Submission Summary:

What's been foundSeverity Level
Contains characteristics of an identified security risk.


Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.


Possible Security Risk

Security RiskDescription
Adware.WhenU_SaveNow SaveNow shows targeted pop-up advertisements and coupons based on user's Internet surfing habits. It is usually distributed with other third party software such as BearShare.


File System Modifications

#Filename(s)File SizeFile Hash
1 %Temp%\GLC1.tmp 164,864 bytes MD5: 0x09E59D00DF5D2EFFD8DD9B30385CB9D2
SHA-1: 0x0FA0D3F6692F31FDABEFB719B0F7A28CBF5D5415
2 %Temp%\GLF4.tmp 10,752 bytes MD5: 0x9DA8F742593D4BBCA708B90725282AE2
SHA-1: 0x9AAA6ED98726E657252A098F2BF06066A8604D27
3 %Temp%\GLF5.tmp 817 bytes MD5: 0xFDEB6F3A47556B68007B1B4F46001567
SHA-1: 0xEDD6890D491DC28886A9BF06B9AE5112B90E3D80
4 %Temp%\GLF6.EXE 151,552 bytes MD5: 0xF81D91509198204E31BCB3EF6103A8B7
SHA-1: 0x4EA28D7AFC9956C61863E9F30B11440C7EA0FC47
5 %Temp%\GLF6.tmp
0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
6 %Temp%\GLF8.tmp 15,239 bytes MD5: 0x4A36EE288FE36271C1B2D5D64D6B6F16
SHA-1: 0xBA9636C97CAB42F1B0AB409B116BD83827A57F34
7 %Temp%\GLG3.tmp 556 bytes MD5: 0x33388FD32EA7E2F91BC5C10E72B792B1
SHA-1: 0x338AA4C160C0522BE375394C5A40BD94FD326F71
8 %Windir%\Model.txt 35 bytes MD5: 0xFD84D0C74CE9EC9FC6C9E607A62C1187
SHA-1: 0xB312493C2234CF61A2976980148F31BB2DF0AEDF
9 [file and pathname of the sample #1] 735,086 bytes MD5: 0xB9E24BDF4E00648483180575B5CFCC22
SHA-1: 0xE5F7525827C1C8B83FDE20350B4D35F02A9844E5


Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]28,672 bytes
GLF6.EXE%Temp%\GLF6.EXE163,840 bytes



All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.