Visit ThreatExpert web site |Close Report

Submission Summary:

What's been foundSeverity Level
Produces outbound traffic.
Downloads/requests other files from Internet.
Creates a startup registry entry.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).

 

Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

 

File System Modifications

#Filename(s)File SizeFile Hash
1 %AppData%\PCTuto\PCTuto\autoupdater.exe 663,168 bytes MD5: 0x6D8D4EF5E23EC7A3E739BBD9AE941961
SHA-1: 0x03B39D5E8B77894DD8F7DD620DCD71442594339C
2 %AppData%\PCTuto\PCTuto\help_config.cyp 128 bytes MD5: 0xC04F0940CF62ACF5D30ED48D542EF8D0
SHA-1: 0x75D31086F88B94473D8DF481FDB8F08438F3176A
3 [pathname with a string SHARE]\shared.cyp 32 bytes MD5: 0xB87D61F807A48D4BB8ED92D4A4416130
SHA-1: 0x4DA552EC023211D87869213AA88E3DE4ECAAE9D1
4 %AppData%\PCTuto\PCTuto\Software\itsTV\4.0.0.2532532\frsu.exe 20,480 bytes MD5: 0xB160131F489AF743217C1B89D9176454
SHA-1: 0x0B630B55B8855CE8DABFE22ED34025447C9BB495
5 %AppData%\PCTuto\PCTuto\UpdatePCTuto.exe 769,664 bytes MD5: 0x97547C615C63033190D2C45344824CB4
SHA-1: 0xB09F98BBEBDA3054F9DC7567D35DE6659A5C4950
6 %AppData%\PCTuto\PCTuto\user_config.cyp 300 bytes MD5: 0x94F59E1EC883853DBB080E386FECF905
SHA-1: 0x8C33BFE3920DFF47B414AC6090DFB928624E7057
7 %AppData%\PCTuto\PCTuto\user_profil.cyp 856 bytes MD5: 0xBF4986342FB5D3071BF0C22573CA18CC
SHA-1: 0x9FD2B019610E54314AAA21C79707B4EF29BF786B
8 %AppData%\PCTuto\PCTuto\confmedia.cyp
%ProgramFiles%\PCTuto\confmedia.cyp 		2,712 bytes MD5: 0x60E9F80E46832C92E348637401C04ECA
SHA-1: 0xEBB640B779A5AF293E6FDD7736F89DEF64FAB347
9 %AppData%\PCTuto\PCTuto\EoStats\eoStats.txt
%Temp%\ins2.tmp 		0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
10 %AppData%\PCTuto\PCTuto\pctuto_confMedia.cyp 2,840 bytes MD5: 0x0249B362331B6847F0AE95D095C929CF
SHA-1: 0x11DA8BAEEE7BB51AF41712BB353BFE6B2D7B4953
11 %AppData%\PCTuto\PCTuto\user.cyp 152 bytes MD5: 0x59F53D94D57C9D29D2AEEBC56D7AC17A
SHA-1: 0x16A3A4916066B02DA6F6287958F7DD34FF96C53A
12 %Temp%\dd_vcredistUI1370.txt 1,060 bytes MD5: 0xDAADBF679AC3B3D5294A2E9312BB52EC
SHA-1: 0x31602FD194460475CE5621A7D293B600D68E9F9B
13 %Temp%\VGX10.tmp
%Temp%\VGX26.tmp
%Temp%\VGX38.tmp
%Temp%\VGX4C.tmp 		1,397 bytes MD5: 0xD5417453A79455BFDF96F36C56421493
SHA-1: 0x123D2354237B1CE6A7EABAA8F1D618CBB60B2177
14 %Temp%\VGX11.tmp
%Temp%\VGX27.tmp
%Temp%\VGX3A.tmp
%Temp%\VGX4D.tmp 		1,580 bytes MD5: 0xD5FD53E583FE8AF8AC0982662B06B778
