Submission Summary:

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile Hash
1 %AppData%\Google\Chrome\User Data\default\extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_0\appCntrl.js 67 bytes MD5: 0x7BEAAB1C723E9C70AFDD947E193DCC2F
SHA-1: 0x2314704678CE598FA4037154E74EAEAFE06949A5
2 %AppData%\Google\Chrome\User Data\default\extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_0\bg.html 356 bytes MD5: 0x40E1C432D876B677F885D095DE6B0BC7
SHA-1: 0x7AA8C5C0B996517FC6B7C97510554DB2526288E3
3 %AppData%\Google\Chrome\User Data\default\extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_0\bg.js 10,788 bytes MD5: 0xAF72A8014259D9EBA417613575410EA7
SHA-1: 0xDF8EAC7391F84267A86D3621CA9B157B865D8F47
4 %AppData%\Google\Chrome\User Data\default\extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_0\CrmAdpt.dll 201,216 bytes MD5: 0xD6CE46D9E8B0C8C5212C87833B0C4184
SHA-1: 0x8590245039F1DC5FD571E85654AE43B0F03ECF86
5 %AppData%\Google\Chrome\User Data\default\extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_0\ct.js 1,004 bytes MD5: 0xB07D573D9FA44C748041CD62EAF39AAC
SHA-1: 0x338F00C03C514BFD0F5855212F61540A96A28F45
6 %AppData%\Google\Chrome\User Data\default\extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_0\CTB.dll 237,056 bytes MD5: 0x35EFDC9B27F7749BB5FFA6C260261873
SHA-1: 0xEF90A513A9F39EC808EE70484DC200F025EF211E
7 %AppData%\Google\Chrome\User Data\default\extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_0\ctvr.js 1,436 bytes MD5: 0x7CC8AC3EBA5753B7E57CA0BFE92B60CA
SHA-1: 0x3AE8D445B28CB25EB9B60486FC856E4F319D8E0E
8 %AppData%\Google\Chrome\User Data\default\extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_0\dpk.js 8,675 bytes MD5: 0x9EA3BF34E8EDC6A049F1E2B69F7FC061
SHA-1: 0x599DE5FFE886D237497A2D03025E1FD0057CA66A
9 %AppData%\Google\Chrome\User Data\default\extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_0\hprtkMsg.htm 2,758 bytes MD5: 0x3DB5C0C470B371107E46A2303FE3ACDF
SHA-1: 0x6712234ADE55BC960D6BC4D1F990A741D8FA1167
10 %AppData%\Google\Chrome\User Data\default\extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_0\hprtkMsg.js 402 bytes MD5: 0x8F877E4D1680F933A9D60598B351E90D
SHA-1: 0x40AEBB600264BD975801BDA40D317CC25E627BC5
11 %AppData%\Google\Chrome\User Data\default\extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_0\json2.min.js 2,109 bytes MD5: 0xB3F4DDF609D6F3E02F728F766A1863A2
SHA-1: 0xE5D5E6D0F61D4A5726902163A4D60C07B40E13EA
12 %AppData%\Google\Chrome\User Data\default\extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_0\logo.png 3,219 bytes MD5: 0xAB6195D4F7A90166F02174DA253E735D
SHA-1: 0x36F3EA4A0701776391A761281546E9386E2D1C30
13 %AppData%\Google\Chrome\User Data\default\extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_0\manifest.json 877 bytes MD5: 0x324EFC2FC5840B41EFB639B0E6BCE517
