ThreatExpert Report

Submission Summary:

Submission details:

Submission received: 10 August 2012, 12:10:50
Processing time: 14 min 24 sec
Submitted sample:

File MD5: 0xE04A32BF154323F6EDEC644FEA339AE4
File SHA-1: 0x561C67A05B3AEE93B31EDD726ECD1ED5203314B5
Filesize: 1,051,920 bytes

Summary of the findings:

What's been found	Severity Level
Downloads/requests other files from Internet.

Technical Details:

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash
1	%DesktopDir%\Continue FLV Player Installation.lnk	913 bytes	MD5: 0xE058106FF047681B78DEE12BD5079357 SHA-1: 0xB4067BBCB3C03E61A467D845F94F2108FF7733A9
2	%Temp%\ICReinstall_[filename of the sample #1] [file and pathname of the sample #1]	1,051,920 bytes	MD5: 0xE04A32BF154323F6EDEC644FEA339AE4 SHA-1: 0x561C67A05B3AEE93B31EDD726ECD1ED5203314B5
3	%Temp%\is357113909\101122_Setup.CIS %Temp%\is357113909\101211_Setup.CIS	125 bytes	MD5: 0x7C5F5A68051F6B0C0E9A2AD33C40D415 SHA-1: 0x120865765927A61AF83F02B83DC297EEDE61EC41
4	%Temp%\is357113909\415908638.cfg	230 bytes	MD5: 0xE6B6B28D9099DA0A88E29444E486E9D6 SHA-1: 0xA2948C0C567E5CEC6DB572E480B325FB48736620
5	%Temp%\is357113909\516161446.cfg	230 bytes	MD5: 0xFAFE7368FDE936D89FC4C23E136798A7 SHA-1: 0x0E252FC4E257A4536817FA609A5E4E0488369DE0
6	%Temp%\is357113909\822155676.cfg	236 bytes	MD5: 0x3B34E4EE78B1350F061DBA23D3A1DE04 SHA-1: 0xB60887B8C277C810B4815223B7348757EA87DE94
7	%Temp%\is357113909\923313444.cfg	236 bytes	MD5: 0x95656A93A3DDBD482179EFBB037C8425 SHA-1: 0x6C92E5A03CADA644317FAB6F5902FDC82682BF69
8	%Temp%\ish100671\blank.gif	49 bytes	MD5: 0x56398E76BE6355AD5999B262208A17C9 SHA-1: 0xA1FDEE122B95748D81CEE426D717C05B5174FE96
9	%Temp%\ish100671\css\buttons.css	1,153 bytes	MD5: 0xA84FEE16240DE0D25F1B3EC8DF25A11C SHA-1: 0xFF395834BB8FF730B31C1DAEFC8FF197CE280AD0
10	%Temp%\ish100671\css\ie6_main.css	1,129 bytes	MD5: 0x69B3F7194795871E6EAC286439118DDD SHA-1: 0xE7488B4B7363B011AA82ABBCE84F914E3329750A
11	%Temp%\ish100671\css\main.css	4,346 bytes	MD5: 0x017C83AF9AAEF5369797FFE4BBA779B9 SHA-1: 0x641E65AC7BE9EB43ADB74DC898C75E4F74A7FB7D
12	%Temp%\ish100671\css\sdk-ui\browse.css	318 bytes	MD5: 0x10C359BC980927BB66B215407ECE3E66 SHA-1: 0x4A2FC034BF7B4E84D832B6BBD9413D2055B9EC62
13	%Temp%\ish100671\css\sdk-ui\button.css	417 bytes	MD5: 0x37E1FF96E084EC201F0D95FEEF4D5E94 SHA-1: 0x4EC405F2668D5D93260525AD916ABAFA2414CB72
14	%Temp%\ish100671\css\sdk-ui\checkbox.css	190 bytes	MD5: 0x64773C6B0E3413C81AEBC46CCE8C9318 SHA-1: 0x50F84EF8331341B48981AF82313B146863EBA526
15	%Temp%\ish100671\css\sdk-ui\images\button-bg.png	131 bytes	MD5: 0x98B1DE48DFA64DC2AA1E52FACFBEE3B0 SHA-1: 0xA1615C118FBFA49253D98185EAE283F26EA392D7
16	%Temp%\ish100671\css\sdk-ui\images\progress-bg.png	2,845 bytes	MD5: 0x32A6846FE53388EB03BE3ADA2221297F SHA-1: 0x1C1BAEC7B7FE7A420CCF68D3112384B44F8BA89E
17	%Temp%\ish100671\css\sdk-ui\progress-bar.css	632 bytes	MD5: 0x8F6A2E09ACE79158461B82D74FF6C7FD SHA-1: 0x88F079FD001FEB2CB302565B87FDB81C8995DD93
18	%Temp%\ish100671\images\Bg.gif	20,535 bytes	MD5: 0x94D82A50272A4423DCA66AE32E0602CA SHA-1: 0x18A1300C684442BFFB41DCBA54D30C72888F48EC
19	%Temp%\ish100671\images\close_button.png	1,341 bytes	MD5: 0x83487401DAF307D6C726A479DE1EE6F9 SHA-1: 0xC173BE4937A63672570078B325864C76B28040B8
20	%Temp%\ish100671\images\finish-button.png	2,311 bytes	MD5: 0xE37EC66B72996FC3AD929CD068570D4D SHA-1: 0xE21BE5EA412B4DC02B7D3A61AB3A798946224CAE
21	%Temp%\ish100671\images\icon.png	3,999 bytes	MD5: 0xB460D82EAB7AF8BA6E338E351DD0ECDC SHA-1: 0x265B9A3F3C80F40F8534DDCFBF9C1ED61E3B1B20
22	%Temp%\ish100671\images\loader.gif	6,292 bytes	MD5: 0x85954EA60A946E9C41E33260CEE2BBC4 SHA-1: 0xA2B8147953636DE537C66AFB06105A3889A55915
23	%Temp%\ish100671\images\next-button-over.png	2,378 bytes	MD5: 0x23802443DCDD0CB5DCC00F1D3BD9CFE6 SHA-1: 0x513234AEC8111706E7031090BD85F26E524821D8
24	%Temp%\ish100671\images\next-button.png	2,430 bytes	MD5: 0x274548CB843BB96FCB50A79A2340B22D SHA-1: 0xBB5253C868861FF10FD48DCCE1309D847F087E80
25	%Temp%\ish100671\images\progress-bg.png	176 bytes	MD5: 0x192B249D9413082D676F85D1509FE258 SHA-1: 0x4130BA10D3BB2267F19FA07DC0672E6BA23A8C4E
26	%Temp%\ish100671\images\Progress.png	333 bytes	MD5: 0x2306755853711F1CB2F97CFC90440FB8 SHA-1: 0x57D2E50C9F6345D6A81B2D766D31D92ED741F822
27	%Temp%\ish100671\images\ProgressBar.png	266 bytes	MD5: 0x0E0AEAD9873F985325C78C564830B2DA SHA-1: 0x339D70C35D53F322908BE28DD80002379B739921
28	%Temp%\ish100671\license\DE.license.txt	22,437 bytes	MD5: 0x94C7BDCA5F950C087EBF2DCBA0550AC4 SHA-1: 0x504F74335AEECC9DB7984CA1CFA1B694B0A1CE24
29	%Temp%\ish100671\license\EN.license.txt	18,507 bytes	MD5: 0x75A5340D5A321F4F889E7891336A3478 SHA-1: 0x546E8DB4ECBBA7A701D36A3B1B263C9D9B60D384
30	%Temp%\ish100671\locale\EN.locale	2,385 bytes	MD5: 0xD0FAB55E7BD3510D51DF2414213257AB SHA-1: 0xC8BF277751D527A01F0D207E77AF33D904D8E6BC
31	%Temp%\ish100671\sdk\exceptlist.txt	34 bytes	MD5: 0xF01863CCE9F2A2E4DCEF02F285E561AF SHA-1: 0xE2CBA65BE3F487E3760CF8D9247D3F4F73FF8174

