Visit ThreatExpert web site |Close Report

Submission Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.
Creates a startup registry entry.

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile Hash
1 %CommonAppData%\W3i\InstallIQUpdater\iqu.ini 1,414 bytes MD5: 0x43CE512031CF0DD9EE796518D0AC98D8
SHA-1: 0x35C617D0510BF221BCF25BB2E42DC0D09542714B
2 %CommonAppData%\W3i\InstallIQUpdater\updater.log 686 bytes MD5: 0x593CBBFB80CD17E799D0E597D33F0444
SHA-1: 0xEF69E89D658266F46ABE00D3734B0398BEF5B69E
3 %CommonPrograms%\InstallIQ Updater\InstallIQ Updater.lnk 896 bytes MD5: 0x915E3DFE3C38D8183E982B1BBC8784CD
SHA-1: 0xD8861078713011B8508883FCFCF1B07F3A967C54
4 %CommonPrograms%\InstallIQ Updater\Privacy Policy.url 174 bytes MD5: 0x26122C8FBE8EA3C3413DB58CF868533B
SHA-1: 0x6B26AAB13C76F8024AFECC116304803A92EEDFDF
5 %CommonPrograms%\InstallIQ Updater\Terms & Conditions.url 181 bytes MD5: 0x3EC2589A353D33C80CCFD7C0CB8827FF
SHA-1: 0xCC62F37180517FBB4C324FFA1194702F928D5412
6 %CommonPrograms%\InstallIQ Updater\Uninstall InstallIQ Updater.lnk 1,645 bytes MD5: 0xF51BE2D1FD774EF4FD7194A90C526D06
SHA-1: 0x41A216C3C2C0575721444005591D30ADAC9EC0C2
7 %AppData%\W3i, LLC\InstallIQ Updater\install\disk1.cab 598,961 bytes MD5: 0x0B3BEF18C483E5AF4B8F20533CA717B3
SHA-1: 0x51F4B7586A8736C97E1451691B3200D01C939D52
8 %AppData%\W3i, LLC\InstallIQ Updater\install\iqu_installer.msi
%Temp%\1a0cf.msi 		761,344 bytes MD5: 0x230F88C441AD1A46BA269BDE457C32F2
SHA-1: 0xE2348083EACC12EAD2539D5085C045B37DA05404
9 %Temp%\MSI33cac.LOG 430 bytes MD5: 0xE17C4F5EB6C704F657B0094D2F6D9904
SHA-1: 0xA50F39775E41528A7F7D57DBFAE41DF5080F5AF2
10 %ProgramFiles%\W3i\InstallIQUpdater\images\btn_bg.gif
%ProgramFiles%\W3i\InstallIQUpdater\images\tab_bg_o.gif 		46 bytes MD5: 0x266052C69553E3E710502731228B2279
SHA-1: 0x125E89E31AD7D8297A72686103C4410D8EE9CB2B
11 %ProgramFiles%\W3i\InstallIQUpdater\images\ico_cog.gif 402 bytes MD5: 0x529951696A8D5B573DAD5C1B22624EFC
SHA-1: 0x684FD93318BB72DE50705FCEFF0128344C4561BD
12 %ProgramFiles%\W3i\InstallIQUpdater\images\ico_cog.png 512 bytes MD5: 0x30A18063EF42B090194A7E936086960F
SHA-1: 0xBDA19A5E3E34A27909EE79F59C4042EBFB12994C
13 %ProgramFiles%\W3i\InstallIQUpdater\images\ico_help.gif 387 bytes MD5: 0xD49CE0E49294D39CA835287930220678
SHA-1: 0x0BC652C7DD78364FA324B660C19F387840DFEDA8
14 %ProgramFiles%\W3i\InstallIQUpdater\images\ico_help.png 786 bytes MD5: 0xC3812C74BC524179F4CCF5D2DB7B3CBF
SHA-1: 0xF634DC6029CA53638DD2EAA68F4DE81DB3B40741
15 %ProgramFiles%\W3i\InstallIQUpdater\images\ico_information.gif 381 bytes MD5: 0xE03C4E46E72496CFC16E8F68DDE1393D
SHA-1: 0xE2C95B406963DD82709B816F21D36E27E9749A2C
16 %ProgramFiles%\W3i\InstallIQUpdater\images\ico_information.png 778 bytes MD5: 0x3750C701D2EC35A45D289B9B9C1A0667
