Submission Summary:

What's been foundSeverity Level
Produces outbound traffic.
Downloads/requests other files from Internet.
Creates a startup registry entry.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %CommonAppData%\Anti-phishing Domain Advisor\guid.dat 38 bytes MD5: 0x53CE74C6C6BB17833559BDFE7DB64458
SHA-1: 0xFA1B58D79FE4E91D9570292B6D2213CB4E5375AA
(not available)
2 %CommonAppData%\Anti-phishing Domain Advisor\uninstall.exe 116,080 bytes MD5: 0x17AB7AA02C73FD13463A76FF4EA30B0C
SHA-1: 0xC90275D8B83D8A3A4493EF21858BA322A3F38F64
(not available)
3 %CommonAppData%\Anti-phishing Domain Advisor\visicom_antiphishing.dll 383,656 bytes MD5: 0x02AF8A61F0C5A04E5CC2E1BCE7FB50EB
SHA-1: 0x76CC3A0B2A84B573C499B959F566E27CE400C831
(not available)
4 %CommonAppData%\Anti-phishing Domain Advisor\visicom_antiphishing.exe 223,400 bytes MD5: 0x9FD3F01330AFE216018528577393C9F0
SHA-1: 0x9BA6CB02888CE4C096AD4DEFDEA067BA8E699D52
(not available)
5 %CommonAppData%\EmailNotifier\EmailNotifier.exe 876,504 bytes MD5: 0xD575E597C8F51C325D5174A26AD49E1E
SHA-1: 0xE41217420E5D7D0D76FF45E197EE9E3853811121
(not available)
6 %CommonAppData%\EmailNotifier\EmailNotifierAPI.dll 858,584 bytes MD5: 0x95917B0BACE7930A022C683EDEB5C447
SHA-1: 0x8F19E976F7DA8552DDD3A4CAC28DD965277DD89E
(not available)
7 %CommonAppData%\EmailNotifier\EmailNotifierEN.lng 3,499 bytes MD5: 0x4C22C4EFA35B975D1BCB98C31F132DBD
SHA-1: 0x081138C2F94F5A1665FD7884859A8F95BAE1B298
(not available)
8 %CommonAppData%\EmailNotifier\EmailNotifierFR.lng 3,698 bytes MD5: 0x9DACE4478568FD2863A3C974F8CC7831
SHA-1: 0xEB9F70D23595B4FE378B89CEB94B6CF1E3302EB2
(not available)
9 %AppData%\EmailNotifier\EmailNotifier.xml 570 bytes MD5: 0xB011ED71A065C3D75DA4F46A56DBB18E
SHA-1: 0xD18CF3D5FE5DF3B44765ADB3B5CF64813BE5B646
(not available)
10 %AppData%\wbtooltb\coupons\categories.xml 26,318 bytes MD5: 0x889D3D6C2BF6B1B45BFBA63A10779DB9
SHA-1: 0x8A0F1DA50F51BC7D32B3F5AD12B32F1148FAA42C
(not available)
11 %AppData%\wbtooltb\coupons\merchants.xml 362,080 bytes MD5: 0x41A5D6B83ECCE2C4E7DD63F74F140476
SHA-1: 0x58460E490C630E3AA5D9A8C4CFA35A133FD4B538
(not available)
12 %AppData%\wbtooltb\coupons\merchants2.xml 168,802 bytes MD5: 0x14F3AA063B39907394AB72C01CFC78C6
SHA-1: 0x8B1F8D59995F5CCDCA8901A5134D6FBFCDDE56EE
(not available)
13 %AppData%\wbtooltb\dtx.ini 15 bytes MD5: 0x182A64556E21AD5239EA4898F3D365B6
SHA-1: 0xB25DA62156703874C802DACFB22AEE0A2A6B93C5
(not available)
14 %AppData%\wbtooltb\games\1447d4f9186685613fcf41e7406e9932 863 bytes MD5: 0x74335E41B175DDF192858DF6E0D4393F
SHA-1: 0x0840BE388A69B87152BAEDDAAF19486FD5E16476
(not available)
15 %AppData%\wbtooltb\games\6acc8b71860af8baefcbc9597e6eb1ce 6,635 bytes MD5: 0x79C11F018ADFC1F926AF6433E512A86D
SHA-1: 0x8FE44F1673E5CC0CD02F88FF31EFF5E175BF16CB
(not available)
16 %AppData%\wbtooltb\games\7a6895da3b22a94d045b3e104db5be59 6,458 bytes MD5: 0xFD7DEA528E694B17CA6CF074D6C8D46D
