ThreatExpert Report: not-a-virus:AdWare.Win32.Sushi.au, Adware:Win32/GameVance..

Visit ThreatExpert web site

Close Report

Submission Summary:

Submission details:

Submission received: 3 December 2011, 09:50:34
Processing time: 8 min 28 sec
Submitted sample:

File MD5: 0xC0D1664E07B5FC30B477345722F32829
File SHA-1: 0x68704BC60DE948D10B53B7A04D1CEA0B9C60E5D8
Filesize: 1,214,856 bytes
Alias:

not-a-virus:AdWare.Win32.Sushi.au [Kaspersky Lab]
Adware:Win32/GameVance [Microsoft]

Summary of the findings:

What's been found	Severity Level
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).
Contains characteristics of an identified security risk.

Technical Details:

The new window was created, as shown below:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

Possible Security Risk

Attention! The following threat category was identified:

Threat Category	Description
	A potentially unwanted adware program designed to deliver various advertisements to the users' systems

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%AppData%\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome\pstextlinks.jar	5,046 bytes	MD5: 0xD634833584C643B4C316A786B3A2371E SHA-1: 0x7F318913309F3F273FD54E72005C63E0E846A204	(not available)
2	%AppData%\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome.manifest	469 bytes	MD5: 0xA2AEBA3C4568B49E40497E2D4E4AE968 SHA-1: 0xEDE46E071BEEA3BCD9FA37D76D88F1DCE3E7C5E6	(not available)
3	%AppData%\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.dll	196,608 bytes	MD5: 0x88F28573EF3F089BC734AC562502F269 SHA-1: 0x18764F7C4548F2F662EFE8EE097C98A53F0DD081	(not available)
4	%AppData%\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.xpt	177 bytes	MD5: 0xA88796891BEEA6BC1B5A257C0018EAE4 SHA-1: 0xDFA6444D2ED75D07CCEC7A9DC1EC3A39CC0F0F14	(not available)
5	%AppData%\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\install.rdf	1,338 bytes	MD5: 0x9F1F0B8813B7113F9DAA164660B25127 SHA-1: 0xE7D3B93CD3F3E21CFC8907E8840A797D82754AE7	(not available)
6	%ProgramFiles%\PlaySushi\icon.ico	17,542 bytes	MD5: 0x94137A92F26381233A4903A2FFB32F16 SHA-1: 0x5998A68D1BD0C19681F659A04350CF2608F1FB1E	(not available)
7	%ProgramFiles%\PlaySushi\PSText.dll	343,552 bytes	MD5: 0x586915B1DB918D40A3D81627B0E6F10E SHA-1: 0xB0EF369D8C41C4EF4567509A85B95F05DE5C78FA	not-a-virus:AdWare.Win32.Sushi.fg [Kaspersky Lab] Adware:Win32/GameVance [Microsoft]
8	%ProgramFiles%\PlaySushi\psuninst.exe	188,928 bytes	MD5: 0x8C5D67E65CCF6F84A159F07271C77A2F SHA-1: 0x0A14394E36965FF03C519CEC9790D8157B6FD373	Adware:Win32/GameVance [Microsoft]
9	[file and pathname of the sample #1]	1,214,856 bytes	MD5: 0xC0D1664E07B5FC30B477345722F32829 SHA-1: 0x68704BC60DE948D10B53B7A04D1CEA0B9C60E5D8	not-a-virus:AdWare.Win32.Sushi.au [Kaspersky Lab] Adware:Win32/GameVance [Microsoft]

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.

The following directories were created:

%AppData%\Mozilla
%AppData%\Mozilla\Extensions
%AppData%\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
%AppData%\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com
%AppData%\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome
%AppData%\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components
%ProgramFiles%\PlaySushi

Memory Modifications

There was a new process created in the system:

Process Name	Process Filename	Main Module Size
[filename of the sample #1]	[file and pathname of the sample #1]	1,232,896 bytes