SHA-1: 0x2A113F878454D70EB93E79B5C67719B2D06EEA52
14 %AppData%\Google\Chrome\User Data\default\extensions\omgjkafaoidbgamjoklhaiiciahohkbh\1.0_0\pref.json 2,117 bytes MD5: 0xAB924D07C32501DE6D4D5FB8230B10B0
SHA-1: 0xF2673F677BECD737514BB68197177FF8B3EBBF1F
15 %Temp%\mt_ffx\tuvaro\tuvaro\1.8.16.9\tuvaro.xpi 116,283 bytes MD5: 0xD234A889695D84665DC17DDF69E6EAC1
SHA-1: 0x535A57CF3881A1C28345C1A19BF01A2343F0E736
16 %Temp%\nsf2.tmp\Time.dll
%Temp%\nsl4.tmp\Time.dll
%Temp%\nsm6.tmp\Time.dll
10,752 bytes MD5: 0x38977533750FE69979B2C2AC801F96E6
SHA-1: 0x74643C30CDA909E649722ED0C7F267903558E92A
17 %Temp%\nsrB.tmp 125 bytes MD5: 0x7C5F5A68051F6B0C0E9A2AD33C40D415
SHA-1: 0x120865765927A61AF83F02B83DC297EEDE61EC41
18 %ProgramFiles%\tuvaro\tuvaro\1.8.16.9\bh\tuvaro.dll 255,384 bytes MD5: 0x58F1F911EAFAB9BDADD4A083B02867AA
SHA-1: 0x6A577AC6784B81AF80B48ADBF33B1A6AB70DBA58
19 %ProgramFiles%\tuvaro\tuvaro\1.8.16.9\escortShld.dll 58,880 bytes MD5: 0xBAFCAEFB25FBC0B1503EDFB9DEA529F4
SHA-1: 0x4EE66549181F9E360296BD245F06D594EDFC60F7
20 %ProgramFiles%\tuvaro\tuvaro\1.8.16.9\tuvaro.crx 226,067 bytes MD5: 0x6316353578737D4C9C675570C638A510
SHA-1: 0x398FABF49AD0D0A3E266C03C8C32951049DF8514
21 %ProgramFiles%\tuvaro\tuvaro\1.8.16.9\tuvaroApp.dll 720,792 bytes MD5: 0xEC0DD31E0B060FB35A0D08ED47210DF1
SHA-1: 0x84AE054D5BA742767420C8B4D485C862AC88C282
22 %ProgramFiles%\tuvaro\tuvaro\1.8.16.9\tuvaroEng.dll 591,768 bytes MD5: 0xA6054CE6C1C9400D9D9922C5C503B12E
SHA-1: 0x48B573D795E4D270C7F3918A931EA8D41D9852CE
23 %ProgramFiles%\tuvaro\tuvaro\1.8.16.9\tuvarosrv.exe 381,848 bytes MD5: 0x943D51CAB077DA7CBB817112BEB115DF
SHA-1: 0xC7907D3A9D9200420DD590ABC330FC242F9220E3
24 %ProgramFiles%\tuvaro\tuvaro\1.8.16.9\tuvaroTlbr.dll 330,136 bytes MD5: 0xB6BA4A20B5ED66FAA8A4F749F83C8023
SHA-1: 0x4349C4BD5B8DAAF9056E1FD1AF0A756F8223C762
25 %ProgramFiles%\tuvaro\tuvaro\1.8.16.9\uninstall.exe 208,034 bytes MD5: 0xAB77D9BA932060839A7734CB814F0F16
SHA-1: 0x9A95F75584DDF09B305C18A2E09E6E807BD210F4
26 c:\user.js 41 bytes MD5: 0x8B1A8E6B0649DFC776D68D9794DDD0F6
SHA-1: 0xB82233AD4C8C85D366D91FCD3DAC487B967B0E59
27 [file and pathname of the sample #1] 2,516,976 bytes MD5: 0xE11DE4F6B50F66C2DBABDFCCEF1103F5
SHA-1: 0x7911084AF35F17B5FC3E875B098D85C7F92B7AD9

 

Memory Modifications

Process NameProcess FilenameMain Module Size
tuvarosrv.exe%ProgramFiles%\tuvaro\tuvaro\1.8.16.9\tuvarosrv.exe401,408 bytes
[filename of the sample #1][file and pathname of the sample #1]331,776 bytes
tuvaro4ie.exe%Temp%\tuvaro\tuvaro\1.8.16.9\tuvaro4ie.exe331,776 bytes
tuvaro4ffx.exe%Temp%\tuvaro\tuvaro\1.8.16.9\tuvaro4ffx.exe331,776 bytes

 

Registry Modifications

 

Other details

Israel

Server NameServer PortConnect as UserConnection Password
reports.montiera.com80(null)(null)

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.