Submission Summary:

What's been foundSeverity Level
Capability to send out email message(s) with the built-in SMTP client engine.
Downloads/requests other files from Internet.
Creates a startup registry entry.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).

 

Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

 

File System Modifications

#Filename(s)File SizeFile Hash
1 %CommonPrograms%\DealRunner\DealRunner.lnk 718 bytes MD5: 0xCCD30B29FC4E6B3E0B157BDFC9742A33
SHA-1: 0xF4626EEE5FD865144DF5DE30EEB702F946DD1C22
2 %CommonPrograms%\DealRunner\Uninstall DealRunner.lnk 708 bytes MD5: 0xCDCA8A7F39EA8EFCD3FE700EAC10D1B4
SHA-1: 0x64BF9B07091A7C56154399C3737CC6BA7BCE3112
3 %AppData%\FCSB000063941\Toolbar\patch.bat
%ProgramFiles%\Shop to Win 20\patch.bat
713 bytes MD5: 0x06AA181584EAD4FAEFE0BE36C81FAB5D
SHA-1: 0x3E1888641489021ED2CAB67F535DAF95B8F265E5
4 %AppData%\FCSB000063941\Toolbar\settings.xml
%ProgramFiles%\Shop to Win 20\settings.xml
2,003 bytes MD5: 0x5C89781D5C6579E96FE1E1F461C5048C
SHA-1: 0x5C6A4ECBE1E58BF0CE36E3A418A5DE5C84C90A31
5 %AppData%\FCSB000063941\Toolbar\Shop to Win 20.dll
%ProgramFiles%\Shop to Win 20\Shop to Win 20.dll
14,432 bytes MD5: 0xF5697AFE07B8FC950BB3E31272B7B843
SHA-1: 0x54B1A9DBB4D85F57AB09F90981405E78BF3433BC
6 %AppData%\FCSB000063941\Toolbar\ShoppingBHO.dll
%ProgramFiles%\Shop to Win 20\ShoppingBHO.dll
687,104 bytes MD5: 0xDC98B8B4397CE0223AEEE4730C749885
SHA-1: 0xB84376E75551AF00FD79807D0FE261D7424C2970
7 %AppData%\FCSB000063941\Toolbar\ShopToWin.ico
%ProgramFiles%\Shop to Win 20\ShopToWin.ico
6,862 bytes MD5: 0xF76B634CAA9AE7166596998901CD8776
SHA-1: 0x31603543F1877EB7C390F19CDDBC92520418959F
8 %AppData%\FCSB000063941\Toolbar\Uninst.exe
%ProgramFiles%\Shop to Win 20\Uninst.exe
59,118 bytes MD5: 0x523CE213A42E09C6E6C0868FBDD1B08B
SHA-1: 0xE7570EB5CF245BB6AB8369D5E547894CAA58849A
9 %AppData%\FCSB000063941\Toolbar\version.txt
%ProgramFiles%\Shop to Win 20\version.txt
51 bytes MD5: 0xE3E988B96019EAB26584B5B50E072C08
SHA-1: 0xAD82B5435ED3E396AC43D5F416A3FFEDDA30E1D6
10 %Temp%\Low\FCSB000063941\cache-%UserName%\03dc1e50b634438b2b3439535f16e4ef 331 bytes MD5: 0x0A0B44BBB9B4EC6D3E57AB84EFC53202
SHA-1: 0x1B4FB1D173717C4047588C8D1C359DE3DD90FF62
11 %Temp%\Low\FCSB000063941\cache-%UserName%\04938c177ebb9cb453d87b2b2e61f6f5 394 bytes MD5: 0x986AF834991A55A7BC40169F2B96DEE8
SHA-1: 0xC1581DEEAE73483A245AB8A48B2E720EAAEE805A
12 %Temp%\Low\FCSB000063941\cache-%UserName%\20133249a4819b59eedc890d3ecbea3b 1,760 bytes MD5: 0xE4372927078148E289FED5D054D545C1
SHA-1: 0x726959A1997C1445E7EC979123CEF20711F6CF30
13 %Temp%\Low\FCSB000063941\cache-%UserName%\355c13830b2b10319e09666596b903c3 764 bytes MD5: 0x46EB141709DF6F17F7126AE5E9239876
SHA-1: 0x0B61713F97E3514BF82C1B21261CC51A7FF1386B
14 %Temp%\Low\FCSB000063941\cache-%UserName%\3e600960289c2f26a133d4a880895d7b 1,255,448 bytes MD5: 0x21733B2A4AEB790EFD11B3E80441FC8E
SHA-1: 0xFC9D0AE6CB86610E2028B29A1BE71472C5B700FA
15 %Temp%\Low\FCSB000063941\cache-%UserName%\4975fea9f6ac679b3b23754cd30d3159 4,159 bytes MD5: 0x6E184DFC8465D984F664FE76CC2F2091
SHA-1: 0x6A5B0D451C4C4C6B45AD9B976C536D7AB530CB2F
