF34112E616F193CB7B93206586E8DCF5 SHA-1: 0xED5022D9BEC970E4AA45454D9D1974F722EF764D	(not available)
48	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\bicz_.gif	1,535 bytes	MD5: 0xE6162FAF869BD751E3457372F88238C2 SHA-1: 0xC24B0D12ED628CD46FF9A784AAD2AEFD7018219B	(not available)
49	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\ble.gif	1,240 bytes	MD5: 0x7EC94970A65AA5C486E5FB6766613E68 SHA-1: 0x8F43A7FD46C92D330234070F0CCF39A2072AC7C0	(not available)
50	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\boje_sie_.gif	411 bytes	MD5: 0xF0AB5B914F85D770630E8C49B6A120A8 SHA-1: 0x169081E2B4602A41D401DB32A3C1F2387E4F2A1B	(not available)
51	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\boks.gif	4,236 bytes	MD5: 0xABBC25467E75887D7068696BD2FD5F73 SHA-1: 0xE99CE980DF0459BA821FC0BE30623295FE69F76A	(not available)
52	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\boks_.gif	1,138 bytes	MD5: 0xE71D0E7D349EBC07355BD140D11D34CC SHA-1: 0xED7E89EA5BF3E0BF762837B57FE092034B2FDF55	(not available)
53	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\budzik.gif	2,609 bytes	MD5: 0x4941BC7366A66205F6904BC9EBB53D2B SHA-1: 0x1C7C645E541B0D204AB00D676AC70CD260F342F5	(not available)
54	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\caluje.gif	1,532 bytes	MD5: 0xBE526584DBCCE515E6AA19892581626C SHA-1: 0x1C88C5C906B5EB69B1B8304C7438172F95F63C12	(not available)
55	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\calus_.gif	2,184 bytes	MD5: 0x08D49BF59BBDB2650C9272C00A8E6E16 SHA-1: 0x56BE6F0DF62CD9FAB6982E112751B54BEA2974D9	(not available)
56	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\chrapie.gif	844 bytes	MD5: 0xF4537F3C55047137AF5506A6E3283DF8 SHA-1: 0x51CC766B531778563FAC9991082BEC3371B95EA7	(not available)
57	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\chytry_.gif	563 bytes	MD5: 0x89B2BCA5C18FF606477746D02432C98F SHA-1: 0x9540EE80D36E097F5ACE4F500E02A42CD767E4BA	(not available)
58	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\cisza_.gif	2,161 bytes	MD5: 0x1689BCD389F383A44A11BA88C1E784CD SHA-1: 0xE0BAD53BD93B6F7F613E6C4409000277BCF1CA53	(not available)
59	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\cmok.gif	1,838 bytes	MD5: 0xE9ABCED9E9953964766794EF5FF9535F SHA-1: 0xC52AFBA45B1BF35CA9251F5B43822F32AED76136	(not available)
60	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\cmok_.gif	570 bytes	MD5: 0x7B8A855B4E981C0996304FE7EB008A30 SHA-1: 0x257DCBE4695CA0AAF73063E058804AFF9DB894C4	(not available)
61	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\cool.gif	1,077 bytes	MD5: 0x91116452CC5DB07F094998E44A078E84 SHA-1: 0xDB61C8831CF09A7E2CCF0A1BE5F35879CCA1F82D	(not available)
62	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\co_.gif	624 bytes	MD5: 0x8933C0D9BDF5135AC9BC79DD0779F5CF SHA-1: 0x0EE8EDCE37DA2FCEC0A1B8DB293F8D272C448DF0	(not available)
63	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\co_jest_.gif	1,342 bytes	MD5: 0x9E5CCAA7FD16EFFC9749C89295987A63 SHA-1: 0x1E9743215F992564C02C034E3FD2EFAC8C72FFE3	(not available)
64	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\cwaniak_.gif	508 bytes	MD5: 0x42C7D6C614FA7D3FB0EC708397FCF364 SHA-1: 0x9D450DE26770DD0E053173FF2B8B31C15E04BF3A	(not available)