SHA-1: 0x63708A5CB3B5AB5962FE5DE6DBDEA89C5131E1B8
(not available)
17 %AppData%\wbtooltb\games\GameCategories.xml 122 bytes MD5: 0xEAC5E7B9F6717B37725802F53D192496
SHA-1: 0xBED2C584864AA3BC1CF4B88191CBFEFDAB5EEDAD
(not available)
18 %AppData%\wbtooltb\games\GameTypes.xml 74 bytes MD5: 0x5C406ACAFECCB6A311A9B5EE08B8F6A7
SHA-1: 0xE20F185FBA2DAA4FF64B3E2509831D1123DA8DF5
(not available)
19 %AppData%\wbtooltb\guid.dat 38 bytes MD5: 0x7070E2522931D44D841758C0EC7A7AFB
SHA-1: 0x8EB40664C318DDB5F149F294E188F69708D15F4B
(not available)
20 %AppData%\wbtooltb\log.txt 62,612 bytes MD5: 0x16CBFBFC49A55C0C284C431955533B63
SHA-1: 0xF4A728C4C487FBB59C088463DEA6EE9531BD092B
(not available)
21 %AppData%\wbtooltb\preferences.dat 197 bytes MD5: 0x6EBDC01092567BAE8F7E6633FBAC63D6
SHA-1: 0x4FD7FC6241F93B9182BCA9E47D4EC5895C9C50CB
(not available)
22 %AppData%\wbtooltb\shopping\categories.js 25,876 bytes MD5: 0x8711E8967D708209811C903F62DF289D
SHA-1: 0x91C3A9CE3D1CBC5B572C16C37080B86DC67640A7
(not available)
23 %AppData%\wbtooltb\shopping\pmfeed.xml 14,654 bytes MD5: 0x1738CD56583D4C4A2190F2C30A81C201
SHA-1: 0x50D9125FA78C263DE5D53EEFB33C7659237039A1
(not available)
24 %AppData%\wbtooltb\stats.dat 395 bytes MD5: 0x569474A6B6D1FC1AA702981F958678E8
SHA-1: 0x1BC54BA995C8B6E2B3C150899D92652432673E07
(not available)
25 %AppData%\wbtooltb\uninstallIE.dat 224 bytes MD5: 0xF7042AB7787895F6B05593B33B0465DA
SHA-1: 0xEA775CC46290280EDE7C4C9BC0C9FF088EDB3FA3
(not available)
26 %AppData%\wbtooltb\weather\859b43127c60abbfdf4a06ab642c84ec 5,429 bytes MD5: 0x4F70F561855A0B5F8891A801308189FA
SHA-1: 0xE876AB756BF763E72BCBEAB0A47F6C93B2A0175F
(not available)
27 %AppData%\wbtooltb\weather\fdaed771402fe55fa6d25536920a52b0 10,297 bytes MD5: 0xAF91FB4E40B8A7D25BD8C410A28C83F7
SHA-1: 0x97A87AEB1DA46610334B76F36BAE262F721DC4FE
(not available)
28 %AppData%\wbtooltb\weather\forecasts_cache.xml 74 bytes MD5: 0x6CC81DD51BB733538293A7258BDF6879
SHA-1: 0x11445B9308C938C479728E4655767F7FC101B514
(not available)
29 %AppData%\wbtooltb\weather\observations_cache.xml 74 bytes MD5: 0x6987C63CCFEC173CA3CCD7187F17466C
SHA-1: 0xA3C3AE1796DD0DC736BF58E912A9F9E91993D971
(not available)
30 %AppData%\wbtooltb\weatherbutton_prefs.xml 356 bytes MD5: 0xEFF407CFC1E9AEA170E0D643DC071A2E
SHA-1: 0xCBCF57E4943CA975264F8F9362389B3D63213FF4
(not available)
31 %AppData%\wbtooltb\widgets_cache\504722fb2b601cb49e82ff88e07dc1eb 10,402 bytes MD5: 0xB372F823067693EBE695D79A48466086
SHA-1: 0x5C83B21538964661BD21011167551EC9D9CEC4E8
(not available)
32 %AppData%\wbtooltb\widgets_cache\89670e0a460c65244bc180317d0de7ba 2,283 bytes MD5: 0x897958E3432227C3FD7F5D27E1FA9935
SHA-1: 0x0558A99A1F5A16C5F4FA5F76E4F9AF34C9D9258F
(not available)
33 %AppData%\wbtooltb\widgets_cache\category_cache.xml 74 bytes MD5: 0x081D71DE7AA0CC6C8C533EF32FB81069
SHA-1: 0xF0C3EDCE5B5AF78D6119F7FCB41A9594778BCDA1
(not available)
