ThreatExpert Report

Submission Summary:

Submission details:

Submission received: 30 December 2007, 16:22:01
Processing time: 4 min 29 sec
Submitted sample:

File MD5: 0xF914B558E9986DDAAD8A16C1B9D2821D
Filesize: 1,951,281 bytes

Summary of the findings:

What's been found	Severity Level
Downloads/requests other files from Internet.

Technical Details:

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash
1	%CommonDesktopDir%\SensorsView Pro 3.1.lnk	738 bytes	MD5: 0x11A59E9C16CF4D353D1E08DA9EEF0627
2	%CommonPrograms%\SensorsView Pro 3.1\SensorsView Pro 3.1.lnk	750 bytes	MD5: 0x8314EC7AEF8E337F94083D73E7CC88CC
3	%CommonPrograms%\SensorsView Pro 3.1\SensorsView Web Site.lnk	770 bytes	MD5: 0xF6B131DFC2B3CCBB05C955B21EA36B78
4	%CommonPrograms%\SensorsView Pro 3.1\Uninstall.lnk	755 bytes	MD5: 0x96E4E00265C02334A37D343182E3D136
5	%Temp%\nsn3.tmp\nsSCM.dll	5,632 bytes	MD5: 0x62EFA7B730EB0523A026EA4325403B77
6	%ProgramFiles%\SensorsViewPro31\AlarmLog.txt	105 bytes	MD5: 0xA9F6232887801A45B22928AFA0B87BA1
7	%ProgramFiles%\SensorsViewPro31\alert.wav	45,404 bytes	MD5: 0x843B68D3E61F38129922C838AE52259F
8	%ProgramFiles%\SensorsViewPro31\copy.avi	10,886 bytes	MD5: 0x27AFA61E5A40C6701A9CBA7662F922DA
9	%ProgramFiles%\SensorsViewPro31\debug.txt	13,842 bytes	MD5: 0xA69243480DE375ED91B8EFDFC882D5D2
10	%ProgramFiles%\SensorsViewPro31\drv\sensorsview.sys %System%\drivers\sensorsview.sys	4,224 bytes	MD5: 0xF1086488158ADE33FCA1E6D1A8DC7102
11	%ProgramFiles%\SensorsViewPro31\drv\sensorsview64.sys %System%\drivers\sensorsview64.sys	6,144 bytes	MD5: 0xED8268A80B9B10DFB7D09A33CBED6F38
12	%ProgramFiles%\SensorsViewPro31\FullDump.bat	23 bytes	MD5: 0xF3F9DD79EF3960D70DA9B0377D226692
13	%ProgramFiles%\SensorsViewPro31\icons\case.ico	1,406 bytes	MD5: 0x6F302E0DD3519ABE6FBEC5323FC317C6
14	%ProgramFiles%\SensorsViewPro31\icons\chip.ico	318 bytes	MD5: 0x35C61D32E56C6920DC457D7A9300DAA0
15	%ProgramFiles%\SensorsViewPro31\icons\cpu.ico	1,150 bytes	MD5: 0x82733F422301A556FABE9AF7FE781EED
16	%ProgramFiles%\SensorsViewPro31\icons\cpu2.ico	894 bytes	MD5: 0x1EAB90DAF336676DBFCDBEFEC739AD34
17	%ProgramFiles%\SensorsViewPro31\icons\FAN.ICO	318 bytes	MD5: 0xCA61F820BDC355908C86B5024B6BF013
18	%ProgramFiles%\SensorsViewPro31\icons\fan2.ico	1,406 bytes	MD5: 0x1209240DBF2B617EA02922E7E80D2401
19	%ProgramFiles%\SensorsViewPro31\icons\hdd.bmp	1,080 bytes	MD5: 0x19B7FE3B7E4E16319B5D74284DF52979
20	%ProgramFiles%\SensorsViewPro31\icons\hdd.ico	1,406 bytes	MD5: 0xD06A3AD787A1DEF47DF904D7002179E5
21	%ProgramFiles%\SensorsViewPro31\icons\hdd2.ico	318 bytes	MD5: 0x72D4EB13FE3B9DDA3C41D80F9558EEFD
22	%ProgramFiles%\SensorsViewPro31\icons\hdd3.ico	894 bytes	MD5: 0xD7345B977C4CBFD403B369D8291D6C24
23	%ProgramFiles%\SensorsViewPro31\icons\sys.ico	1,406 bytes	MD5: 0x232F929A5E2BB812B017A2910C84F482
24	%ProgramFiles%\SensorsViewPro31\icons\vga.bmp	1,080 bytes	MD5: 0xD8A82F2D407EB12C63F2012EDDB2CB9A
25	%ProgramFiles%\SensorsViewPro31\icons\volt.ico	1,406 bytes	MD5: 0x6A83FD1BD4764990F59CD78BEBDB60D8
26	%ProgramFiles%\SensorsViewPro31\icons\voltage.ico	318 bytes	MD5: 0x164FD32AEF0B779B6D42BF529ED895DC
27	%ProgramFiles%\SensorsViewPro31\InstallService.bat	22 bytes	MD5: 0x184C10CB21B08BEE83D51202F979B4B4
28	%ProgramFiles%\SensorsViewPro31\LICENSE.rtf	9,399 bytes	MD5: 0xB6F5895CAE9AE993642A46BFB37ADD36
29	%ProgramFiles%\SensorsViewPro31\ReadMe.txt	1,778 bytes	MD5: 0x7867D477A71F3EDB97D85B2DBA67467B
30	%ProgramFiles%\SensorsViewPro31\SafeLaunch.bat	32 bytes	MD5: 0xAEE7F261C1278A58B99B6BB12F7FFCB9
31	%ProgramFiles%\SensorsViewPro31\STV Software.url	113 bytes	MD5: 0x9D4769E561A09D09F162000283DD7080
32	%ProgramFiles%\SensorsViewPro31\sviewpro.exe	1,669,120 bytes	MD5: 0x5758C9A1A43374FC0563307ACFE30E5D
33	%ProgramFiles%\SensorsViewPro31\SVUpdate.exe	766,976 bytes	MD5: 0x29E8884AF8B0314C4E389FE5166D586A
34	%ProgramFiles%\SensorsViewPro31\Uninstall.exe	54,166 bytes	MD5: 0xE601611DB3BB0D4FF2BEED515461B012
35	%ProgramFiles%\SensorsViewPro31\UninstallService.bat	24 bytes	MD5: 0x6ACAF74BD85C3567B8D829A1777EBC45
36	[file and pathname of the sample #1]	1,951,281 bytes	MD5: 0xF914B558E9986DDAAD8A16C1B9D2821D