65	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\czarodziej_.gif	1,005 bytes	MD5: 0xA9224831782F0A647409E7E58D12D59E SHA-1: 0xF194AAF17C4CEB1BB8CA30B38162DCAD4F933037	(not available)
66	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\czas.gif	1,089 bytes	MD5: 0xBDDB2817B234653FBFF385F93204D566 SHA-1: 0x5F8429B55CCF31C146D43C5D2FD2BE68A7295503	(not available)
67	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\czaszka.gif	616 bytes	MD5: 0xA1B731B6A9BF8118DADF31A1AC13105E SHA-1: 0x8F92B93350ACA0D9B28F83C24A751BFCBA70D246	(not available)
68	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\czaszka_.gif	1,756 bytes	MD5: 0xBC0C19D77B6EF0303C2B12E89A56DC84 SHA-1: 0x1554D435946E5E5AC00634ABF0EC05DA6D2C1975	(not available)
69	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\czas_.gif	2,685 bytes	MD5: 0x3D3650AAF72870F3D4E301783032779A SHA-1: 0xC1480D5E04A89AE5FC23EAD0725112FCDF1CBBE2	(not available)
70	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\czytaj_.gif	2,973 bytes	MD5: 0x5C23D5E94CA01E8872B4DC8090D8C8A5 SHA-1: 0xB58D8CFC802E739A6DD3AFED31CC090A442353AB	(not available)
71	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\czyta_.gif	1,384 bytes	MD5: 0x9610471E2A8B151ABF6B97ECA044BCFB SHA-1: 0xAC8EFF86703A04A40832B29D689CC01A0DE9E6AD	(not available)
72	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\deszcz_.gif	900 bytes	MD5: 0xFEB932504F9593708C0CFDC1449C87AA SHA-1: 0x004AC3242C4B7B8F52792817440FE4C93EBCD0A0	(not available)
73	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\diabel.gif	1,254 bytes	MD5: 0xB1335C687C8F255945294AC667E42DFE SHA-1: 0xC301AFBE3E80C44C2E0E3A009423C18383D96455	(not available)
74	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\diabelek_.gif	1,128 bytes	MD5: 0x4123EAF5743F174C931A1ACECB31E37D SHA-1: 0x3EF710AEBD25981371B939107D0A018C2766F8CF	(not available)
75	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\dom.gif	1,060 bytes	MD5: 0x467638B249B28DC6925DA2786D04F0CC SHA-1: 0xF2B9157745343B5B60E27CF3FC20C4F019C22C2C	(not available)
76	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\dom_.gif	157 bytes	MD5: 0xE99CC94D4E05327310F85756CA77F179 SHA-1: 0x3D3D66ED02AA4F8116FCBA313F19E46D9E46B101	(not available)
77	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\dupa_.gif	2,042 bytes	MD5: 0x12ED64C5960A543D47D08DE8935294BD SHA-1: 0xCA5D06379E7C2DC80DC48C49A6C0FDBDF572915F	(not available)
78	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\emo.xml	22,068 bytes	MD5: 0x672128B2A1B2C31A5D4B2567C3072ECE SHA-1: 0x7D010164DEA2C49D40DC5321BC912CEFDD6B3A1D	(not available)
79	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\faja_.gif	3,696 bytes	MD5: 0xCA0E4A76CF5765984B33EA66B7C828C2 SHA-1: 0x84591C72E96B6D6DF369154BAA53E4B7943B7A7E	(not available)
80	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\fuck_.gif	2,533 bytes	MD5: 0x9D59F43D94F4CEE86F03EB3D2AB931F9 SHA-1: 0x831D4CAB92B139CA6589DAE8385A9387BC15CB1F	(not available)
81	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\gadula.gif	678 bytes	MD5: 0xDC1CFC82FC932D3FD3256CD6717E78AD SHA-1: 0xCFA7256C098911EB9E375D202C5931E125CE7AAD	(not available)
82	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\glaszcze_.gif	4,166 bytes	MD5: 0x39BC958A5A70BB5ED10547CB3B33D5EB SHA-1: 0xB3D40D9FB279B8D91F54F6A79F2FA97F4E1F79F9	(not available)