16 %Temp%\Low\FCSB000063941\cache-%UserName%\4c535d174e60724e5459e1c8694467bc 10,580 bytes MD5: 0x7822936BDDF87A6632DDCAED7F2B2558
SHA-1: 0xD261BA2B676E0C67C662D16D6F1315FCEBC341D5
17 %Temp%\Low\FCSB000063941\cache-%UserName%\56104db0c4deb1778d8ab81fa5c0ca93 32,898 bytes MD5: 0x528F8C30ED9E61823BDFF26570371289
SHA-1: 0x2A866FFE6C4479E2B92875A9FA697B7A644B16E9
18 %Temp%\Low\FCSB000063941\cache-%UserName%\8546b02629f6906abe4dab3c43626548 332 bytes MD5: 0x6A46FD4C088122BDFC21FD19CF26A222
SHA-1: 0x4B30DEF75C04E03F6AFCE018E5A1015A63F2EA5E
19 %Temp%\Low\FCSB000063941\cache-%UserName%\9d3c1dea253fc011ee75ec848618774f 1,189,626 bytes MD5: 0xD3F77865F681EF1FB717AE155CE0880B
SHA-1: 0xF62616583B4BF277F72EB4A214CE9991C827857F
20 %Temp%\Low\FCSB000063941\cache-%UserName%\c3a43239291502e5ee7043e339659ba5 359 bytes MD5: 0x2A6E8409E5BC839D37AEAD9FBFAAF3C3
SHA-1: 0xA30C45D7BC2559C7DEB8F4677BD06049329D7E8C
21 %Temp%\Low\FCSB000063941\cache-%UserName%\cc94cdb252e9dd2338a096e332f4635b 1,587 bytes MD5: 0x889178263BE6415D4E91AB2081FDF2D7
SHA-1: 0xE760633949FA36670A1848FCB9FF9F77F5950F7F
22 %Temp%\Low\FCSB000063941\cache-%UserName%\eac5556352c27a7245384e50c443f51e 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
23 %Temp%\Low\FCSB000063941\cache-%UserName%\ff9ebdf6892aaa556bf888ecc6a15bfa 23 bytes MD5: 0x3AE2235DB0AF74416C089AD222156AEB
SHA-1: 0x7FB4044E70BD2B5B3BD0848712F504E2159B6683
24 %Temp%\Low\FCSB000063941\cache-%UserName%\new_aff.xml 5,575 bytes MD5: 0x35322FEE0CDDC67A128A7902541FB3A8
SHA-1: 0x1AC4476CB67D80FFAC64E9173FCD6007A33F903C
25 %Temp%\Low\FCSB000063941\cache-%UserName%\version.xml 6 bytes MD5: 0xD23E5D85F3A841BCBFE87636B62DCDBD
SHA-1: 0x45644C87564578C9E58DAAE16A5560A498508C62
26 %Temp%\nsa2.tmp\InetLoad.dll 18,944 bytes MD5: 0x588D2A4E27DEE47F1D7A9C10E67CA948
SHA-1: 0x019AAD53A317892C3875761A5F6F2FB470376B7B
27 %Temp%\nsa2.tmp\textreplace.dll 5,120 bytes MD5: 0x72D1177BAD86F4DF8EAEE2A8AFE50E6F
SHA-1: 0xC36019DFA2FF5C90C9DA31C89DFCDA08F93DF68D
28 %Programs%\Shop to Win 20\Check out Previous Winners.lnk 1,136 bytes MD5: 0x06D12DFED2882BB07E96932A3CBFCAB0
SHA-1: 0xFB8E817AD864DE92FE4960E4E952A2395E740AAE
29 %Programs%\Shop to Win 20\Frequently Asked Questions.lnk 1,130 bytes MD5: 0x38C1AB9CEA1BFD85DB4EAAA07F410500
SHA-1: 0x5840F58F23DE5F043AC2197125905AE17DD5F190
30 %Programs%\Shop to Win 20\How can I win $100,000.lnk 1,130 bytes MD5: 0x6A17E823525E879F6D0E84514611AAEC
SHA-1: 0x8617A6779675E68005FE9BA9E1B47D6E12EEB157
31 %Programs%\Shop to Win 20\How can I win $500 Today.lnk 1,110 bytes MD5: 0xDA0A5DE1D1F021660B62BF86D3FEBC5D
SHA-1: 0x1035AFA8E3167E1F6CB6582602F4B20F1F451943
32 %Programs%\Shop to Win 20\Shop To Win Privacy Policy.lnk 1,146 bytes MD5: 0x5D2D7DA1F2EF861BEABC3A7AEB42A4EE
SHA-1: 0xAAB539E029B2B5F806203DA88B7E5C3CA8674A6B
33 %Programs%\Shop to Win 20\Shop to Win Terms and Conditions.lnk 1,138 bytes MD5: 0xD2614332A7D890A158DBF85BC3ECDD3E
SHA-1: 0xADF7A08458E31C474145727ED603E7604BCB61FA
34 %Programs%\Shop to Win 20\Sweepstakes Official Rules.lnk 1,142 bytes MD5: 0x45D65CA83A31880AAA8214704D2DB43A
SHA-1: 0x1027BD4D619A6E4FC6049B495B0C7B3DAC84F4AE