Notes:

%CommonDesktopDir% is a variable that refers to the file system directory that contains files and folders that appear on the desktop for all users. A typical path is C:\Documents and Settings\All Users\Desktop (Windows NT/2000/XP).
%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

The following directories were created:

%CommonPrograms%\SensorsView Pro 3.1
%Temp%\nsn3.tmp
%ProgramFiles%\SensorsViewPro31
%ProgramFiles%\SensorsViewPro31\drv
%ProgramFiles%\SensorsViewPro31\icons

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
[filename of the sample #1]	[file and pathname of the sample #1]	233,472 bytes
SVUpdate.exe	%ProgramFiles%\SensorsViewPro31\SVUpdate.exe	8,192 bytes

There was a new kernel-mode driver installed in the system:

Driver Name	Driver Filename
sensorsview.sys	%System%\drivers\sensorsview.sys

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF80BCAE-C263-0C3E-014A-DD93F0C8D942}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF80BCAE-C263-0C3E-014A-DD93F0C8D942}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SensorsView Pro 3.1
HKEY_LOCAL_MACHINE\SOFTWARE\STV Software
HKEY_LOCAL_MACHINE\SOFTWARE\STV Software\SensorsView Pro 3.1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SENSORSVIEW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SENSORSVIEW\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SENSORSVIEW\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sensorsview
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sensorsview\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sensorsview\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SENSORSVIEW
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SENSORSVIEW\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SENSORSVIEW\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sensorsview
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sensorsview\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sensorsview\Enum