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\PSText.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{E89A07B5-BD7A-43F9-BDA4-0DAA48AC4FA5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21608B66-026F-4DCB-9244-0DACA328DCED}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21608B66-026F-4DCB-9244-0DACA328DCED}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21608B66-026F-4DCB-9244-0DACA328DCED}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21608B66-026F-4DCB-9244-0DACA328DCED}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21608B66-026F-4DCB-9244-0DACA328DCED}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21608B66-026F-4DCB-9244-0DACA328DCED}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{45A8F904-D9CA-439B-9CBB-11097B45D9E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{45A8F904-D9CA-439B-9CBB-11097B45D9E1}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{45A8F904-D9CA-439B-9CBB-11097B45D9E1}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{45A8F904-D9CA-439B-9CBB-11097B45D9E1}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5272CCD4-4199-4B04-BF68-B28A0DCF0151}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5272CCD4-4199-4B04-BF68-B28A0DCF0151}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5272CCD4-4199-4B04-BF68-B28A0DCF0151}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5272CCD4-4199-4B04-BF68-B28A0DCF0151}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F165085B-6B85-4AD5-AD00-95552A823F6D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F165085B-6B85-4AD5-AD00-95552A823F6D}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F165085B-6B85-4AD5-AD00-95552A823F6D}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F165085B-6B85-4AD5-AD00-95552A823F6D}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{975BBCC0-19DF-47C2-9AE2-D78EEFA96821}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{975BBCC0-19DF-47C2-9AE2-D78EEFA96821}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{975BBCC0-19DF-47C2-9AE2-D78EEFA96821}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{975BBCC0-19DF-47C2-9AE2-D78EEFA96821}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{975BBCC0-19DF-47C2-9AE2-D78EEFA96821}\1.0\FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{975BBCC0-19DF-47C2-9AE2-D78EEFA96821}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PlaySushi32.PlaySushi
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PlaySushi32.PlaySushi\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PlaySushi32.PlaySushi\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PlaySushi32.PlaySushi.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PlaySushi32.PlaySushi.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PSText.IEButton
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PSText.IEButton\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PSText.IEButton\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PSText.IEButton.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PSText.IEButton.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21608B66-026F-4DCB-9244-0DACA328DCED}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Playsushi
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
HKEY_CURRENT_USER\Software\AppDataLow
HKEY_CURRENT_USER\Software\AppDataLow\PlaySushi

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\PSText.DLL]

AppID = "{E89A07B5-BD7A-43F9-BDA4-0DAA48AC4FA5}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{E89A07B5-BD7A-43F9-BDA4-0DAA48AC4FA5}]

(Default) = "PlaySushi32"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21608B66-026F-4DCB-9244-0DACA328DCED}\VersionIndependentProgID]

(Default) = "PlaySushi32.PlaySushi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21608B66-026F-4DCB-9244-0DACA328DCED}\TypeLib]

(Default) = "{975BBCC0-19DF-47C2-9AE2-D78EEFA96821}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21608B66-026F-4DCB-9244-0DACA328DCED}\ProgID]

(Default) = "PlaySushi32.PlaySushi.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21608B66-026F-4DCB-9244-0DACA328DCED}\InprocServer32]

(Default) = "%ProgramFiles%\PlaySushi\PSText.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21608B66-026F-4DCB-9244-0DACA328DCED}]

(Default) = "PlaySushi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}\VersionIndependentProgID]

(Default) = "PSText.IEButton"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}\TypeLib]

(Default) = "{975BBCC0-19DF-47C2-9AE2-D78EEFA96821}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}\ProgID]

(Default) = "PSText.IEButton.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}\InprocServer32]

(Default) = "%ProgramFiles%\PlaySushi\PSText.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}]

(Default) = "GoClient"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{45A8F904-D9CA-439B-9CBB-11097B45D9E1}\TypeLib]

(Default) = "{975BBCC0-19DF-47C2-9AE2-D78EEFA96821}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{45A8F904-D9CA-439B-9CBB-11097B45D9E1}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{45A8F904-D9CA-439B-9CBB-11097B45D9E1}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{45A8F904-D9CA-439B-9CBB-11097B45D9E1}]

(Default) = "IIEButton"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5272CCD4-4199-4B04-BF68-B28A0DCF0151}\TypeLib]

(Default) = "{975BBCC0-19DF-47C2-9AE2-D78EEFA96821}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5272CCD4-4199-4B04-BF68-B28A0DCF0151}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5272CCD4-4199-4B04-BF68-B28A0DCF0151}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5272CCD4-4199-4B04-BF68-B28A0DCF0151}]

(Default) = "IPlugin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F165085B-6B85-4AD5-AD00-95552A823F6D}\TypeLib]

(Default) = "{975BBCC0-19DF-47C2-9AE2-D78EEFA96821}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F165085B-6B85-4AD5-AD00-95552A823F6D}\ProxyStubClsid32]

(Default) = "{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F165085B-6B85-4AD5-AD00-95552A823F6D}\ProxyStubClsid]