35 %Programs%\Shop to Win 20\Uninstall.lnk 735 bytes MD5: 0xD5DEC25B0FDFC4834C21F45D9E317D84
SHA-1: 0x961EE9BF2ABB5E48BA637C448006022746E0EEDE
36 %Programs%\Shop to Win 20\View My Shop to Win Account.lnk 1,130 bytes MD5: 0x139712672853549738D44FFA7BEB3938
SHA-1: 0x5AC7A616EC5420287A3656DEEA6952D223EB59B1
37 %Programs%\Shop to Win 20\Visit the Shop to Win Mall.lnk 1,138 bytes MD5: 0xA73055ED9EDB0A4B7A332048178A8D7D
SHA-1: 0xF57825C27F0A4444B52CB57656A05AD47111BA5A
38 %ProgramFiles%\DealRunner\DealRunner.exe 790,624 bytes MD5: 0x4FD9B0B6D5A19A8D7209B1E06CB00AC9
SHA-1: 0xAD05F2DD8D540AB627281DC1E727C1461C668BC8
39 %ProgramFiles%\DealRunner\gdiplus.dll 1,712,128 bytes MD5: 0x78BDC89C5D9E206209BEC5A5A73F91F7
SHA-1: 0x5F6EB616B854CC698451F96BBE9CF5049F25245E
40 %ProgramFiles%\DealRunner\unins000.dat 4,989 bytes MD5: 0x396D7DCD141F04A2E4104EC790D84C27
SHA-1: 0xAF02218D198101B378131055C3E752D4C43ED796
41 %ProgramFiles%\DealRunner\unins000.exe 1,174,083 bytes MD5: 0x2080125D72314E22F1F2144B1FFF8C6F
SHA-1: 0x8D3AE65537AE9744E80AF7AFA15433A562EE05E3
42 %ProgramFiles%\Shop To Win\InstallNotifier.exe 363,008 bytes MD5: 0xF68FCF3FC45AE9FB85A13580F71A18E2
SHA-1: 0xBEBEC531205977003F02BAB26577DC557D2FBB72
43 %ProgramFiles%\Shop To Win\ShopToWin.exe 2,177,536 bytes MD5: 0x45EC457957DB0425472853D7AE3532F4
SHA-1: 0x7BCB52C73ED49EB391FEAC3E308F8712498C1A44
44 %ProgramFiles%\Shop To Win\TestFeeds\DisableStatus.xml 1,204 bytes MD5: 0x0D9F90AE394142BD2E228D587DF978A4
SHA-1: 0xF5449C1044D20F77005D6AD0AC0B1FCC0FB1C9BC
45 %ProgramFiles%\Shop To Win\TestFeeds\DisableStatusDirection.xml 1,119 bytes MD5: 0xA7E0671BBDE9F2D8CD9198A7F5895DF9
SHA-1: 0x08D92EA808D24474F2F008DA9EBA3358E0EF5764
46 %ProgramFiles%\Shop To Win\TestFeeds\GenericPopup.xml 1,182 bytes MD5: 0x8C2CBF339D08C99B1D4F0D36AB3CCD5C
SHA-1: 0x0623A8E2BC64ABD08F3C78B7F7592FD36143A56E
47 %ProgramFiles%\Shop To Win\TestFeeds\MainStatus.xml 770 bytes MD5: 0x17E6A2F7588BE887CA982AB666B69FBF
SHA-1: 0xADB56121037AC191F8E16767056232754CA9F7B1
48 %ProgramFiles%\Shop To Win\TestFeeds\ShoppingConfirmation.xml 1,483 bytes MD5: 0xB29969B400CBC78D736B50127A42E865
SHA-1: 0x937C59502D7C5EA443ECC95350C082431BE1CEF2
49 %ProgramFiles%\Shop To Win\unins000.dat 6,559 bytes MD5: 0x84A2F9D415E11DCDC45D520F074F9262
SHA-1: 0xC6B38ED2E261C98F924AABC4BBECCB74CD39155B
50 %ProgramFiles%\Shop To Win\unins000.exe 1,174,083 bytes MD5: 0x2E8E461AD8DDCD9FBF2017817B0D90F1
SHA-1: 0x62C4FD12D8380814662B2BEF195E591AB1CEFBC3
51 [file and pathname of the sample #1] 3,159,896 bytes MD5: 0xBDE1312B225AD987B57B1DBEF0885817
SHA-1: 0x8A16BC9B6D9805C97F3733D1B3B2E17172A8DF1D

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1 without extension].tmp%Temp%\is-E9QVI.tmp\[filename of the sample #1 without extension].tmp1,269,760 bytes

Process NameProcess FilenameAllocated Size
ShopToWin.exe%ProgramFiles%\shop to win\shoptowin.exe20,480 bytes

 

Registry Modifications

 

Other details

Russian Federation
Netherlands

Remote HostPort Number
174.143.171.11380
174.37.58.23080
207.171.163.19580
208.86.84.4280

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.