Submission Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).
Contains characteristics of an identified security risk.

 

Technical Details:

 

Possible Security Risk

Threat CategoryDescription
A potentially unwanted adware program designed to deliver various advertisements to the users' systems
A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %ProgramFiles%\Power Search Tool\alert_plugin.dll 163,840 bytes MD5: 0x158C277933F08F600C946C45A7AC681C
SHA-1: 0x2A93F38EB6B65350B013E54D946B2025E177A8AE
(not available)
2 %ProgramFiles%\Power Search Tool\basis.xml 107,399 bytes MD5: 0xCB030172B4FC382CFB070753613F819F
SHA-1: 0x82302BFC523BF87F5F48FC9A603C4F4AF5041ECB
(not available)
3 %ProgramFiles%\Power Search Tool\ebay.bmp 2,096 bytes MD5: 0xD406D427E9F2DCBF63587F08AD74D3F5
SHA-1: 0x264742566D772574C125BF24F323C91846E05BE2
(not available)
4 %ProgramFiles%\Power Search Tool\icons.bmp 97,590 bytes MD5: 0x88DC8A9A7B09D586C28BC2206DF66C76
SHA-1: 0x78FBDA4840D7DFF914ABCC05B9A080C7F254220B
(not available)
5 %ProgramFiles%\Power Search Tool\logo-4.bmp 3,324 bytes MD5: 0x5F1B51C7A3AD7F1B3250A3D703C9FA6A
SHA-1: 0x54AF0A860FFA4820641474A8F0BFC9E83E607C74
(not available)
6 %ProgramFiles%\Power Search Tool\mbback.bmp 2,398 bytes MD5: 0x553E309D528593633FE2DA8341FBE16F
SHA-1: 0xBA76B1F242CF8AEE292CB3E4B6A6C38C966AA65E
(not available)
7 %ProgramFiles%\Power Search Tool\mbbigopen.bmp 4,014 bytes MD5: 0x75DDE9037D8184B97B003CA689E0CA88
SHA-1: 0x7E2A0696498B79D4621B1154C2B57449D9BC5F9E
(not available)
8 %ProgramFiles%\Power Search Tool\mbclose.bmp 3,294 bytes MD5: 0x677B91E52A88C3A5BAC734B22D8831B0
SHA-1: 0x6FFFBC494C8D7C5A65E9925486EEA7E94DB37EA0
(not available)
9 %ProgramFiles%\Power Search Tool\mbfwd.bmp 2,398 bytes MD5: 0x20F115D3560D5F05AB901C5229BF0339
SHA-1: 0x7BDF6E770E78BD653CB3CA4FCC1696640110E762
(not available)
10 %ProgramFiles%\Power Search Tool\mbsep.bmp 414 bytes MD5: 0x54B0E04BDD8E228519F458C81F70B43D
SHA-1: 0xF2A9C26F299A1D610A46FC111291B17B83484819
(not available)
11 %ProgramFiles%\Power Search Tool\nav1c.bmp 894 bytes MD5: 0x5D003713F982D1B287EB40EDE3DF9DD5
SHA-1: 0x41F4E85C3348EF5CA46C3E6D21EF3E520D2D2B32
(not available)
12 %ProgramFiles%\Power Search Tool\options.html 5,974 bytes MD5: 0x8392FE54A2718D8E2D22BD6F984A9132
SHA-1: 0x391D8600E328A1308C2110CBFCC833C6B29B8748
(not available)
13 %ProgramFiles%\Power Search Tool\PowerSearchTool4_0.crc 220 bytes MD5: 0xE65BBA6200C5B1BEEC350845B5D4A81B
SHA-1: 0x8B5EEC102D442DA904CB932296354FCE5607DA27
(not available)
14 %ProgramFiles%\Power Search Tool\PowerSearchTool4_0.dll 868,424 bytes MD5: 0xE3B45272494D6811B6D14FAE053977AD
SHA-1: 0x29C5603801FEA93E787FE4A486B9E9709888C3BA
Adware.Mostofate!ct [PCTools]
Trojan.ADH.2 [Symantec]
not-a-virus:AdWare.Win32.Mostofate.bn [Kaspersky Lab]
not-a-virus:AdWare.Win32.Mostofate [Ikarus]
Win-Trojan/Mostofate.868424 [AhnLab]
15 %ProgramFiles%\Power Search Tool\version.txt 51 bytes MD5: 0x7EED939D83042AB4C263FB2777F34B46
SHA-1: 0xCEA784850F85AE429B08FF31F8C9F37F59DFF705
(not available)
16 [file and pathname of the sample #1] 477,260 bytes MD5: 0xCA850C66B61FBB1B2BC5386CBD688E16
SHA-1: 0xEC3B5CD5CDF4B30CA21729DE33DAF234C3128B00
Adware.Mostofate!ct [PCTools]
Trojan.ADH.2 [Symantec]
not-a-virus:AdWare.Win32.Mostofate.bn [Kaspersky Lab]
Generic PUP.z [McAfee]
not-a-virus:AdWare.Win32.Mostofate [Ikarus]

 

Registry Modifications

 

Other details

Russian Federation

Remote HostPort Number
74.125.47.15580
74.125.47.16580
74.208.31.22980

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.