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SensorsView Pro 3.1]

DisplayName = "SensorsView Pro 3.1"
UninstallString = "%ProgramFiles%\SensorsViewPro31\Uninstall.exe"
InstallLocation = "%ProgramFiles%\SensorsViewPro31"
DisplayIcon = "%ProgramFiles%\SensorsViewPro31\sviewpro.exe,0"
Publisher = "STV Software"

[HKEY_LOCAL_MACHINE\SOFTWARE\STV Software\SensorsView Pro 3.1]

PATH = "%ProgramFiles%\SensorsViewPro31"
fID = 0x00020168

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SENSORSVIEW\0000\Control]

*NewlyCreated* = 0x00000000
ActiveService = "sensorsview"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SENSORSVIEW\0000]

Service = "sensorsview"
Legacy = 0x00000001
ConfigFlags = 0x00000000
Class = "LegacyDriver"
ClassGUID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
DeviceDesc = "sensorsview"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SENSORSVIEW]

NextInstance = 0x00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sensorsview\Enum]

0 = "Root\LEGACY_SENSORSVIEW\0000"
Count = 0x00000001
NextInstance = 0x00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sensorsview\Security]

Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sensorsview]

Type = 0x00000001
Start = 0x00000002
ErrorControl = 0x00000001
ImagePath = "\??\%System%\drivers\sensorsview.sys"
DisplayName = "sensorsview"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SENSORSVIEW\0000\Control]

*NewlyCreated* = 0x00000000
ActiveService = "sensorsview"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SENSORSVIEW\0000]

Service = "sensorsview"
Legacy = 0x00000001
ConfigFlags = 0x00000000
Class = "LegacyDriver"
ClassGUID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
DeviceDesc = "sensorsview"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SENSORSVIEW]

NextInstance = 0x00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sensorsview\Enum]

0 = "Root\LEGACY_SENSORSVIEW\0000"
Count = 0x00000001
NextInstance = 0x00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sensorsview\Security]

Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sensorsview]

Type = 0x00000001
Start = 0x00000002
ErrorControl = 0x00000001
ImagePath = "\??\%System%\drivers\sensorsview.sys"
DisplayName = "sensorsview"

Other details

To mark the presence in the system, the following Mutex objects were created:

Access_ISABUS.HTP.Method
Access_SMBUS.HTP.Method
ContentFilter_Perf_Library_Lock_PID_368
ContentIndex_Perf_Library_Lock_PID_368
ISAPISearch_Perf_Library_Lock_PID_368
MSDTC_Perf_Library_Lock_PID_368
PerfDisk_Perf_Library_Lock_PID_368
PerfNet_Perf_Library_Lock_PID_368
PerfOS_Perf_Library_Lock_PID_368
PerfProc_Perf_Library_Lock_PID_368
PSched_Perf_Library_Lock_PID_368
RemoteAccess_Perf_Library_Lock_PID_368
RSVP_Perf_Library_Lock_PID_368
Spooler_Perf_Library_Lock_PID_368
TapiSrv_Perf_Library_Lock_PID_368
Tcpip_Perf_Library_Lock_PID_368
TermService_Perf_Library_Lock_PID_368
WmiApRpl_Perf_Library_Lock_PID_368

The following Internet Connection was established:

Server Name	Server Port	Connect as User	Connection Password
www.stvsoft.com	80	(null)	(null)

The data identified by the following URLs was then requested from the remote web server:

http://www.stvsoft.com/index.php?c=checkversion&ver=%F9%CF%C4%D9%C5%D8%D9%FC%C3%CF%DD%8A%FA%D8%C5%8A%99%84%9B%8A%C8%DF%C3%C6%CE%8A%9B%98%98%9D%9B%80%8B%80%E9%FA%FF%80%8B%80%8A%80%8B%80%FE%D8%C3%CB%C6%80%8B%80%8A%80%8B%80
http://www.stvsoft.com/index.php?cc=version&ver=SensorsView%20Pro;3330;3.1

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.