Submission Summary:

What's been foundSeverity Level
Capability to send out email message(s) with the built-in SMTP client engine.
Downloads/requests other files from Internet.
Creates a startup registry entry.

 

Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

 

File System Modifications

#Filename(s)File SizeFile Hash
1 %AppData%\Microsoft\Installer\{95431C66-CF9A-4913-BFFF-6050785AFB65}\IconD7F16134.exe
%AppData%\Microsoft\Installer\{95431C66-CF9A-4913-BFFF-6050785AFB65}\IconF7A21AF7.exe
110,080 bytes MD5: 0x36B98B8197E1BE8E7382D29C1A3628AA
SHA-1: 0x90E3B7412AE40F102D2F99FAAE950FABE4426F8D
2 %DesktopDir%\SpyHunter.lnk 1,979 bytes MD5: 0x9C9F083C7970B2398503B114553BDAAC
SHA-1: 0xD807AAF2162173046086750A93CB94746653F302
3 %Temp%\1bdbd.msi
%Temp%\3472c.msi
%ProgramFiles%\Common Files\Wise Installation Wizard\WIS95431C66CF9A4913BFFF6050785AFB65_4_2_24_3011.MSI
0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
4 %Temp%\SHSetup.exe 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
5 %Programs%\SpyHunter\SpyHunter.lnk 1,991 bytes MD5: 0x761A10462ACE8FB5030CC05E372566C9
SHA-1: 0x6B3B69916A30B789FF1C87B8A02C5FF46FCEF1D6
6 %Programs%\SpyHunter\Uninstall SpyHunter.lnk 727 bytes MD5: 0x81CB52A40AA988C75565706143552039
SHA-1: 0xE57DE68370B8C27C6ED190AD7E0C989F00833B7C
7 %ProgramFiles%\Enigma Software Group\SpyHunter\Common.dll 392,192 bytes MD5: 0xC198582633CE0A8D49B8D27C9090C55E
SHA-1: 0xEAB384E4070F9EC9E3F100BAA3F34A6935AF4173
8 %ProgramFiles%\Enigma Software Group\SpyHunter\Danish.lng 42,624 bytes MD5: 0xA96D2D7AE2C60CC388ADC1F8333C3C79
SHA-1: 0xF6817CAB557B916E7853A98ABEFCC02E125EDC97
9 %ProgramFiles%\Enigma Software Group\SpyHunter\Data\dns.dat 352 bytes MD5: 0xB16A1515035F78771DC6DC88F10F432C
SHA-1: 0xEFF72F8B9B78168110AED5CEE36C19471A8DE88A
10 %ProgramFiles%\Enigma Software Group\SpyHunter\Defman.dll 690,688 bytes MD5: 0x7D54CC534813902297D0C9CE8BBFAE10
SHA-1: 0xC3493CA033826A12BA3529677222986E2C462FFE
11 %ProgramFiles%\Enigma Software Group\SpyHunter\Defs\def.dat 3,645,456 bytes MD5: 0x113F36B7CF78A0F4035222100DCC53B3
SHA-1: 0x56F3FD0060BE1906453C23E8A5EB86BB259BB8AD
12 %ProgramFiles%\Enigma Software Group\SpyHunter\Dutch.lng 43,680 bytes MD5: 0x0AE38D61244676461CEA49B26C790F07
SHA-1: 0x8FC8ABD42917AD579F7EFE0F8312669071616E6D
13 %ProgramFiles%\Enigma Software Group\SpyHunter\English.lng 42,144 bytes MD5: 0x1A0719B98C3FD97ED9A8411953D36B2B
SHA-1: 0x6DB395247DF3ACD4BDAA7935841C778EFDE21605
14 %ProgramFiles%\Enigma Software Group\SpyHunter\esgiguard.sys 5,248 bytes MD5: 0x051A2E2A75ADB6D1C5C27E940FDABCBA
SHA-1: 0x8E61CC8DD9E83EA94599D29547FE78515C19DA0D
15 %ProgramFiles%\Enigma Software Group\SpyHunter\ESGRKCHK.exe 364,376 bytes MD5: 0x9E9CE9E80D0A342CAD54B72DEE3B8F34
SHA-1: 0xC7ADCAF51C5E907A4426BA09BADD4BB04EF7A10B
16 %ProgramFiles%\Enigma Software Group\SpyHunter\ExecutionGuard.dll 398,848 bytes MD5: 0x05EE67BE9C3383B53F3BF0AC45B47FD6
SHA-1: 0xFA5BEF1DD2C1D3FB7BEE3A4CC733983C372EB150
17 %ProgramFiles%\Enigma Software Group\SpyHunter\French.lng 47,296 bytes MD5: 0x4CCCBC6A0F43D3F5D493F0BE25AAE188
SHA-1: 0x67281346A4AF8CA6E3F893AB3C8E1C306B4E758E
18 %ProgramFiles%\Enigma Software Group\SpyHunter\German.lng 45,152 bytes MD5: 0xB8BBCC4E60EFCDD47B9DB02811786575
SHA-1: 0x1B5CEE193BE0FEADC0D6FD3638F252F8F4AA65BB
19 %ProgramFiles%\Enigma Software Group\SpyHunter\Italian.lng 44,800 bytes MD5: 0x49C2B9A35BE3F164AA866E263F249D6E
SHA-1: 0xF55005D3EDE1E7B92D6E226AFF61860E7ABF9C5A
20 %ProgramFiles%\Enigma Software Group\SpyHunter\license.txt 34,401 bytes MD5: 0x6EF5908757C13855B8EEE571EB92AC1D