SHA-1: 0xF2D48C3973FA92D3D1DD0C5B944D39489FB1E970
15 %Temp%\VGX12.tmp
%Temp%\VGX28.tmp
%Temp%\VGX39.tmp
%Temp%\VGX4E.tmp 		808 bytes MD5: 0x69DD89C9CEE1BBE7625EFBF970AFB1FB
SHA-1: 0x4854ABCC6294724108F967EA4CC06A4EA92930DA
16 %Temp%\VGX13.tmp
%Temp%\VGX29.tmp
%Temp%\VGX3B.tmp
%Temp%\VGX4F.tmp 		1,309 bytes MD5: 0xE204B4A87C3E5183B87E2FA15C806134
SHA-1: 0xBE0085D131BFB8F3B6630E38F61392AEE656A442
17 %Temp%\VGX14.tmp
%Temp%\VGX2A.tmp
%Temp%\VGX3C.tmp
%Temp%\VGX50.tmp 		1,564 bytes MD5: 0xF6DECF0DC0B523CCE0283C6944468F40
SHA-1: 0xB9854DE8B5F465DD77A41E802606AB9F8C947C47
18 %Temp%\VGX15.tmp
%Temp%\VGX2B.tmp
%Temp%\VGX3D.tmp
%Temp%\VGX51.tmp 		30,563 bytes MD5: 0x04AF930FCF53FD604BD82D7DAF92632C
SHA-1: 0xD8961CE12832F07B68A45C76BC74A7AAE209DA46
19 %Temp%\VGX16.tmp
%Temp%\VGX2D.tmp
%Temp%\VGX3E.tmp
%Temp%\VGX52.tmp 		1,139 bytes MD5: 0x61F76F87E44793F458F0E808BBA888CC
SHA-1: 0x0604128FA553136B298A3CC1F48DC2B2AD3135B1
20 %Temp%\VGX17.tmp
%Temp%\VGX30.tmp 		940 bytes MD5: 0xB39D6C715423DEB2771B447E92C5B9B7
SHA-1: 0x1D16AE9A374EC237710586C9D8E45CEAFC0EC829
21 %Temp%\VGX18.tmp
%Temp%\VGX2E.tmp 		784 bytes MD5: 0xDB8F839760606148983A0A1D0FE8CAB8
SHA-1: 0xE0E2B570F8733F7838F1FB61C8CA95A03E2FD6E4
22 %Temp%\VGX19.tmp
%Temp%\VGX2F.tmp
%Temp%\VGX44.tmp
%Temp%\VGX54.tmp 		878 bytes MD5: 0x3B440280E6FFA4E0ADE4327C129D69C1
SHA-1: 0x350AB826587C58A0B0757F7B8F59B62C997AF119
23 %Temp%\VGX1A.tmp
%Temp%\VGX3.tmp
%Temp%\VGX31.tmp
%Temp%\VGX3F.tmp 		3,095 bytes MD5: 0x162475634E903776F5D2C6A5206C87A7
SHA-1: 0x3FFD931818005F05C8DB257F4860BAD82647855C
24 %Temp%\VGX1B.tmp
%Temp%\VGX32.tmp
%Temp%\VGX4.tmp
%Temp%\VGX40.tmp 		139,684 bytes MD5: 0xA48D8A78B0C784402B4D41BFCD676490
SHA-1: 0x900CE697165239DE9EFF1A330B02F726D7F9DE9D
25 %Temp%\VGX1C.tmp
%Temp%\VGX45.tmp
%Temp%\VGX56.tmp
%Temp%\VGX6.tmp 		7,064 bytes MD5: 0x6827E53FC97CF835598BEFD028EFA6E8
SHA-1: 0x5100F0B948F90E58289972DF3655A7DAA880EC8F
26 %Temp%\VGX1D.tmp
%Temp%\VGX46.tmp
%Temp%\VGX55.tmp
%Temp%\VGX7.tmp 		145 bytes MD5: 0xD72CB7CD89932F369BF2F1719F027F76
SHA-1: 0x12B3EEA9E21109AC96709BC2BDB68AA6D33F7C37
27 %Temp%\VGX1E.tmp
%Temp%\VGX47.tmp
%Temp%\VGX57.tmp
%Temp%\VGX8.tmp 		5,909 bytes MD5: 0x2CBC5FDDDB27E3C58B5B82086642A82D
SHA-1: 0xE22CF4A8A41CC06E43834DF57FC33DB5AAA483F4
28 %Temp%\VGX1F.tmp
%Temp%\VGX48.tmp
%Temp%\VGX58.tmp
%Temp%\VGX9.tmp 		881 bytes MD5: 0x41D3122B90C97EAFCAE7CB7E59807087
SHA-1: 0xF8B077DE2CB1CDFFA40943A1B4065887045A1C57
29 %Temp%\VGX20.tmp
%Temp%\VGX34.tmp