(Default) = "{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F165085B-6B85-4AD5-AD00-95552A823F6D}]

(Default) = "_IPluginEvents"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{975BBCC0-19DF-47C2-9AE2-D78EEFA96821}\1.0\0\win32]

(Default) = "%ProgramFiles%\PlaySushi\PSText.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{975BBCC0-19DF-47C2-9AE2-D78EEFA96821}\1.0\HELPDIR]

(Default) = "%ProgramFiles%\PlaySushi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{975BBCC0-19DF-47C2-9AE2-D78EEFA96821}\1.0\FLAGS]

(Default) = "0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{975BBCC0-19DF-47C2-9AE2-D78EEFA96821}\1.0]

(Default) = "PlaySushi32 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PlaySushi32.PlaySushi\CurVer]

(Default) = "PlaySushi32.PlaySushi.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PlaySushi32.PlaySushi\CLSID]

(Default) = "{21608B66-026F-4DCB-9244-0DACA328DCED}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PlaySushi32.PlaySushi]

(Default) = "PlaySushi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PlaySushi32.PlaySushi.1\CLSID]

(Default) = "{21608B66-026F-4DCB-9244-0DACA328DCED}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PlaySushi32.PlaySushi.1]

(Default) = "PlaySushi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PSText.IEButton\CurVer]

(Default) = "PSText.IEButton.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PSText.IEButton\CLSID]

(Default) = "{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PSText.IEButton]

(Default) = "IEButton Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PSText.IEButton.1\CLSID]

(Default) = "{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PSText.IEButton.1]

(Default) = "IEButton Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21608B66-026F-4DCB-9244-0DACA328DCED}]

(Default) = "PlaySushi"
NoExplorer = 0x00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Playsushi]

DisplayName = "PlaySushi"
DisplayIcon = "%ProgramFiles%\PlaySushi\psuninst.exe"
Publisher = "www.playsushi.com"
NoRepair = 0x00000001
NoModify = 0x00000001
UninstallString = "%ProgramFiles%\PlaySushi\psuninst.exe"
RecordedProfilePath = "S-1-5-21-606747145-764733703-839522115-1003"

[HKEY_CURRENT_USER\Software\AppDataLow\PlaySushi]

autoupd = 0x00000001
snoozetime = 7A 61 DA 4E 00 00 00 00
updatcncl = 0x00000000
updtcnt = 0x00000000
updtfailed = 0x00000000
uid = "f90a44c5-5433-4fcd-98cf-9f603e63b897"
locid = 0x00030D46
ticket = "MK0B48TSETEERFjkfhhG"
cid = 0x0588BDFB
ct = BD 61 DA 4E 00 00 00 00
ci = 0x00000E10
sc1u = "http://tt.playsushi.com/cmn?p=YTE5MDk5OTY5MTUHOLnvjropZlevXltI%2Bj%2FWcRhHnSnSd9atvKsxUz%2BOgRRehUPHGfina79DzooMXHw1DZ29O7CdkTyjYLEX3ckb5s3CJ8hFJfEl8VLiPWXsx2eSSAKxh10eXXeWhGR9FqJ3l1YC6YL6k0aIIxgGKmeGXVLp106GyxIvU%2FO%2Bs6mGkA%3D%3D"
d = 0x00000000
esint = 0x00000032
domfqc = 0x00000032
domfqt = 0x00000258
maxd = 0x000003E8
scr1 = 2F 2A 2A 53 4F 46 2A 2A 2F 0D 0A 0D 0A 69 66 20 28 74 79 70 65 6F 66 20 50 53 48 65 6C 70 65 72 20 21 3D 20 22 6F 62 6A 65 63 74 22 29 0D 0A 20 20 20 50 53 48 65 6C 70 65 72 20 3D 20 6E 65 77 20 4F 62 6A 65 63 74 28 29 3B 0D 0A 0D 0A 69 66 28 64 6F 6
had = 0D 0A 3C 61 6C 6C 6F 77 65 64 5F 64 6F 6D 61 69 6E 73 3E 0D 0A 09 3C 61 6C 6C 6F 77 65 64 5F 64 6F 6D 61 69 6E 3E 67 61 6D 65 76 61 6E 63 65 2E 63 6F 6D 3C 2F 61 6C 6C 6F 77 65 64 5F 64 6F 6D 61 69 6E 3E 0D 0A 09 3C 61 6C 6C 6F 77 65 64 5F 64 6F 6D 6
eu = 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 2E 30 22 3F 3E 3C 72 65 73 70 6F 6E 73 65 3E 3C 63 6F 6E 66 69 67 3E 3C 63 69 6E 74 65 72 76 61 6C 3E 33 36 30 30 3C 2F 63 69 6E 74 65 72 76 61 6C 3E 3C 70 73 69 64 3E 39 32 38 34 37 36 31 31 3C 2F 70 7
eus = 0x000000D0