SHA-1: 0xFE939451AB3829266C2038BCF16A110C49E17631
21 %ProgramFiles%\Enigma Software Group\SpyHunter\Log\SpyHunter4_20100816_074748.log 91,324 bytes MD5: 0x382EA4024C10421A83932E1C3E6D48B2
SHA-1: 0x5F75D8C79532B8353CC98E6E68C98774E54A37EE
22 %ProgramFiles%\Enigma Software Group\SpyHunter\mon\autoexec.bat.bk
%ProgramFiles%\Enigma Software Group\SpyHunter\mon\hosts.bk
0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
23 %ProgramFiles%\Enigma Software Group\SpyHunter\mon\system.ini.bk 256 bytes MD5: 0x1A844C082CF1DD7EC27B7B6EB3DF2D75
SHA-1: 0x623AA2AC62E11921E4829DAFC95EA12F5578ED6F
24 %ProgramFiles%\Enigma Software Group\SpyHunter\mon\win.ini.bk 480 bytes MD5: 0xD8A4AB86CFD5F30BE36613FB9B92E7AA
SHA-1: 0x9A83B830D00A51F5303832D40F0E26A56CE644FF
25 %ProgramFiles%\Enigma Software Group\SpyHunter\native.exe 14,232 bytes MD5: 0xA09B87198FFB8075358AB1466E5C7E29
SHA-1: 0xC4643CB786D697119DCB3DB81C7ABA6250E36734
26 %ProgramFiles%\Enigma Software Group\SpyHunter\Norwegian.lng 42,848 bytes MD5: 0xBDBF13187D49864CE1B16E6998AE5F54
SHA-1: 0x298EECE81A972A18B3EF530B8AA35188A0BD4964
27 %ProgramFiles%\Enigma Software Group\SpyHunter\Portuguese.lng 46,112 bytes MD5: 0x48A91A9B9EB596927EB8CDAD8BEA75AF
SHA-1: 0x545EF80E6DA8DEC211064A44A757562DEA35D02D
28 %ProgramFiles%\Enigma Software Group\SpyHunter\SH4Service.exe 326,488 bytes MD5: 0x038A97A1EE37E727B7E684A5E6E286DC
SHA-1: 0x14A0B424857D0F8789BF66A75A8BA353F0E340C9
29 %ProgramFiles%\Enigma Software Group\SpyHunter\SHDS.mht 17,631 bytes MD5: 0xA1A802F79E54A7986CD4D0B826780FCE
SHA-1: 0x1E863D9D27AFE8B292D3E4C8A26EB17664D167FD
30 %ProgramFiles%\Enigma Software Group\SpyHunter\ShScanner.dll 1,535,488 bytes MD5: 0xB5D411EE61EBAFA4DE16925C41F13E1A
SHA-1: 0x80EB96372C89BF5D41D371A6F4EB03D6DA47944B
31 %ProgramFiles%\Enigma Software Group\SpyHunter\Spanish.lng 44,768 bytes MD5: 0x20DC2F67BD96342938A5F2B0EB0FB95A
SHA-1: 0x5CF023C5C5B4DAC3A5CD459F8A62304AA26CAA15
32 %ProgramFiles%\Enigma Software Group\SpyHunter\SpyHunter4.exe 3,973,464 bytes MD5: 0x2339971D3CC55E2EFC8D058E77CC1614
SHA-1: 0xA848D77B2D7D43FDDFAA77DA1B19FA26D129F062
33 c:\sh4ldr\initrd.gz 6,125,131 bytes MD5: 0xA5CAD37300F32B3CD5C1F881F6862CEE
SHA-1: 0x170727E5BF012CA789297F5C1502B39C106B1B93
34 c:\sh4ldr\shldr 185,835 bytes MD5: 0x80D676F05E618C2F1D53F6392C566263
SHA-1: 0xBDEF70E2FCB3BE581AF0CCB2B47B842824015D9A
35 c:\sh4ldr\vmlinuz 1,738,256 bytes MD5: 0x23D85DAB1CB6D33A9D14DDE6815581C9
SHA-1: 0x7002F761A8AE254E36800CF11A455BB53643BC07
36 %Windir%\95431C66CF9A4913BFFF6050785AFB65.TMP\WiseCustomCalla21.exe 133,778 bytes MD5: 0xC8FCD1578DF9C713DF538E1DAA75B8C2
SHA-1: 0x88F257F77728D0587C1BE018E6465D48F1BA7C92
37 %Windir%\Installer\334a1.msi 2,382,336 bytes MD5: 0x4236A68D935B7A89DC72BAD7A89E313D
SHA-1: 0xE345474D66437F922CC41772735318B69C1CE457
38 [file and pathname of the sample #1] 663,960 bytes MD5: 0xD277162FFC1F11A4409B9ECAA184C89D
SHA-1: 0x7C6AA62AF9198FCAB458D28303501B8CF5A41808

 

Memory Modifications

Process NameProcess FilenameMain Module Size
SHSetup.exe%Temp%\shsetup.exe18,100,224 bytes
[filename of the sample #1][file and pathname of the sample #1]675,840 bytes

Service NameDisplay NameStatusService Filename
SpyHunter 4 ServiceSpyHunter 4 Service"Running"C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

Service NameDisplay NameNew StatusService Filename
MSIServerWindows Installer"Running"%System%\msiexec.exe /V

 

Registry Modifications

 

Other details

Remote HostPort Number
209.85.60.18080
74.125.65.14780

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.