34 %AppData%\wbtooltb\widgets_cache\widget_cache.xml 74 bytes MD5: 0x8DBEF2833EC10EB5D05C07D5AD9F9DE0
SHA-1: 0xB01C815057C2058F74B2DF55F96E168BA7AC1DEE
(not available)
35 %AppData%\antiphishing-webblog1_1dn\catalog.list 2,197 bytes MD5: 0x9954F77FE9080A3CE80F46E5C741A81B
SHA-1: 0x1481E84365D33AF771B1A5D41E3FD46E024A37B3
(not available)
36 %AppData%\antiphishing-webblog1_1dn\data\110513182902-f.list 3,816,493 bytes MD5: 0x76DD7E3CBBB2987A1CF64C7006AD7091
SHA-1: 0x57E0BE5BF3F4B69ECDA12FB26E3189799EB0800D
(not available)
37 %AppData%\antiphishing-webblog1_1dn\data\temp.zip 1,024,326 bytes MD5: 0xF15D767DB04310BF6EF37AFB251E5D3B
SHA-1: 0x184CC6D5EB8D8EEFA70AF1317A734B1F7B1ABDCD
(not available)
38 %AppData%\Microsoft\Windows Media\9.0\WMSDKNSD.XML 53 bytes MD5: 0xA9B5DA9AEC61657B32393D96217165F0
SHA-1: 0x80B5C577155ACD269B450D70F6B2CBED693EDF49
(not available)
39 %Temp%\nsd8.tmp 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
(not available)
40 %Temp%\nsv3.tmp\UAC.dll 16,896 bytes MD5: 0x0D422E0C03A7D9428C6C02175D7DC9F8
SHA-1: 0x5E13D49521CFBBE52CD74DE8E1682789F0268969
(not available)
41 %Temp%\wbtool-manifest.xml
%ProgramFiles%\wbtooltb\manifest.xml
726 bytes MD5: 0x31EFF31990550C565A0259D974DF24E4
SHA-1: 0x32D92134B4C20A06BBB9097693A845DE01F9BE09
(not available)
42 %ProgramFiles%\wbtooltb\chrome\content\lib\about.xml 4,611 bytes MD5: 0x8B365EFF5A65A4EC6CAEFB01AAC35ED6
SHA-1: 0x59C85636B715FE36B8A17B8850641FCA1E7379FB
(not available)
43 %ProgramFiles%\wbtooltb\chrome\content\lib\dtxpanel.xul 573 bytes MD5: 0x95EC17707A727FD33987BE7A07194E92
SHA-1: 0x2526B93671448EBBB03818DE9B57FBEE75CE561A
(not available)
44 %ProgramFiles%\wbtooltb\chrome\content\lib\dtxpanelwin.xul 407 bytes MD5: 0x13CD2406BFF36932421ADA94CFF51556
SHA-1: 0x7C249E08B47E51D7B993875DB028356018CEE468
(not available)
45 %ProgramFiles%\wbtooltb\chrome\content\lib\dtxprefwin.xul 307 bytes MD5: 0x65A2F4FC8403318A42176E623853E322
SHA-1: 0x9BA85F8C0715A7A96D9E1807394BD4EB3345CD0B
(not available)
46 %ProgramFiles%\wbtooltb\chrome\content\lib\dtxtransparentwin.xul 626 bytes MD5: 0x5E91980F16B9073D91A2C8AB5F150415
SHA-1: 0x41BE8E408A6F20136F655A430C0A17C8B0C8F886
(not available)
47 %ProgramFiles%\wbtooltb\chrome\content\lib\dtxwin.xul 387 bytes MD5: 0xC02FA8EF5FF25FC99F4C8591223E248A
SHA-1: 0xBBF2A613D4C430AD3D23CAE7E8BFB580CD55C12C
(not available)
48 %ProgramFiles%\wbtooltb\chrome\content\lib\emailnotifierproviders.xml 1,639 bytes MD5: 0xE842A242EDE1EA20759503A099052D38
SHA-1: 0xCA593FA3E5E4AB0D5B247F96E78E0015CCD2608B
(not available)
49 %ProgramFiles%\wbtooltb\chrome\content\lib\external.js 571,314 bytes MD5: 0xC1D3F721F4BE2BF8EABB0EE7A0DD8282
SHA-1: 0xF3F4A7516047975C9C63AA0307B012F70FE11B94
packed with JSPack [Kaspersky Lab]
50 %ProgramFiles%\wbtooltb\chrome\content\lib\neterror.xhtml 344 bytes MD5: 0xF1D321A9DA995A49E2598A93AB98A2A3
SHA-1: 0x0622F31733225F4D036D63D0AA534104B8B53081
(not available)