%Temp%\VGX41.tmp
%Temp%\VGXA.tmp 		149 bytes MD5: 0xBCADB97D40BE5EF0A6414BE8C234A762
SHA-1: 0x450C33DF18EF42D70C846F0D51EE194C1CAC73AE
30 %Temp%\VGX21.tmp
%Temp%\VGX49.tmp
%Temp%\VGX59.tmp
%Temp%\VGXB.tmp 		932 bytes MD5: 0xFED44FAFA16B87010530778F083EEB5E
SHA-1: 0x078645C224DE1515FACCC6A7042E4401CFEB4824
31 %Temp%\VGX22.tmp
%Temp%\VGX4A.tmp
%Temp%\VGX5A.tmp
%Temp%\VGXC.tmp 		440 bytes MD5: 0x7986B2CC53D7A14C34CEF8DC862D7D57
SHA-1: 0x476203BABD713BF12416B39B85F4CBFA36BF6AEF
32 %Temp%\VGX23.tmp
%Temp%\VGX35.tmp
%Temp%\VGX42.tmp
%Temp%\VGXD.tmp 		941 bytes MD5: 0xA95844D407F72EE255EF90BE12F04DEC
SHA-1: 0x16F87C9B902E25453A060219BE6C18083879C631
33 %Temp%\VGX24.tmp
%Temp%\VGX36.tmp
%Temp%\VGX43.tmp
%Temp%\VGXE.tmp 		1,101 bytes MD5: 0x807EC04AF390D9B802F2A60747437202
SHA-1: 0xEEFBB2AFD35D273AFA1D1442DE6036851B36718C
34 %Temp%\VGX25.tmp
%Temp%\VGX37.tmp
%Temp%\VGX4B.tmp
%Temp%\VGXF.tmp 		861 bytes MD5: 0x1A9D5979BF02D9495DAF44D5F062F2CC
SHA-1: 0xBD88552D251A08AF667F309353B9088B11D43D5A
35 %Temp%\VGX2C.tmp
%Temp%\VGX33.tmp
%Temp%\VGX5.tmp
%Temp%\VGX53.tmp 		193,549 bytes MD5: 0x781C5A97E3C9CF12884A59E491CA7489
SHA-1: 0x1A80B4ED15BE92238F36C4D3452CC8013FFC5468
36 %ProgramFiles%\PCTuto\pctuto.exe 982,656 bytes MD5: 0xE89AF3748774C10C12264E57AB3BAF4B
SHA-1: 0xB625491CCEC649A4D6CFA4AB62409A69616E564F
37 %ProgramFiles%\PCTuto\pctutoBHO.dll 228,992 bytes MD5: 0x110DFB1DFA4280E689B2486241EB918E
SHA-1: 0x901AAD7E27E150D162F3B134FEAC8688558682BF
38 %ProgramFiles%\PCTuto\unins000.dat 6,488 bytes MD5: 0x2CB4146FBDCA6433097E6F302CF75670
SHA-1: 0x7040D0898057F60AE39DFC15D0EFFF546F5F16C0
39 %ProgramFiles%\PCTuto\unins000.exe 1,180,625 bytes MD5: 0xB2676D3DE7AFE48FC95B694D35C2F69D
SHA-1: 0x4BA20C56A7E11320BDE395A50B69CC7CD064C843
40 [file and pathname of the sample #1] 3,649,080 bytes MD5: 0xBF5007B61A803390EF0A02E5B8074E23
SHA-1: 0xDFC199FFF877AEFC167E9790D341A87EABBE8E8D

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1 without extension].tmp%Temp%\is-F1HCM.tmp\[filename of the sample #1 without extension].tmp1,269,760 bytes

 

Registry Modifications

 

Other details

France
Netherlands

Remote HostPort Number
188.165.192.21180
188.165.32.9280
188.165.33.680
195.60.188.3080
195.60.188.3580
195.60.188.4480
204.0.5.4080
204.0.5.4380
66.220.149.3280
74.125.67.13980

 

Outbound traffic (potentially malicious)

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2013 ThreatExpert. All rights reserved.