Submission Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).


Technical Details:


File System Modifications

#Filename(s)File SizeFile HashAlias
1 %CommonAppData%\TheBflix\background.html 5,332 bytes MD5: 0x7D04CBBF87BEB807CF092F8C73E47C4A
(not available)
2 %CommonAppData%\TheBflix\bhoclass.dll 140,800 bytes MD5: 0xAC13C733379328F86568F6E514C2F7F8
SHA-1: 0x338901240FEDCEF4E3892FD4C723C89154F4DE05
(not available)
3 %CommonAppData%\TheBflix\content.js 396 bytes MD5: 0x5B2E51D3DAC419FFB75E0D91E2B0D1C3
SHA-1: 0xAC5E29A9B114E5290E06B5C756E7AA9AA196A98A
(not available)
4 %CommonAppData%\TheBflix\jegekbbfndpjjombjnaonngkbeebbmgd.crx 38,146 bytes MD5: 0x24B75C7612FF299091EF124CA1966564
SHA-1: 0x58AF2689DC63282428F44BFCFE435048159B9E69
(not available)
5 %CommonAppData%\TheBflix\settings.ini 599 bytes MD5: 0xAD4AB228136EB0D35AB2E949F7F151CD
SHA-1: 0x3D51D52A38BC4EEA503FE3943FD60B08CC2B5A01
(not available)
6 %CommonAppData%\TheBflix\uninstall.exe 47,445 bytes MD5: 0x2628F4240552CC3B2BA04EE51078AE0C
SHA-1: 0x5B0CCA662149240D1FD4354BEAC1338E97E334EA
(not available)
7 %CommonPrograms%\TheBflix\TheBflix.lnk 278 bytes MD5: 0xC148888BEABD7A67623303804984FF3C
SHA-1: 0xE21874917A6830448C7DCC19E0080EE9D9FEF29F
(not available)
8 %CommonPrograms%\TheBflix\Uninstall.lnk 1,121 bytes MD5: 0xDCFD014BA85DCDE60C94D27053F28A68
SHA-1: 0xDA174BCA18D494479531068755C9A7837C0FF426
(not available)
9 c:\settings.ini 510 bytes MD5: 0xF35AAA221EB79BB2F220BCBB354A95A0
SHA-1: 0x0CDD17F72836DD642219A00393F3B9B67D945524
AdWare.Bcool [Ikarus]
10 [file and pathname of the sample #1] 320,804 bytes MD5: 0xFBAE42A8ED87B69A956ECA7F4437F344
SHA-1: 0x418F5B35CE522C5FC2592C9588E12EF99C622E68
(not available)


Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]163,840 bytes
setup.exe%Temp%\7zS1.tmp\setup.exe249,856 bytes


Registry Modifications


Other details


Server NameServer PortConnect as UserConnection Password



All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2015 ThreatExpert. All rights reserved.