Other details

There were registered attempts to establish connection with the remote hosts. The connection details are:

Remote Host	Port Number
184.30.12.20	80
204.0.5.24	80
204.0.5.27	80
204.0.5.48	80
204.0.5.51	80
217.212.240.185	80
217.212.244.231	80
23.0.144.80	80
38.100.141.202	80
64.236.79.229	80

The data identified by the following URLs was then requested from the remote web server:

http://s7.addthis.com/static/r07/sh69.html
http://s7.addthis.com/static/btn/v2/lg-bookmark-en.gif
http://s7.addthis.com/js/250/addthis_widget.js
http://s7.addthis.com/static/r07/widget71.css
http://cdn1.bnmla.com/swfobject.js
http://c7.zedo.com/bar/v16-508/c5/jsc/fm.js?c=1220&a=0&f=&n=510&r=29&d=14&q=&$=&pn=0&6=0&pa=0&pc=0&pr=0&s=94&z=0.10567989691968726
http://c7.zedo.com/bar/v16-508/c5/jsc/fmr.js?c=1220&a=0&f=&n=510&r=29&d=14&q=&$=&pn=0&6=0&pa=0&pc=0&pr=0&s=94&z=0.10567989691968726
http://c7.zedo.com/img/c5/x.gif?x=29&z=0.8822634725225484
http://c7.zedo.com/bar/v16-508/c5/jsc/fm.js?c=1221&a=0&f=&n=510&r=29&d=9&q=&$=&pn=0&6=0&pa=0&pc=0&pr=0&s=94&z=0.27460619009681364
http://c7.zedo.com/bar/v16-508/c5/jsc/fm.js?c=1222&a=0&f=&n=510&r=29&d=9&q=&$=&pn=0&6=0&pa=0&pc=0&pr=0&s=94&z=0.3982385265503933
http://b.scorecardresearch.com/beacon.js?c1=8&c2=7405591&c3=&c4=&c5=&c6=&1c10=
http://b.scorecardresearch.com/b?c1=8&c2=7405591&rn=0.09579155662362765&c7=http%3A%2F%2Fad.bnmla.com%2Fserve%3Fpid%3D7%26zid%3D1774%26if%3D1%26cb%3D805290791%26click%3D&c3=&c4=&c5=&c6=&c10=&c15=&c16=&c8=&c9=http%3A%2F%2Fwww.playsushi.com%2F&cv=1.8
http://b.scorecardresearch.com/b2?c1=8&c2=7405591&rn=0.09579155662362765&c7=http%3A%2F%2Fad.bnmla.com%2Fserve%3Fpid%3D7%26zid%3D1774%26if%3D1%26cb%3D805290791%26click%3D&c3=&c4=&c5=&c6=&c10=&c15=&c16=&c8=&c9=http%3A%2F%2Fwww.playsushi.com%2F&cv=1.8
http://c5.zedo.com/jsc/c5/fo.js
http://hstus.tradedoubler.com/file/66565/362x90/362x90_flaba_jwl_cpm_US_15s_nogd.swf?clickTAG=http%3A%2F%2Fclk.tradedoubler.com%2Fclick%3Fp%3D194424%26a%3D1836245%26g%3D19749608%26pools%3D429685%26url%3Dhttp%3A//www.gameduell.com/gd/k19m.do%3Ffrom%3D.gmvt10-0362x0090mfl_jwl_us
http://hstus.tradedoubler.com/file/66565/362x90/sol/362x90_flaba_sol_cpm_US_15s_soh.swf?clickTAG=http%3A%2F%2Fclk.tradedoubler.com%2Fclick%3Fp%3D194424%26a%3D1836245%26g%3D19749608%26pools%3D429685%26url%3Dhttp%3A//www.gameduell.com/gd/k19m.do%3Ffrom%3D.gmvt10-0362x0090mfl_sol_us
http://impus.tradedoubler.com/imp?type(iframe)a(1836245)pool(429685)?760923569
http://images.scanalert.com/meter/www.playsushi.com/32.gif
http://player.grabnetworks.com/swf/GrabOSMFPlayer.swf?id=1724844
http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=futureads_cs=1&betq=12054=428170