51 %ProgramFiles%\wbtooltb\chrome\content\lib\nsDragAndDrop.js 22,187 bytes MD5: 0x9331B476499A8BDDE92248B7B4C43CB6
SHA-1: 0x7A2313EED6F18A613D9FB73DB1A321E1DBA0D3C3
(not available)
52 %ProgramFiles%\wbtooltb\chrome\content\lib\rsspreview.html 241 bytes MD5: 0x300D38768E03CEE1C370445BBED68D8C
SHA-1: 0xC3D74B867681F0C22E0C03E93D999C7002042473
(not available)
53 %ProgramFiles%\wbtooltb\chrome\content\lib\rsswin.xml 2,599 bytes MD5: 0x63DBD6756F33AEABAD4E8F7654F204BB
SHA-1: 0x4213A304B6342A9C396C33DED31EAB50F0D23FCB
(not available)
54 %ProgramFiles%\wbtooltb\chrome\content\lib\rsswin.xsl 7,474 bytes MD5: 0xA8C5A0F0E6A5D0E64DD0178344B97531
SHA-1: 0x16C18DEEF77CADDE15F96E88E90CDDF5D8EADF68
(not available)
55 %ProgramFiles%\wbtooltb\chrome\content\lib\wmpstreamer.html 1,087 bytes MD5: 0x415B288230B3309015823AC18FABCB88
SHA-1: 0x2879525D39DD4407C222B2B0F22BF48F7626375B
(not available)
56 %ProgramFiles%\wbtooltb\chrome\content\modules\datastore.jsm 3,820 bytes MD5: 0x6F72756111ACA8CC05FA5B51B061DE5B
SHA-1: 0xDC131C15B6EC03B49BE806B2DE678D89EDDCA7EE
(not available)
57 %ProgramFiles%\wbtooltb\chrome\content\newtab\images\btn_search.gif 2,671 bytes MD5: 0x3A34F255095637382ABB7479C71A0EA7
SHA-1: 0xF40BA3A9C06AF7D63D8EB9A3EB3EA355D553C426
(not available)
58 %ProgramFiles%\wbtooltb\chrome\content\newtab\images\bullet.gif 45 bytes MD5: 0xDA1A3193AE2D96A96DBDB8E93921D201
SHA-1: 0x256D453A9A10BE1927EFA0A461BAB1C6A016FA36
(not available)
59 %ProgramFiles%\wbtooltb\chrome\content\newtab\images\field_bg.gif 389 bytes MD5: 0xB29878732B5BB33457F55CF5977C9448
SHA-1: 0xED7F9BAEF341536D53D30B7D9EFE59EED33727E2
(not available)
60 %ProgramFiles%\wbtooltb\chrome\content\newtab\images\powered_by_yahoo.gif 1,022 bytes MD5: 0x9A9BE827597ADEE6437ED1F86E3780FF
SHA-1: 0x793D97CF1BC0AFD6C1F8D79A34F013606AF1FB81
(not available)
61 %ProgramFiles%\wbtooltb\chrome\content\newtab\newtab.html 6,850 bytes MD5: 0x5BAACC5B6C8063F4408436C536EB3ED0
SHA-1: 0xF798A2C9939DDDD9E536AA442CE1FC2CC123CCB5
(not available)
62 %ProgramFiles%\wbtooltb\chrome\content\preferences.xml 663 bytes MD5: 0xF7725A8FD65327FBD2DC578958D4FB2D
SHA-1: 0x70A6589C6B66C55439B0A02359A20342E27A8BF3
(not available)
63 %ProgramFiles%\wbtooltb\chrome\content\toolbar.htm 633 bytes MD5: 0x3BB959ACCD174D7A364FCCD5FB1837AF
SHA-1: 0x0D5450348E0D190067BC63A72417F9B9E4A3F38A
(not available)
64 %ProgramFiles%\wbtooltb\chrome\content\toolbar.xul 572,075 bytes MD5: 0xF4FA9D3EF1CB8516961F789AFFDF72C7
SHA-1: 0x6DFBD81FF38D08BB3A7A30279A595F67CD626F0E
(not available)
65 %ProgramFiles%\wbtooltb\chrome\content\wbtooltb.js 3,838 bytes MD5: 0xC7B297C7DA9210F8AC873F56FE9F7879
SHA-1: 0xCA2965FB54FCE32F02DAB5813C23DEF19A70F35A
(not available)
66 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.2.Babylon.1220\bg-scalable-mdl.gif 456 bytes MD5: 0x058A021949A7F624B994661850C79188
SHA-1: 0xE29C7F8EC8E242634394730D612969FF4A3AF544
