| Visit ThreatExpert web site | | | Close Report |
| What's been found | Severity Level |
| Downloads/requests other files from Internet. |  |
NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.
 | File System Modifications |
| # | Filename(s) | File Size | File Hash | Alias |
| 1 | %Temp%\Aceleradorb_Setup.exe | 125 bytes | MD5: 0x7C5F5A68051F6B0C0E9A2AD33C40D415 SHA-1: 0x120865765927A61AF83F02B83DC297EEDE61EC41 |
(not available) |
| 2 | [file and pathname of the sample #1] | 392,104 bytes | MD5: 0xF5122B27FA067A91CB254731B88E043B SHA-1: 0x65740FF621E3D7F07143D44D6CAEF97897265FF4 |
packed with UPX [Kaspersky Lab] |
 | Memory Modifications |
| Process Name | Process Filename | Main Module Size |
| [filename of the sample #1] | [file and pathname of the sample #1] | 1,060,864 bytes |
 | Registry Modifications |
 | Other details |
 |
Brazil |
| Port | Protocol | Process |
| 1035 | UDP | [file and pathname of the sample #1] |
| Server Name | Server Port | Connect as User | Connection Password |
| www.arquivofacil.com | 80 | (null) | (null) |
| What's been found | Severity Level |
| Downloads/requests other files from Internet. | |
| Registers a 32-bit in-process server DLL. | |
| Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module). | |
| File System Modifications |
| # | Filename(s) | File Size | File Hash |
| 1 | %CommonDesktopDir%\Acelerador de Downloads.lnk | 1,682 bytes | MD5: 0xCD5729432814913C2203384D6E69FD17 SHA-1: 0x8590B1A8847F0ADA53103C9E438F3131BB4D9DD5 |
| 2 | %CommonDesktopDir%\CONTA PRIME.lnk | 1,697 bytes | MD5: 0xE06130F1C5D30D9A8F550D43E087BDEF SHA-1: 0x440D2CA223891DDE041D575F0A27249D9232A77E |
| 3 | %CommonPrograms%\Acelerador de Downloads\Acelerador de Downloads.lnk | 804 bytes | MD5: 0x8A1D495D24B29BAB62456391C19D6597 SHA-1: 0x7D2739D86640E01DE054B2358480C53F8D9EB11B |
| 4 | %CommonPrograms%\Acelerador de Downloads\Desinstalar Acelerador de Downloads.lnk | 799 bytes | MD5: 0x0E3FB0779B459B7887BF436FAF45167D SHA-1: 0x597FDBAC751E82A94596AD091DB31D4C2BAE8EA4 |
| 5 | %AppData%\Babylon\log_file.txt | 11,805 bytes | MD5: 0xA6089AD8FE00BF18EE5CEC5B6A9981A7 SHA-1: 0xD604ED55378956F3DC8CAA6CD80FC71A45341F69 |
| 6 |
%AppData%\Babylon\Setup\bab033.tbinst.dat
%Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\bab033.tbinst.dat %Temp%\4342A930-BAB0-7891-B249-CE6A8C50F6A4\bab033.tbinst.dat %Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\bab033.tbinst.dat |
236 bytes | MD5: 0x1EE8C638E49EE7137607722768AFC5A2 SHA-1: 0x8719D7A498A49B042CD6FC411CAC6C44F3C0F43A |
| 7 |
%AppData%\Babylon\Setup\bab091.norecovericon.dat
%Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\bab091.norecovericon.dat %Temp%\4342A930-BAB0-7891-B249-CE6A8C50F6A4\bab091.norecovericon.dat %Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\bab091.norecovericon.dat |
174 bytes | MD5: 0x4F6E1FDBEF102CDBD379FDAC550B9F48 SHA-1: 0x5DA6EE5B88A4040C80E5269E0CD2B0880B20659C |
| 8 |
%AppData%\Babylon\Setup\Babylon.dat
%Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\Babylon.dat %Temp%\4342A930-BAB0-7891-B249-CE6A8C50F6A4\Babylon.dat %Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\Babylon.dat |
12,848 bytes | MD5: 0xADBB6A655AE518830BA1AFEFDB84668F SHA-1: 0xA1BE53D99A67FFF011EA035C310588E635C718E1 |
| 9 |
%AppData%\Babylon\Setup\BabyTBConf.ini
%Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\BabyTBConf.ini %Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\BabyTBConf.ini |
578 bytes | MD5: 0x6722E572549B66647554529843C4F866 SHA-1: 0x2977DBC4E6A11E353599B9F45D73F145BC6FDE7F |
| 10 |
%AppData%\Babylon\Setup\BExternal.dll
%Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\BExternal.dll %Temp%\4342A930-BAB0-7891-B249-CE6A8C50F6A4\BExternal.dll %Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\BExternal.dll |
129,536 bytes | MD5: 0x743ACBF54EB091066BE6AB3CB12C5988 SHA-1: 0x43A205985790C47A7E611FA2D3CAB9B4EB59121F |
| 11 |
%AppData%\Babylon\Setup\HtmlScreens\blueStar.png
%Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\HtmlScreens\blueStar.png %Temp%\4342A930-BAB0-7891-B249-CE6A8C50F6A4\HtmlScreens\blueStar.png %Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\HtmlScreens\blueStar.png |
15,198 bytes | MD5: 0xA7FCDF142648BAC756FCFE06A31F42E4 SHA-1: 0x4DF99B119C183C821ED1BF0F825536318C9C3353 |
| 12 |
%AppData%\Babylon\Setup\HtmlScreens\eula.html
%Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\HtmlScreens\eula.html %Temp%\4342A930-BAB0-7891-B249-CE6A8C50F6A4\HtmlScreens\eula.html %Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\HtmlScreens\eula.html |
81,185 bytes | MD5: 0x1B73A781F7F5B0D61624BD97050A2ED0 SHA-1: 0x01B848625761D5DEDE115E8599E4C72F126F8A3C |
| 13 |
%AppData%\Babylon\Setup\HtmlScreens\globe.png
%Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\HtmlScreens\globe.png %Temp%\4342A930-BAB0-7891-B249-CE6A8C50F6A4\HtmlScreens\globe.png %Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\HtmlScreens\globe.png |
34,267 bytes | MD5: 0xCC53FB9E9456EB79479151090CB16CBD SHA-1: 0xE61004BF729757F3F225F77F0236B82518F68662 |
| 14 |
%AppData%\Babylon\Setup\HtmlScreens\options.js
%Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\HtmlScreens\options.js %Temp%\4342A930-BAB0-7891-B249-CE6A8C50F6A4\HtmlScreens\options.js %Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\HtmlScreens\options.js |
119 bytes | MD5: 0x771F230F8BBC96A03B13976667918F1F SHA-1: 0x0FBA422C76B89CDB5D12E657064C49A9B1B7ABAE |
| 15 |
%AppData%\Babylon\Setup\HtmlScreens\page0.html
%Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\HtmlScreens\page0.html %Temp%\4342A930-BAB0-7891-B249-CE6A8C50F6A4\HtmlScreens\page0.html %Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\HtmlScreens\page0.html |
1,641 bytes | MD5: 0xCF33120DD42CEE842D96532843BB1961 SHA-1: 0x1DB4F3E0AA1E4036A078A05F48FEFDBB8744E3CF |
| 16 |
%AppData%\Babylon\Setup\HtmlScreens\page2.css
%Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\HtmlScreens\page2.css %Temp%\4342A930-BAB0-7891-B249-CE6A8C50F6A4\HtmlScreens\page2.css %Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\HtmlScreens\page2.css |
2,927 bytes | MD5: 0x085CF46C4D1C8DEA9EDD79EE37D6D5BD SHA-1: 0x30CB66994C45261A4AAA6D9ECDF1B1890ED09B45 |
| 17 |
%AppData%\Babylon\Setup\HtmlScreens\page2.html
%Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\HtmlScreens\page2.html %Temp%\4342A930-BAB0-7891-B249-CE6A8C50F6A4\HtmlScreens\page2.html %Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\HtmlScreens\page2.html |
3,882 bytes | MD5: 0x12152DED3604E8BAAF82C078F8034D60 SHA-1: 0x0867DEC241A257E3E9AD9E8D20B9E06E3BCE7184 |
| 18 |
%AppData%\Babylon\Setup\HtmlScreens\page2Lrg.css
%Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\HtmlScreens\page2Lrg.css %Temp%\4342A930-BAB0-7891-B249-CE6A8C50F6A4\HtmlScreens\page2Lrg.css %Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\HtmlScreens\page2Lrg.css |
2,015 bytes | MD5: 0xDB15B568F9D195635B3FCAB87EF6293F SHA-1: 0x6AE0F374531CB3013857880E8469A103492B8393 |
| 19 |
%AppData%\Babylon\Setup\HtmlScreens\page3.css
%Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\HtmlScreens\page3.css %Temp%\4342A930-BAB0-7891-B249-CE6A8C50F6A4\HtmlScreens\page3.css %Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\HtmlScreens\page3.css |
1,064 bytes | MD5: 0x07784AD77F30FA018949E412B2257AAB SHA-1: 0x8595C222A3741BFA83C5A4D982C845C8038062A6 |
| 20 |
%AppData%\Babylon\Setup\HtmlScreens\page3.html
%Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\HtmlScreens\page3.html %Temp%\4342A930-BAB0-7891-B249-CE6A8C50F6A4\HtmlScreens\page3.html %Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\HtmlScreens\page3.html |
1,800 bytes | MD5: 0xB23C25988099403433EFB7FB64715676 SHA-1: 0xE833527E1C021B311286E6E2D1C2F0530BE0A565 |
| 21 |
%AppData%\Babylon\Setup\HtmlScreens\page3Lrg.css
%Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\HtmlScreens\page3Lrg.css %Temp%\4342A930-BAB0-7891-B249-CE6A8C50F6A4\HtmlScreens\page3Lrg.css %Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\HtmlScreens\page3Lrg.css |
977 bytes | MD5: 0xB3520C555C46A7020D8F27BFE81DF0CA SHA-1: 0x59398086ABE3987C2A91EDACB74ECA94BBD63D7D |
| 22 |
%AppData%\Babylon\Setup\HtmlScreens\pBar.gif
%Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\HtmlScreens\pBar.gif %Temp%\4342A930-BAB0-7891-B249-CE6A8C50F6A4\HtmlScreens\pBar.gif %Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\HtmlScreens\pBar.gif |
3,208 bytes | MD5: 0x26621CB27BBC94F6BAB3561791AC013B SHA-1: 0x4010A489350CF59FD8F36F8E59B53E724C49CC5B |
| 23 |
%AppData%\Babylon\Setup\HtmlScreens\progress.png
%Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\HtmlScreens\progress.png %Temp%\4342A930-BAB0-7891-B249-CE6A8C50F6A4\HtmlScreens\progress.png %Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\HtmlScreens\progress.png |
2,864 bytes | MD5: 0xDEE08D8CBCDEB8013ADF28ECF150AAF3 SHA-1: 0xC61CD9B1BD0127244B9D311F493FC514AA5C08D6 |
| 24 |
%AppData%\Babylon\Setup\HtmlScreens\setup.js
%Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\HtmlScreens\setup.js %Temp%\4342A930-BAB0-7891-B249-CE6A8C50F6A4\HtmlScreens\setup.js %Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\HtmlScreens\setup.js |
13,997 bytes | MD5: 0xA95607CE49FA0AF8ED7A3F5667C3EB31 SHA-1: 0x5E4B5A30E56C42329AFDF216625BF35BE69A82AA |
| 25 |
%AppData%\Babylon\Setup\HtmlScreens\title.png
%Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\HtmlScreens\title.png %Temp%\4342A930-BAB0-7891-B249-CE6A8C50F6A4\HtmlScreens\title.png %Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\HtmlScreens\title.png |
26,111 bytes | MD5: 0x12EF76069CC40B8AD478D9091915DED6 SHA-1: 0xFABAD560B6E6839F9E5AE1268695D11CA35F9D74 |
| 26 |
%AppData%\Babylon\Setup\HtmlScreens\toolBar.jpg
%Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\HtmlScreens\toolBar.jpg %Temp%\4342A930-BAB0-7891-B249-CE6A8C50F6A4\HtmlScreens\toolBar.jpg %Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\HtmlScreens\toolBar.jpg |
19,693 bytes | MD5: 0x56DC3CB42B46309E642C15167003685D SHA-1: 0x045749DE2C1492E5DFC4C44F9EB6C0FEEFE06B3D |