SHA-1: 0x04B482344D75D0732275727BD73CCEB9B049D276
17 %ProgramFiles%\W3i\InstallIQUpdater\images\ico_installed.gif 102 bytes MD5: 0xF88B473F376E9D4E2AA2BF60D8693DFE
SHA-1: 0x57AE7F1A5B698179302AB814ABCC6BA8687EDECD
18 %ProgramFiles%\W3i\InstallIQUpdater\images\ico_installed.png 237 bytes MD5: 0x4B81381FD7B40D4818CFE4DB823940FA
SHA-1: 0x72559756680ED8F6F90FA466695315F848F96CFF
19 %ProgramFiles%\W3i\InstallIQUpdater\images\ico_updates.gif 336 bytes MD5: 0x6E18DD1706BC1E7A03A69266B3409CE3
SHA-1: 0x45374971E7AB1DB684DE40560CB10B301C9E0A7E
20 %ProgramFiles%\W3i\InstallIQUpdater\images\ico_updates.png 500 bytes MD5: 0xA82C638FB66CE2B21E0BC81CCD898983
SHA-1: 0xFF48617025DA3BC9F4C9B91EABD2A74CAE1B1CAA
21 %ProgramFiles%\W3i\InstallIQUpdater\images\iqu_logo.jpg 2,094 bytes MD5: 0xD767153BC50BA3ADC3300B40E2562190
SHA-1: 0xADFC09ED249E19B9D9641E0330F4A2B882E3C28A
22 %ProgramFiles%\W3i\InstallIQUpdater\images\tab_bg.gif 167 bytes MD5: 0x9E1A1A8B6A0B73792750AFAED4FC34DA
SHA-1: 0x6EFF2934921B974F50DE12E6EFD9C266E667957C
23 %ProgramFiles%\W3i\InstallIQUpdater\images\temp_icon.gif 118 bytes MD5: 0x918D743AA65ABC932CF1C6F36D3EDCC3
SHA-1: 0xDA90D988406496B00B78466CA3E18576BC399109
24 %ProgramFiles%\W3i\InstallIQUpdater\InstallIQUpdater.exe 1,165,824 bytes MD5: 0x47C41211383CA94A6F3EA1AA75DCC618
SHA-1: 0xA1F0D13720EFEBCEE132AAB54569F32B6DA14D64
25 %ProgramFiles%\W3i\InstallIQUpdater\iqu.xsl 10,208 bytes MD5: 0xF0C6B1B512A3AB9999BE377BF2868736
SHA-1: 0x12B4B5DF200E0C88B1E1C29E38A766A9CB0695AD
26 %Windir%\Installer\336e8.msi 761,344 bytes MD5: 0x96E88BB5D71DAA58FB4B92ADCD1753E3
SHA-1: 0x978A5DD4A14D27CBD87E68E35BE085E0DD5D8771
27 %Windir%\Installer\{8E0E6383-9754-4471-939E-E4ABE02E3440}\SystemFolder_msiexec.exe 14,534 bytes MD5: 0xC2649AD15118FD46780D6FCBC38447D0
SHA-1: 0xF32EFACB590F5028A9F5DA7236CC74086A3C87EC
28 [file and pathname of the sample #1] 1,686,848 bytes MD5: 0xD9BE08379D1698F4AC4BE60E82CBDA2F
SHA-1: 0x3D94C44B4CF8C9A28D4C2F81A1A8788FB765260B

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]344,064 bytes
InstallIQUpdater.exe%ProgramFiles%\w3i\installiqupdater\installiqupdater.exe1,224,704 bytes

Service NameDisplay NameNew StatusService Filename
MSIServerWindows Installer"Running"%System%\msiexec.exe /V

 

Registry Modifications

 

Other details

PortProtocolProcess
1055UDPInstallIQUpdater.exe (%ProgramFiles%\W3i\InstallIQUpdater\InstallIQUpdater.exe)
1056TCPInstallIQUpdater.exe (%ProgramFiles%\W3i\InstallIQUpdater\InstallIQUpdater.exe)
1057TCPInstallIQUpdater.exe (%ProgramFiles%\W3i\InstallIQUpdater\InstallIQUpdater.exe)

Remote HostPort Number
199.7.52.19080

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2013 ThreatExpert. All rights reserved.