(not available)
67 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.2.Babylon.1220\bg-scalable-tl.gif 3,449 bytes MD5: 0x6076A4C5ABC72F64837DACE7CE365C6E
SHA-1: 0xF1B922750A101E6D0D5DA17D1541A096310600FA
(not available)
68 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.2.Babylon.1220\bg-scalable-tr.gif 2,978 bytes MD5: 0x140F78ECBA49FF429FD7BD925623D718
SHA-1: 0x35ACBBD05F26540EDD1C63BE493E5A8BCA46A2C7
(not available)
69 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.2.Babylon.1220\btn-dragresize.png 317 bytes MD5: 0x90AE29374FDA72B46F1958191A5A40B4
SHA-1: 0xB31BB74BCA08AD5532F3B61A21C09964BBF015EB
(not available)
70 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.2.Babylon.1220\btn-wide-close-down.PNG 1,261 bytes MD5: 0xB5385458A106E2ACED8145111EE2CA4C
SHA-1: 0x27CE096A3160B85D9C892A1A9EFF6F0CE61B0F13
(not available)
71 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.2.Babylon.1220\btn-wide-close-over.PNG 1,265 bytes MD5: 0x06B9A6B8027CBF342E6D2CF42E025E8F
SHA-1: 0xAFFF1A82A5D64A6CA85E83B7B31D0E19422F03E6
(not available)
72 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.2.Babylon.1220\btn-wide-close.png 1,262 bytes MD5: 0x5846C05BAE3E6706B8B60676A808E0A3
SHA-1: 0x9940F9F1E491C12E8FD40447B3CCFD39E476CB2D
(not available)
73 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.2.Babylon.1220\btn-wide-maximize-down.png 724 bytes MD5: 0x8E15C527331238DAEE0C355B591DEFBE
SHA-1: 0x92AACADB6394716AD307CA21A7C20365FF85D385
(not available)
74 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.2.Babylon.1220\btn-wide-maximize-over.png 737 bytes MD5: 0x4B029FA2A015CED525B2F5920ED2F5A9
SHA-1: 0x8BE5903E3F9DEF61B517FFC401D1E13AAE92FC06
(not available)
75 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.2.Babylon.1220\btn-wide-maximize.png 514 bytes MD5: 0x0256C01B2A005C582FC61182F238AF09
SHA-1: 0x4EBC5921A796608AA14EFFAF5A74825C657A6A34
(not available)
76 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.2.Babylon.1220\btn-wide-minimize-down.PNG 1,226 bytes MD5: 0x23529D8F44371300512F01924C401430
SHA-1: 0x0736A3BA277C8A7F1C6D994472331E41CBDE4E4A
(not available)
77 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.2.Babylon.1220\btn-wide-minimize-over.PNG 1,222 bytes MD5: 0x74E7397839D4912CDCDDCFA650485692
SHA-1: 0x580E99A698FF33C68AE31A94E49C09D4A43CE74E
(not available)
78 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.2.Babylon.1220\btn-wide-minimize.PNG 1,167 bytes MD5: 0x67E7390B1D19B91CD290961619A7212C
SHA-1: 0x786EED6CAA760A0AC031CA8AE9343978121BED7B
(not available)
79 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.2.Babylon.1220\btnarrow-next-off.png 591 bytes MD5: 0xEC52771CC9F815DB8567ED6D7CFE1B09
SHA-1: 0xE1A93767F8336A722D5F6DC1E24BD0336E34A77E
(not available)
80 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.2.Babylon.1220\btnarrow-next.png 627 bytes MD5: 0x53C02DC4EE48E77EA7E6F15B8CD9B632
