| Visit ThreatExpert web site | | | Close Report |
[Symantec]| What's been found | Severity Level |
| Contains characteristics of an identified security risk. |  |
NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.
 | Possible Security Risk |
| Threat Category | Description |
 |
A potentially unwanted adware program designed to deliver various advertisements to the users' systems |
 | File System Modifications |
| # | Filename(s) | File Size | File Hash | Alias |
| 1 | %Temp%\1.tmp\autorun.apm | 198,103 bytes | MD5: 0x748F99EC78FC9E2E3BBA87C6441DFD0E SHA-1: 0xA87A9290CD1678C3AC0E69BBED924791A27BC540 |
(not available) |
| 2 |
%Temp%\1.tmp\autorun.exe
|
1,512,448 bytes | MD5: 0xC98D6ABC5AE3FCD85F2AE09D95F584CB SHA-1: 0x34A2FD801509CC81F3CD2FA8FA341143CBEE1D93 |
(not available) |
| 3 |
%Temp%\1.tmp\choice.exe
|
36,864 bytes | MD5: 0xA704D22D57B62553E27AD261276B0625 SHA-1: 0x4750F086F1BAEF7D179A81D6B99470EAE21CC4DA |
(not available) |
| 4 |
%Temp%\1.tmp\cscript.exe
|
153,088 bytes | MD5: 0x34098403F9D8F71CE2EC749122168E89 SHA-1: 0x0AED0994E4B43BC3ECC2106DC1C1D3210C82B7D7 |
(not available) |
| 5 | %Temp%\1.tmp\Help.txt | 11,777 bytes | MD5: 0x09A15BE2B1AF5ABE0B4ABD4690C79F24 SHA-1: 0xC94524087638121FDB38BF2926324238324FD2C9 |
(not available) |
| 6 |
%Temp%\1.tmp\hidcon.exe
|
2,048 bytes | MD5: 0xB2DADAB18C318443301D0087CD7200BA SHA-1: 0xC0ADF61A17A3698548BEE1EF225AD824AB901E0D |
(not available) |
| 7 | %Temp%\1.tmp\hs_message.vbs | 796 bytes | MD5: 0xAF0559E0301B2F75FA7CE812C5296DE8 SHA-1: 0x205DDD069A599D20F0E91E17BBF3250EB339CC9E |
(not available) |
| 8 | %Temp%\1.tmp\KMService.exe | 151,552 bytes | MD5: 0xBCA43E19E7013331D99FF788EA6B42A0 SHA-1: 0x01C7D28E8828A91C27FFE0F1155CFA835FA6D703 |
Troj/Keygen-DX [Sophos] possible-Threat.Tool.Keygen [Ikarus] |
| 9 | %Temp%\1.tmp\ospp.vbs | 49,377 bytes | MD5: 0xBE4C7DE95BE73E8A83FF9B3189A93E00 SHA-1: 0x3B9B2CEC73175DC5B252598EB211545293042C8E |
(not available) |
| 10 | %Temp%\1.tmp\osppc.dll | 127,232 bytes | MD5: 0x1D9C3D7A1F8838E6280FA3F7D1FE4ED8 SHA-1: 0xD02A61C9A27C4D619F09DC22CB921E52ACA56822 |
(not available) |
| 11 | %Temp%\1.tmp\ospprearm.exe | 14,176 bytes | MD5: 0x7FFAE006610A85317FBB092A2D65D1A9 SHA-1: 0xF61F245695232ADA51D81671E9918D54D9F35575 |
(not available) |
| 12 |
%Temp%\1.tmp\PortQry.exe
|
143,360 bytes | MD5: 0xC6AC67F4076CA431ACC575912C194245 SHA-1: 0x6BC8BC559C80218055DCD58CC9376EA7D10BABDE |
(not available) |
| 13 | %Temp%\1.tmp\Run.cmd | 1,130 bytes | MD5: 0x0B851D375A6A8A8B04431D9635371F85 SHA-1: 0x4CF97A4F0E3B04E476B4492CCE7409A5C20B68EF |
(not available) |
| 14 | %Temp%\1.tmp\Scripts.cmd | 18,053 bytes | MD5: 0x88B8672EC7546CB73EFAFCA3F2D67513 SHA-1: 0x8D3AC139C77900B424AC3C5AB34440771F29434C |
(not available) |
| 15 | %Temp%\1.tmp\service.inf | 1,012 bytes | MD5: 0x9EE35B92CE83972E9D38F57B6B885057 SHA-1: 0x9F57D99E4A63663B4E4CD9DC0886166013389960 |
(not available) |
| 16 | %Temp%\1.tmp\slerror.xml | 33,019 bytes | MD5: 0xDF1EF05879E06C5F09F3E1022F37B5CB SHA-1: 0x23AAAC40BAEC28397BB59CFA584E165062D18506 |
(not available) |
| 17 |
%Temp%\1.tmp\srvany.exe
|
8,192 bytes | MD5: 0x4635935FC972C582632BF45C26BFCB0E SHA-1: 0x7C5329229042535FE56E74F1F246C6DA8CEA3BE8 |
(not available) |
| 18 |
%Temp%\apm4.tmp
%Temp%\apm9.tmp |
149,504 bytes | MD5: 0x3D4839228C7EE77E28832879EEB17340 SHA-1: 0xEBE4A6388C8C6831837E232B48B8F4266B7F711E |
packed with UPX [Kaspersky Lab] |
| 19 | [file and pathname of the sample #1] | 1,042,432 bytes | MD5: 0xBE7563A984DC5168CE14181B90432859 SHA-1: 0xB98280F7310095DA26DE3E448BEB489998F74C54 |
Adware.Lop [Symantec] Troj/KeygGen-A [Sophos] possible-Threat.HackTool.Office2010 [Ikarus] packed with UPX [Kaspersky Lab] |
 | Memory Modifications |
| Process Name | Process Filename | Main Module Size |
| [filename of the sample #1] | [file and pathname of the sample #1] | 2,588,672 bytes |
| cscript.exe | %Temp%\1.tmp\cscript.exe | 167,936 bytes |
| hidcon.exe | %Temp%\1.tmp\hidcon.exe | 12,288 bytes |
 | Registry Modifications |
 | Other details |
 |
Germany |
 |
Russian Federation |
All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.
The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2013 ThreatExpert. All rights reserved.