http://edge.quantserve.com/quant.js
http://ads.bluelithium.com/pixel?id=979863&t=2
http://ad.bnmla.com/serve?pid=7&zid=1774&if=1&cb=805290791&click=
http://ad.bnmla.com/serve?tp=1&pid=7&zid=1774&aid=46231&cid=3028&opt_params=(null)
http://tt.playsushi.com/cmn?p=YTE5MDk5OTY5MTUHOLnvjropZlevXltI%2Bj%2FWcRhHnSnSd9atvKsxUz%2BOgRRehUPHGfina79DzooMXHw1DZ29O7CdkTyjYLEX3ckb5s3CJ8hFJfEl8VLiPWXsx2eSSAKxh10eXXeWhGR9FqJ3l1YC6YL6k0aIIxgGKmeGXVLp106GyxIvU%2FO%2Bs6mGkA%3D%3D
http://up.playsushi.com/psconf.php?qs=cHNpZDowfHVpZDpmOTBhNDRjNS01NDMzLTRmY2QtOThjZi05ZjYwM2U2M2I4OTd8bG9jOjIwMDAwNnxzdGpzOjB8ZnZlcjpTaG9ja3dhdmVGbGFzaC5TaG9ja3dhdmVGbGFzaC4xfHRpZDpNSzBCNDhUU0VURUVSRmprZmhoR3xldXM6MHx1cGk6MHx1cHM6MHxhdmRldDowMDAwMDAwMA%3D%3D
http://data.resultlinks.com/javascript/loader_custom.php?gid=10242
http://data.resultlinks.com/javascript/loader.php?gid=10242
http://playsushi.com/index.php?page=client.ThankYouSlider
http://playsushi.com/index.php?page=client.ThankYouSlider&msg=loaded
http://www.playsushi.com/aj/inst.php?p=sbOzs7O1%2F87Is8G3u9fQxtfGxtHF6ejl6%2BvE%2F7uwt7DHxsK3tbG2urfBs%2F%2Bj%2F7Ozs7Ozs7Oz%2F8zI%2F8zI
http://www.playsushi.com/aj/ty.php?p=sbOzs7O1%2F87Is8G3u9fQxtfGxtHF6ejl6%2BvE%2F7uwt7DHxsK3tbG2urfBs%2F%2Bj%2F7Ozs7Ozs7Oz%2F8zI%2F8zI
http://www.playsushi.com/
http://www.playsushi.com/assets/61b7a49/clientscripts.php?js=prado,effects,ajax
http://ad.trafficmp.com/a/bpix?adv=1717&id=2&format=javascript&r=
http://web1.plscdn.com//packed/fa913bc5014fea4566d1ad209855a54e-ebeef7d482989cddcfeafe5f7fbabed8.css
http://web1.plscdn.com//packed/30664a9466dd100c6d60ed5b58679294-d33e531a89c056a8411d1fe4f910666f.js
http://web1.plscdn.com//packed/2118a7b89da3ec9abdecde9aea426767-42ec17fe7604c634ba595f4ffa2350a9.css
http://web1.plscdn.com//packed/ba4a79a19bc9b8b7c77765a22a5c37be-55e446e04d56c09f33c7bdb40c9330fc.js
http://web1.plscdn.com//images/bg1.gif
http://web1.plscdn.com//images/go.gif
http://web1.plscdn.com//images/nav_bg.gif
http://web10.plscdn.com/images/malisha.gif
http://web10.plscdn.com/images/banner_left.gif
http://web1.plscdn.com//images/AD.png
http://web2.plscdn.com/files/0/4/076/thumb/0000004076
http://web1.plscdn.com//images/simple_bg.png
http://web1.plscdn.com//images/banner_top_bg.gif
http://web1.plscdn.com//packed/d517d762d9370bf72a7efaffe702880f-d81e9e2680a8645b59589f1983ac97d3.css
http://web1.plscdn.com//images/logo_anim.gif
http://web1.plscdn.com//packed/f0f396e83521f2191fd9d0e8e1307680-8bace5b18914a6f57b0871cb83a18956.js
http://web1.plscdn.com//images/client.jpg
http://web1.plscdn.com//images/update_ok.png
http://web10.plscdn.com/images/noticeBtm1.gif
http://web10.plscdn.com/images/noticeTop.gif

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.