Submission Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).
Contains characteristics of an identified security risk.

 

Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

 

Possible Security Risk

Threat CategoryDescription
A potentially unwanted adware program designed to deliver various advertisements to the users' systems

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %AppData%\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome\pstextlinks.jar 5,046 bytes MD5: 0xD634833584C643B4C316A786B3A2371E
SHA-1: 0x7F318913309F3F273FD54E72005C63E0E846A204
(not available)
2 %AppData%\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome.manifest 469 bytes MD5: 0xA2AEBA3C4568B49E40497E2D4E4AE968
SHA-1: 0xEDE46E071BEEA3BCD9FA37D76D88F1DCE3E7C5E6
(not available)
3 %AppData%\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.dll 196,608 bytes MD5: 0x88F28573EF3F089BC734AC562502F269
SHA-1: 0x18764F7C4548F2F662EFE8EE097C98A53F0DD081
(not available)
4 %AppData%\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.xpt 177 bytes MD5: 0xA88796891BEEA6BC1B5A257C0018EAE4
SHA-1: 0xDFA6444D2ED75D07CCEC7A9DC1EC3A39CC0F0F14
(not available)
5 %AppData%\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\install.rdf 1,338 bytes MD5: 0x9F1F0B8813B7113F9DAA164660B25127
SHA-1: 0xE7D3B93CD3F3E21CFC8907E8840A797D82754AE7
(not available)
6 %ProgramFiles%\PlaySushi\icon.ico 17,542 bytes MD5: 0x94137A92F26381233A4903A2FFB32F16
SHA-1: 0x5998A68D1BD0C19681F659A04350CF2608F1FB1E
(not available)
7 %ProgramFiles%\PlaySushi\PSText.dll 343,552 bytes MD5: 0x586915B1DB918D40A3D81627B0E6F10E
SHA-1: 0xB0EF369D8C41C4EF4567509A85B95F05DE5C78FA
not-a-virus:AdWare.Win32.Sushi.fg [Kaspersky Lab]
Adware:Win32/GameVance [Microsoft]
8 %ProgramFiles%\PlaySushi\psuninst.exe 188,928 bytes MD5: 0x8C5D67E65CCF6F84A159F07271C77A2F
SHA-1: 0x0A14394E36965FF03C519CEC9790D8157B6FD373
Adware:Win32/GameVance [Microsoft]
9 [file and pathname of the sample #1] 1,214,856 bytes MD5: 0xC0D1664E07B5FC30B477345722F32829
SHA-1: 0x68704BC60DE948D10B53B7A04D1CEA0B9C60E5D8
not-a-virus:AdWare.Win32.Sushi.au [Kaspersky Lab]
Adware:Win32/GameVance [Microsoft]

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]1,232,896 bytes

 

Registry Modifications

 

Other details

Remote HostPort Number
184.30.12.2080
204.0.5.2480
204.0.5.2780
204.0.5.4880
204.0.5.5180
217.212.240.18580
217.212.244.23180
23.0.144.8080
38.100.141.20280
64.236.79.22980

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.