Submission Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).

 

Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

 

File System Modifications

#Filename(s)File SizeFile Hash
1 %ProgramFiles%\WebEnhancements\BrowserEnhancements.crx 5,522 bytes MD5: 0xE26C1AAC4AA7AFDC875D5775688C72CF
SHA-1: 0x390F8B03229E35F72E61D4FB38BDAE150E5322DD
2 %ProgramFiles%\WebEnhancements\BrowserEnhancements.dll 234,496 bytes MD5: 0xF69BAD7269A428776F437BBE56ED9586
SHA-1: 0x721D35B6DE6A87C7542AF627699A6B9FD50CD213
3 %ProgramFiles%\WebEnhancements\BrowserEnhancements.safariextz 5,662 bytes MD5: 0x6A120091691A31F84E18B37C1A01A0B0
SHA-1: 0x1C423C5B78B2169A10BC005855D0592375EB4498
4 %ProgramFiles%\WebEnhancements\BrowserEnhancements.xpi 2,022 bytes MD5: 0xA35BD2F5D430B5F724AFF7EA67CDC2DD
SHA-1: 0xB87E2AC2A635980E14CB59B911A744526C360A3D
5 %ProgramFiles%\WebEnhancements\uninst.exe 49,140 bytes MD5: 0xB8A5A0389485ED16F6E9650668BF4AD3
SHA-1: 0x167DE9299343B055FDB12352343EDCE240326994
6 [file and pathname of the sample #1] 1,109,234 bytes MD5: 0xAF6CC99D717C0DAEF65A9DAFD6C45DB7
SHA-1: 0x00446CA668608E2EFBB82408236F356545295EDB
7 c:\Xvid.exe 940,987 bytes MD5: 0x1CD510D18340ED8326739066B19AB664
SHA-1: 0xA6503D76996035DB79F7005FD14F306AEEF7D089

 

Memory Modifications

Process NameProcess FilenameMain Module Size
Xvid.tmp%Temp%\is-0C737.tmp\Xvid.tmp1,273,856 bytes

 

Registry Modifications

 

Other details

Remote HostPort Number
168.75.207.2080
199.21.148.12380
204.0.5.4080
204.0.5.5980
207.188.5.4480
209.167.6.22080
216.34.207.5980
216.34.207.6280
50.18.52.1780
50.28.11.4080

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.