83	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\glupek_.gif	2,129 bytes	MD5: 0xA3EE1F540BA22EE3870163FA9A01082F SHA-1: 0xBB7539903512276DFC67B598AAA91E4A2FFA2631	(not available)
84	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\gryz.gif	2,081 bytes	MD5: 0xAF6F1FDA930513912F10E5C95D4C71E5 SHA-1: 0xFD7D67E946A1A9FCE9C3CD21EF6CA79467F24333	(not available)
85	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\gwizd.gif	2,332 bytes	MD5: 0x48C344B2762503B4D39AA98B9C921364 SHA-1: 0x57DDA1610A614F883E999D44EDBB13ADB965ED07	(not available)
86	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\gwizd_.gif	2,073 bytes	MD5: 0x2BF058D22DCA5AE25B13F2B70DFE0A5C SHA-1: 0x25B27A021186B6718F64E04C46A15CCA5542F790	(not available)
87	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\haha_.gif	1,208 bytes	MD5: 0x442B703F1BF6CCBD5B3881D1131129C8 SHA-1: 0x3FD068EC6387D37195FC630AEF6E684A45A63D8A	(not available)
88	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\hihi.gif	1,300 bytes	MD5: 0x54CD02E7C99A9D2FF046F1C751ED1F5E SHA-1: 0xB19007396F35CE8BD75068A7B48CAA21E8DB3876	(not available)
89	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\hura.gif	2,763 bytes	MD5: 0xCA917D9524FA9D11B81007CD38AD9F49 SHA-1: 0x8E25944D29FA89C2B7243F4B464C96EDD2BB1FE1	(not available)
90	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\jem.gif	343 bytes	MD5: 0x1EF7F42E6A1FC204696036F1A9459E00 SHA-1: 0x581DCB294C70AE57D093DC0C3B82FA58857AD133	(not available)
91	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\jem_.gif	3,756 bytes	MD5: 0x223F2032ABD1D8A9164ED801A43EF454 SHA-1: 0x9ED080105FF2E8E451F2081494A66892CB6EB8FD	(not available)
92	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\jem_b.gif	2,798 bytes	MD5: 0x088BEA16D887F1FAC2C7FEDBB9691F92 SHA-1: 0x8C870235B7B5A44EDC54B2BAAD44AE587E7FCF14	(not available)
93	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\jezyk.gif	662 bytes	MD5: 0x1496E84D9F14DF57CD738417BFABD52E SHA-1: 0xD50A2B37EC704C3E5D73AE8AE273B8312210536E	(not available)
94	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\jezyk2_.gif	1,114 bytes	MD5: 0xD0D4A3EDABB1E095FE1830838EDCABB3 SHA-1: 0x5A6CF11ED14225CDCC43149D40E3FA31ED96646D	(not available)
95	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\jezyk_.gif	1,083 bytes	MD5: 0x72E1218E4C3F7AF72D310868AFEA212E SHA-1: 0xEE75D40EA605282705BC0AD4E2B5F1116013E850	(not available)
96	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\jupi_.gif	3,029 bytes	MD5: 0xDF2922FD08E573222018B1BBC33B4248 SHA-1: 0x633E5B3D5A9DB2464480DEB5DA73BFD2F3B6132B	(not available)
97	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\kiler_.gif	4,206 bytes	MD5: 0x5CA8AA897C079967DE9871441467DD4A SHA-1: 0xAF4F5393F15578EF8B586F9DF0014AF4BB5A946F	(not available)
98	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\klotnia_.gif	1,505 bytes	MD5: 0x15D24520653D81D529B0CCD3A658C88F SHA-1: 0x5D12789CBFDA5CBE9EB453BA30850A853517FA2F	(not available)
99	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\komora_.gif	883 bytes	MD5: 0x153843E8563BF5DD8D010D210D745BB1 SHA-1: 0xAE7E45A974B8607AF009222839C90C44A93DB2D1	(not available)
100	%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy\komorka.gif	555 bytes	MD5: 0x394C0E4042EFEF4A5A0F519CC0D882D8 SHA-1: 0xE5A16469384F35CC8CE13676B38B5B0752711D43	(not available)