Notes:

%DesktopDir% is a variable that refers to the file system directory used to physically store file objects on the desktop. A typical path is C:\Documents and Settings\[UserName]\Desktop.
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

The following directories were created:

%Temp%\is357113909
%Temp%\ish100671
%Temp%\ish100671\css
%Temp%\ish100671\css\sdk-ui
%Temp%\ish100671\css\sdk-ui\images
%Temp%\ish100671\images
%Temp%\ish100671\license
%Temp%\ish100671\locale
%Temp%\ish100671\sdk

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
[filename of the sample #1]	[file and pathname of the sample #1]	1,085,440 bytes
icreinstall_[filename of the sample #1]	%Temp%\icreinstall_[filename of the sample #1]	1,085,440 bytes

Other details

To mark the presence in the system, the following Mutex objects were created:

DDrawWindowListMutex
DDrawDriverObjectListMutex
__DDrawExclMode__

The following port was open in the system:

Port	Protocol	Process
1044	TCP	[file and pathname of the sample #1]

The following Internet Connections were established:

Server Name	Server Port	Connect as User	Connection Password
os.flvplayerpro.net	80	(null)	(null)
rp.flvplayerpro.net	80	(null)	(null)
cdnus.flvplayerpro.net	80	(null)	(null)
cdneu.flvplayerpro.net	80	(null)	(null)

The following HTTP URLs were started reading:

http://cdnus.flvplayerpro.net/app/Cmp/FLVPlayer-v2.cis
http://cdneu.flvplayerpro.net/app/Cmp/FLVPlayer-v2.cis
http://cdneu.flvplayerpro.net/ofr/BabylonToolbarV7.cis
http://cdnus.flvplayerpro.net/ofr/BabylonToolbarV7.cis

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.