| 27 |
%AppData%\Babylon\Setup\IECookieLow.dll
%Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\IECookieLow.dll %Temp%\4342A930-BAB0-7891-B249-CE6A8C50F6A4\IECookieLow.dll %Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\IECookieLow.dll |
5,120 bytes | MD5: 0x5A27C8702510D0B6C698163053FDE6D1 SHA-1: 0x69FDC602A51E52C603F23A80E9B087C262DCE940 |
| 28 |
%AppData%\Babylon\Setup\Setup.exe
%Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\Setup.exe
%Temp%\4342A930-BAB0-7891-B249-CE6A8C50F6A4\Setup.exe
%Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\Setup.exe
|
1,775,728 bytes | MD5: 0x14C2D4576D528ED76FADA4F4FA1A5952 SHA-1: 0x3A9D7D4639B5EB8BEC42DF972C44493690EAADFC |
| 29 |
%AppData%\Babylon\Setup\SetupStrings.dat
%Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\SetupStrings.dat %Temp%\4342A930-BAB0-7891-B249-CE6A8C50F6A4\SetupStrings.dat %Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\SetupStrings.dat |
65,528 bytes | MD5: 0x07BB1523DC51EC1FD5913B0A70AB98EE SHA-1: 0x216F853CB251F32F5C91345404EFD48F041AD5BD |
| 30 |
%AppData%\Babylon\Setup\sign
%Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\sign %Temp%\4342A930-BAB0-7891-B249-CE6A8C50F6A4\sign %Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\sign |
81,920 bytes | MD5: 0x73DBC500E121B83EC57BB2563203259A SHA-1: 0x658ADAC13FC362F5292CBBDA19ADE1D228FF7901 |
| 31 |
%AppData%\Babylon\Setup\sqlite3.dll
%Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\sqlite3.dll
%Temp%\4342A930-BAB0-7891-B249-CE6A8C50F6A4\sqlite3.dll
%Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\sqlite3.dll
|
520,234 bytes | MD5: 0x0F66E8E2340569FB17E774DAC2010E31 SHA-1: 0x406BB6854E7384FF77C0B847BF2F24F3315874A3 |
| 32 |
%Temp%\nsc10.tmp
%Temp%\nso6.tmp %Temp%\nsv14.tmp |
125 bytes | MD5: 0x7C5F5A68051F6B0C0E9A2AD33C40D415 SHA-1: 0x120865765927A61AF83F02B83DC297EEDE61EC41 |
| 33 |
%Temp%\nsd5.tmp\registry.dll
%Temp%\nssF.tmp\registry.dll
%Temp%\nsy13.tmp\registry.dll
|
25,088 bytes | MD5: 0x2B7007ED0262CA02EF69D8990815CBEB SHA-1: 0x2EABE4F755213666DBBBDE024A5235DDDE02B47F |
| 34 |
%ProgramFiles%\Acelerador de Downloads\babylon.exe
|
865,392 bytes | MD5: 0x3D91ECDBB3404485702FB92B26B17D90 SHA-1: 0x5DFC514A7A1E037683FED57029F49FA6C6F04DBF |
| 35 | %ProgramFiles%\Acelerador de Downloads\contaprime.ico | 353,118 bytes | MD5: 0xBB2A929646BD1BB5D7ACF2BC01BFF355 SHA-1: 0x27FB1B475230C7BD35721BCAB695A94784F77F4D |
| 36 | %ProgramFiles%\Acelerador de Downloads\contaprime.url | 58 bytes | MD5: 0x89459C15F1BB49706F1300461A4C279E SHA-1: 0x65F2F77AD012DB396D3C8DBFF3CA0649CF327902 |
| 37 | %ProgramFiles%\Acelerador de Downloads\dealply.exe | 507,400 bytes | MD5: 0xC341FE87D7714655245B7BD8E13EDB45 SHA-1: 0xC6D7E5A26AC756D6B18AF1713F104D770A835F3E |
| 38 | %ProgramFiles%\Acelerador de Downloads\icone.ico | 140,206 bytes | MD5: 0x147D1908C6B1A676CC98CC149D9DD4FF SHA-1: 0x30A052265DA7616CC9AFED410FC78E20D465FFBE |
| 39 | %ProgramFiles%\Acelerador de Downloads\launcherb.exe | 454,272 bytes | MD5: 0xD1AB60014393CA7E5C4B4E732CB0ABBA SHA-1: 0xB793EED7496C7B0D0B9CEA046EA588680707671C |
| 40 | %ProgramFiles%\Acelerador de Downloads\registro1.exe | 437,888 bytes | MD5: 0x8F58547E19D8BDF878AB504044C693D9 SHA-1: 0xF4A046C47FF8DB30547F87E80A388F1DB5A26495 |