SHA-1: 0x278A37D0BE98089ABAB95B1438082EDF21E33B83
(not available)
81 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.2.Babylon.1220\btnarrow-previous-off.png 633 bytes MD5: 0x9A8D072191D4E475E5E480FC3543B16B
SHA-1: 0x783592CBCF2D9D9417D1C3EA7E80B8CCA46DD590
(not available)
82 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.2.Babylon.1220\btnarrow-previous.png 667 bytes MD5: 0x10783B75928207BF1DD84B5A1F65C7C9
SHA-1: 0xA3D4F71415026150A7E87535E359CA390C2EAE1B
(not available)
83 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.2.Babylon.1220\navico-home.gif 1,037 bytes MD5: 0x377CE7D358C97B48CB34FB6B6969E557
SHA-1: 0xE97D039A3161622B81C37030819DFACAFE030804
(not available)
84 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.2.Babylon.1220\panel.html 4,161 bytes MD5: 0x5ED90FD4BD94FA17491537AD9C1F2D37
SHA-1: 0x501B5752C32C86252B53B55D29AA594983F0ADE9
(not available)
85 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.2.Babylon.1220\powered-mystart.gif 1,706 bytes MD5: 0x77C2051A9DADC92491ACAF7D7D4451C2
SHA-1: 0x9BE915B2E9DA994BAE7C867C38483DA01D95AF4A
(not available)
86 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.2.Babylon.1220\tb_icon.png 3,577 bytes MD5: 0x30FF3A31EDC0442F934F703C26B9F572
SHA-1: 0xBA3E29F00543DD4AD491CFFB5AB1F0638A87DF5A
(not available)
87 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.2.Babylon.1220\widget.js 11,732 bytes MD5: 0x00C81C95B8D43363BF1CD8CB0BC84F67
SHA-1: 0x9F053B444BBDF4C674648A34E86CFAE45FBFCEE8
(not available)
88 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.2.Babylon.1220\widget.xml 1,246 bytes MD5: 0x9D13186F562EB6986356B061E214F28B
SHA-1: 0x44491FC2EDA2006441A59B8D19E9BEDDBA09BC93
(not available)
89 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.Coupons\arrow-next-off.png
%ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.Shopping\arrow-next-off.png
1,167 bytes MD5: 0xEE3F6AFEA4E00BB294646D32E5E48FBE
SHA-1: 0x6EBC89A31DAB06A0741B053F2B57BCA9DAF4061B
(not available)
90 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.Coupons\arrow-next.png
%ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.Coupons\btn-next-blue.png
%ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.Shopping\arrow-next.png
1,238 bytes MD5: 0x3773C956D75749E8C4437CC5DD6EEB35
SHA-1: 0x6A108F7CBC4112906E526DCF19880E4A0191F4EA
(not available)
91 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.Coupons\arrow-previous-off.png
%ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.Shopping\arrow-previous-off.png
1,172 bytes MD5: 0x05CD28CC4C0C7DE01F53C684F0825887
SHA-1: 0x16C011BBA3BAF4254F13A87AB3F00C32E46FBC5A
(not available)
92 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.Coupons\arrow-previous.png
%ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.Coupons\btn-previous-blue.png
%ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.Shopping\arrow-previous.png
