ThreatExpert Report

Submission Summary:

Submission details:

Submission received: 5 May 2008, 23:36:26
Processing time: 3 min 18 sec
Submitted sample:

File MD5: 0xB9E24BDF4E00648483180575B5CFCC22
File SHA-1: 0xE5F7525827C1C8B83FDE20350B4D35F02A9844E5
Filesize: 735,086 bytes

Summary of the findings:

What's been found	Severity Level
Contains characteristics of an identified security risk.

Technical Details:

The new window was created, as shown below:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

Possible Security Risk

Attention! Characteristics of the following security risk was identified in the system:

Security Risk	Description
Adware.WhenU_SaveNow	SaveNow shows targeted pop-up advertisements and coupons based on user's Internet surfing habits. It is usually distributed with other third party software such as BearShare.

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash
1	%Temp%\GLC1.tmp	164,864 bytes	MD5: 0x09E59D00DF5D2EFFD8DD9B30385CB9D2 SHA-1: 0x0FA0D3F6692F31FDABEFB719B0F7A28CBF5D5415
2	%Temp%\GLF4.tmp	10,752 bytes	MD5: 0x9DA8F742593D4BBCA708B90725282AE2 SHA-1: 0x9AAA6ED98726E657252A098F2BF06066A8604D27
3	%Temp%\GLF5.tmp	817 bytes	MD5: 0xFDEB6F3A47556B68007B1B4F46001567 SHA-1: 0xEDD6890D491DC28886A9BF06B9AE5112B90E3D80
4	%Temp%\GLF6.EXE	151,552 bytes	MD5: 0xF81D91509198204E31BCB3EF6103A8B7 SHA-1: 0x4EA28D7AFC9956C61863E9F30B11440C7EA0FC47
5	%Temp%\GLF6.tmp %Windir%\Model.log	0 bytes	MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
6	%Temp%\GLF8.tmp	15,239 bytes	MD5: 0x4A36EE288FE36271C1B2D5D64D6B6F16 SHA-1: 0xBA9636C97CAB42F1B0AB409B116BD83827A57F34
7	%Temp%\GLG3.tmp	556 bytes	MD5: 0x33388FD32EA7E2F91BC5C10E72B792B1 SHA-1: 0x338AA4C160C0522BE375394C5A40BD94FD326F71
8	%Windir%\Model.txt	35 bytes	MD5: 0xFD84D0C74CE9EC9FC6C9E607A62C1187 SHA-1: 0xB312493C2234CF61A2976980148F31BB2DF0AEDF
9	[file and pathname of the sample #1]	735,086 bytes	MD5: 0xB9E24BDF4E00648483180575B5CFCC22 SHA-1: 0xE5F7525827C1C8B83FDE20350B4D35F02A9844E5

Notes:

%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
[filename of the sample #1]	[file and pathname of the sample #1]	28,672 bytes
GLF6.EXE	%Temp%\GLF6.EXE	163,840 bytes

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.