BitCocktail

Kategorie: Adware und PUAs Schutz verfügbar seit:08 Aug 2013 00:55:36 (GMT)
Typ: Unspecified PUA Zuletzt aktualisiert:21 Mrz 2014 04:08:39 (GMT)

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

BitCocktail  is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of BitCocktail include:

Example 1

File Information

Size
185K
SHA-1
010f30e0b16700a18457289cccfd9c3fdbb0a11d
MD5
656dfa3375e72eddbbb06769828c9c9f
CRC-32
4d73f104
File type
Windows executable
First seen
2013-07-18

Example 2

File Information

Size
692K
SHA-1
0e7ae2a0d1ae812232f8d9977171317146d47d08
MD5
8c2e2771c42b433a0cf3b293adabef2b
CRC-32
23717467
File type
Windows executable
First seen
2013-07-23

Example 3

File Information

Size
167K
SHA-1
15056f454c46fc256c5fd644e6add2185ff93f62
MD5
ff4fb9647bb1ae84e91ad28e9f15198e
CRC-32
dfbbf4da
File type
Windows executable
First seen
2013-07-23

Runtime Analysis

Registry Keys Created
  • HKCR\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ProgID
    (Default)
    Extension.ExtensionHelperObject.1
  • HKCR\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
    NoExplorer
    0x00000001
  • HKCR\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
    (Default)
    IB Updater
  • HKCR\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}\TypeLib
    Version
    1.0
  • HKCR\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}\1.0\HELPDIR
    (Default)
    c:
  • HKCR\Extension.ExtensionHelperObject.1
    (Default)
    IB Updater
  • HKCR\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}\1.0\0\win32
    (Default)
    c:\test_item.dll
  • HKCR\Extension.ExtensionHelperObject\CLSID
    (Default)
    {336D0C35-8A85-403a-B9D2-65C292C39087}
  • HKCR\Extension.ExtensionHelperObject.1\CLSID
    (Default)
    {336D0C35-8A85-403a-B9D2-65C292C39087}
  • HKCR\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
    (Default)
    Extension
  • HKCR\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\TypeLib
    (Default)
    {1D5A4199-956E-49BC-B89F-6A35C57C0D13}
  • HKCR\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\VersionIndependentProgID
    (Default)
    Extension.ExtensionHelperObject
  • HKCR\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}\1.0\FLAGS
    (Default)
  • HKCR\Extension.ExtensionHelperObject
    (Default)
    IB Updater
  • HKCR\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\InprocServer32
    ThreadingModel
    Apartment
  • HKCU\Software\Microsoft\Internet Explorer\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}\iexplore
    Type
    0x00000003
  • HKCR\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}\1.0
    (Default)
    Extension 1.0 Type Library
  • HKCR\Extension.ExtensionHelperObject\CurVer
    (Default)
    Extension.ExtensionHelperObject.1
  • HKCR\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    (Default)
    IExtensionHelperObject
  • HKCU\Software\Microsoft\Internet Explorer\Approved Extensions
    {336D0C35-8A85-403a-B9D2-65C292C39087}
    Qf□□l□□□□□□□P□□□*□□□□0□□0□□□□□0□□□□□
  • HKCR\AppID\Extension.DLL
    AppID
    {B302A1BD-0157-49FA-90F1-4E94F22C7B4B}

Download Sophos Produkte kostenlos testen
Jetzt downloaden