Notes:

%CommonDesktopDir% is a variable that refers to the file system directory that contains files and folders that appear on the desktop for all users. A typical path is C:\Documents and Settings\All Users\Desktop (Windows NT/2000/XP).
%CommonStartMenu% is a variable that refers to the file system directory that contains the programs and folders that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu (Windows NT/2000/XP).
%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.

The following directories were created:

%CommonPrograms%\Tlen.pl
%ProgramFiles%\Tlen.pl
%ProgramFiles%\Tlen.pl\languages
%ProgramFiles%\Tlen.pl\libs
%ProgramFiles%\Tlen.pl\plugins
%ProgramFiles%\Tlen.pl\plugins\DozaKultury
%ProgramFiles%\Tlen.pl\plugins\TlenNewsy
%ProgramFiles%\Tlen.pl\skins
%ProgramFiles%\Tlen.pl\skins\chat_sets
%ProgramFiles%\Tlen.pl\skins\chat_sets\czaty
%ProgramFiles%\Tlen.pl\skins\chat_sets\klasyczny
%ProgramFiles%\Tlen.pl\skins\chat_sets\piaskowy
%ProgramFiles%\Tlen.pl\skins\chat_sets\standardowy
%ProgramFiles%\Tlen.pl\skins\chat_sets\stdstyles
%ProgramFiles%\Tlen.pl\skins\chat_sets\szary
%ProgramFiles%\Tlen.pl\skins\emo_sets
%ProgramFiles%\Tlen.pl\skins\emo_sets\standardowy
%ProgramFiles%\Tlen.pl\skins\icon_sets
%ProgramFiles%\Tlen.pl\skins\icon_sets\nescafe
%ProgramFiles%\Tlen.pl\skins\icon_sets\plusgsm-new
%ProgramFiles%\Tlen.pl\skins\icon_sets\standardowy
%ProgramFiles%\Tlen.pl\skins\skin_sets
%ProgramFiles%\Tlen.pl\skins\skin_sets\nescafe
%ProgramFiles%\Tlen.pl\skins\skin_sets\plusgsm-new
%ProgramFiles%\Tlen.pl\skins\skin_sets\standard-old
%ProgramFiles%\Tlen.pl\skins\skin_sets\standardowy
%ProgramFiles%\Tlen.pl\skins\skin_sets\xp-srebrny
%ProgramFiles%\Tlen.pl\skins\skin_sets\xp-zielony
%ProgramFiles%\Tlen.pl\skins\sound_sets
%ProgramFiles%\Tlen.pl\skins\sound_sets\standardowy

Memory Modifications

There was a new process created in the system:

Process Name	Process Filename	Main Module Size
[filename of the sample #1]	[file and pathname of the sample #1]	204,800 bytes

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tlen
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tlen\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tlen\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tlen\shell\open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tlen\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tlen.pl
HKEY_CURRENT_USER\Software\Tlen.pl

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tlen\shell\open\command]

(Default) = "%ProgramFiles%\Tlen.pl\tlen.exe %1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tlen\DefaultIcon]

(Default) = "%ProgramFiles%\Tlen.pl\tlen.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tlen]

(Default) = "URL:Tlen Protocol"
URL Protocol = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tlen.pl]

DisplayName = "Tlen.pl"
UninstallString = "%ProgramFiles%\Tlen.pl\uninstall.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

Komunikator = "%ProgramFiles%\Tlen.pl\tlen.exe"

[HKEY_CURRENT_USER\Software\Tlen.pl]

Path = "%ProgramFiles%\Tlen.pl"

Other details

Analysis of the file resources indicate the following possible country of origin:

Poland

To mark the presence in the system, the following Mutex objects were created:

KOMUNIKATORTLEN
_!SHMSFTHISTORY!_

The following Internet Connection was established:

Server Name	Server Port	Connect as User	Connection Password
reg.tlen.pl	80	(null)	(null)

The following GET requests were made:

index.html
index.jpg

There were application-defined hook procedures installed into the hook chain (e.g. to monitor keystrokes). The installed hooks are handled by the following modules:

%ProgramFiles%\tlen.pl\hook.dll

the hook is handled by its export "KeyboardProc()"

%ProgramFiles%\tlen.pl\hook.dll

the hook is handled by its export "MouseProc()"

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.