1,236 bytes MD5: 0x54FAC5395A561F2BE5217443D830CE42
SHA-1: 0xC9471567B71D43480E41C575211259A5884F8B4D
(not available)
93 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.Coupons\bg-coupon-blue.png 8,409 bytes MD5: 0xBD7F2C2B0CFFC38832D15D6FA050BCA8
SHA-1: 0x1D5114B427AFC33D0BF7512FF781AFD443EAB640
(not available)
94 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.Coupons\bg-rounded.png 2,737 bytes MD5: 0x5D16A9854E7ECE3707B5A2F520B1D13F
SHA-1: 0xEC8EC0299F13C78BCFFC5EB21DEA7604A4A92DD2
(not available)
95 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.Coupons\bg-save.png 8,482 bytes MD5: 0xFD92BB4BC54ECB0C2AAE53EDEBB232E5
SHA-1: 0xE49DEA7B9EF06CF3C9F8E708F52A5B33A4F7C04D
(not available)
96 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.Coupons\bg.png 2,037 bytes MD5: 0x06B3F9C7F45151A7CF03B8AE34B80BC2
SHA-1: 0x913CD97E5F03CC48DC9D230A13A85148365C5112
(not available)
97 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.Coupons\btn-getcoupon.png 3,530 bytes MD5: 0xAC6F50605B2726C24FE05F12DBA08F35
SHA-1: 0xB3BDD9E3054E095251F17D4081547D155B991A15
(not available)
98 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.Coupons\btn-wide-close-over.png
%ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close-over.png
%ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.Shopping\btn-wide-close-over.png
%ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close-over.png
%ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close-over.png
%ProgramFiles%\wbtooltb\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
873 bytes MD5: 0xEF89DEC89E690BEAB356CB23D2E9C1C8
SHA-1: 0x3208700A58C54F19E1E38FC9D32BD4D5ABC048D1
(not available)
99 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.Coupons\btn-wide-close.png
%ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close.png
%ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.Shopping\btn-wide-close.png
%ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close.png
%ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close.png
%ProgramFiles%\wbtooltb\chrome\skin\lib\panels\default\images\btn-wide-close.png
857 bytes MD5: 0x8B0BB9B3DB5325CD0B589292B7C60BBA
SHA-1: 0xFA762BE8033C37D8D07E34B740CF72A06A1FB2A7
(not available)
100 %ProgramFiles%\wbtooltb\chrome\content\widgets\net.vmn.www.Coupons\coupon-activated.png 2,626 bytes MD5: 0x9A197EBE90EE57686F05135AC694CF21
SHA-1: 0x57EFB7F955D29C4630278C885EF61F8F857C5F38
(not available)

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]221,184 bytes

 

Registry Modifications

 

Other details

Remote HostPort Number
174.143.151.23280
213.174.155.19580
64.124.109.23780
64.15.158.22880
64.208.241.5880
66.115.160.3380
66.115.174.14480
67.205.74.14480
69.50.129.7380
69.50.130.9680

 

Outbound traffic (potentially malicious)

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.