| 41 | %ProgramFiles%\Acelerador de Downloads\registrob.exe | 437,888 bytes | MD5: 0xEC82097A4B7CA94D8DCF1A85E0C35C0E SHA-1: 0x0B100F0BB448E24016F54E6FA8A719E36415859A |
| 42 | %ProgramFiles%\Acelerador de Downloads\unins000.dat | 2,768 bytes | MD5: 0xDFD30DE7392A6ED91F380BD80636C5D4 SHA-1: 0x4178E48569B0C69CA92CFD38A7A40329F5D7536A |
| 43 |
%ProgramFiles%\Acelerador de Downloads\unins000.exe
|
852,622 bytes | MD5: 0x48ED07032C5D8CF1E947FF27F9F75CCA SHA-1: 0x6985923C88DE584A0517ECD1B8E3A808C2FF392F |
| 44 | %ProgramFiles%\DealPly\DealPly.crx | 18,245 bytes | MD5: 0xE72028684F4E025772F6E2A79DAA0742 SHA-1: 0x34F2250D95985E2EEEE0F3CA484EFBBC1B592F74 |
| 45 | %ProgramFiles%\DealPly\DealPlyIE.dll | 83,048 bytes | MD5: 0x158CE0639CFD6793E1ECB59C8406132D SHA-1: 0x8B6C27D84F537E9817B2BD33844C146BCEA04444 |
| 46 | %ProgramFiles%\DealPly\DealPlyUpdate.exe | 78,000 bytes | MD5: 0x7E68E29CF66FBA108527BC38189636FF SHA-1: 0x649F4CCE28FE3CD7F7D0706027204193EED61493 |
| 47 | %ProgramFiles%\DealPly\DealPlyUpdateRun.exe | 81,512 bytes | MD5: 0xEF943002BA4F22E10FF5750C6D2D6659 SHA-1: 0x46511245FAEE07E002BCCA6BA42FE4534642C2D7 |
| 48 | %ProgramFiles%\DealPly\icon.ico | 15,086 bytes | MD5: 0xD6AA5D65F6D4CF289E76C8F36FD2E974 SHA-1: 0x2CF343E4F01DA2C3CA5A82EF8C0540847A3B7564 |
| 49 |
%ProgramFiles%\DealPly\uninst.exe
|
112,953 bytes | MD5: 0x85F405FB3B0F7E4ECCDB66642D57CA3F SHA-1: 0x1D0A877C3BC91F6507DBC182B06C2763E01D9173 |
| 50 | [file and pathname of the sample #1] | 2,304,424 bytes | MD5: 0x43599D1F2FD038B4465A5B70F435D97C SHA-1: 0xCC0F3DE8B316A209922E56FF97966A26D58145F0 |
| 51 | %Windir%\Tasks\DealPlyUpdate.job | 296 bytes | MD5: 0x7603483F49701518B107F97FB11445E9 SHA-1: 0xDCB72C36C62851162668B9760EACB3C91DEAEF17 |
| Memory Modifications |
| Process Name | Process Filename | Main Module Size |
| Setup.exe | %Temp%\4342a930-bab0-7891-b249-ce6a8c50f6a4\setup.exe | 1,810,432 bytes |
| launcherb.exe | %ProgramFiles%\acelerador de downloads\launcherb.exe | 1,409,024 bytes |
| Setup.exe | %Temp%\542BEE46-BAB0-7891-A428-C06E5C8113F8\Setup.exe | 1,810,432 bytes |
| babylon.exe | %ProgramFiles%\acelerador de downloads\babylon.exe | 876,544 bytes |
| dealply.exe | %ProgramFiles%\acelerador de downloads\dealply.exe | 241,664 bytes |
| ns1B.tmp | %Temp%\nsy13.tmp\ns1B.tmp | 20,480 bytes |
| ns18.tmp | %Temp%\nssF.tmp\ns18.tmp | 20,480 bytes |
| Setup.exe | %Temp%\40658AC8-BAB0-7891-9B2E-792A2FA3F4E5\Setup.exe | 1,810,432 bytes |
| [filename of the sample #1] | [file and pathname of the sample #1] | 217,088 bytes |
| ns9.tmp | %Temp%\nsd5.tmp\ns9.tmp | 20,480 bytes |
| [filename of the sample #1 without extension].tmp | %Temp%\is-0JOJD.tmp\[filename of the sample #1 without extension].tmp | 905,216 bytes |
| Process Name | Process Filename | Allocated Size |
| Setup.exe | %AppData%\babylon\setup\setup.exe | 20,480 bytes |
| Registry Modifications |
| Other details |
| Remote Host | Port Number |
| trail.dealply.com | 1042 |
| trail.dealply.com | 1057 |
| Server Name | Server Port | Connect as User | Connection Password |
| stp.babylon.com | 80 | stp.babylon.com | stp.babylon.com |
| search.babylon.com | 80 | (null) | (null) |
| protetor.info | 80 | (null) | (null) |
| info.babylon.com | 80 | (null) | (null) |
All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.
The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2013 ThreatExpert. All rights reserved.