Submission Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.
Contains characteristics of an identified security risk.


Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.


Possible Security Risk

Threat CategoryDescription
A potentially unwanted adware program designed to deliver various advertisements to the users' systems


File System Modifications

#Filename(s)File SizeFile HashAlias
1 %Temp%\GLC1.tmp 160,768 bytes MD5: 0xFBD929BFC7B4A9E4FA4506655BAB4C4A
SHA-1: 0xB4DF84DE80729A04ED90DC976A3E730A568F24F8
(not available)
2 %Temp%\GLF5.tmp 9,728 bytes MD5: 0xB9B41E50D612E00BF3A49A6405B89D74
SHA-1: 0x88063EE643C64F18FEDDA1890C717122634AEDFD
(not available)
3 %Temp%\GLF6.tmp 15,160 bytes MD5: 0x6456B9ADB9F2EE77FB7B4DB63E6D1F6E
SHA-1: 0xEC1AB2C7B877185D3EC46F4FAEA551BB62B3404D
(not available)
4 %Temp%\GLF7.tmp 31,411 bytes MD5: 0x03515BC53A2263067A1519F17D726F5E
SHA-1: 0x1D476FA68276FB815D6C27ADBA8541AC98EF3019
(not available)
5 %Temp%\GLF8.tmp 17,754 bytes MD5: 0xC4B00F83072C420BABB14CD1EDAED9A8
SHA-1: 0xBEF41DFB3E2897EDC88D4DBE4F1AFFB813096236
(not available)
6 %Temp%\GLG4.tmp 148 bytes MD5: 0x4A2D2F21694A246FA5F83BA3D8ADFDB1
SHA-1: 0x392B20C5A8D2375C821B6781FF11D1DFF33C7A6E
(not available)
7 %Temp%\GLK2.tmp 31,232 bytes MD5: 0x3DF61E5730883B2D338ADDD7ACBE4BC4
SHA-1: 0x03166E6230231E7E3583CF9C8944F4967AA1BF1B
(not available)
8 [file and pathname of the sample #1] 649,835 bytes MD5: 0xF72D2FBAC84673213433AAB42C9ADC27
SHA-1: 0x5F1E08C5F454DBEF97E9EFDBC1AE485F7365DCB0
not-a-virus:AdWare.Win32.Gator.3103 [Kaspersky Lab]
Adware-GAIN!a [McAfee]
not-a-virus:AdWare.Win32.OneStep [Ikarus]


Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]28,672 bytes


Registry Modifications


Other details

Remote HostPort Number



All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2015 ThreatExpert. All rights reserved.