CoolMirage

Kategorie: Adware und PUAs Schutz verfügbar seit:13 Sep 2013 01:39:28 (GMT)
Typ: Unspecified PUA Zuletzt aktualisiert:28 Okt 2014 21:11:23 (GMT)

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

CoolMirage  is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of CoolMirage include:

Example 1

File Information

Size
296K
SHA-1
00071bdd23d33f3fccb43ed5d3cabe83280aa68d
MD5
ae7861586206226407e01a231355e141
CRC-32
a1074a43
File type
Windows executable
First seen
2013-09-08

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsd4.tmp\dAg
  • c:\Documents and Settings\test user\Local Settings\Temp\nsd4.tmp\inetc3.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsd4.tmp\load_0.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsd4.tmp\System.dll
Registry Keys Created
  • HKCU\Software\1ClickDownload
    LastInstall0
    30379064
  • HKCR\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    id0
    20062014
HTTP Requests
  • http://torntvz.com/ping.php
DNS Requests
  • torntvz.com

Example 2

File Information

Size
296K
SHA-1
015b3133b7d717c448d8480e7b619f8e5c658188
MD5
f75d93457071f1a0655a2080fd913a81
CRC-32
f95c05c1
File type
Windows executable
First seen
2013-09-06

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\accept2.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\box3.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\lyfdt.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\1clogo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\accept.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\accept1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\back.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\accept3.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\box2.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\complist.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\box.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\close.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\nsDialogs.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\accept_disabled.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\skip.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\decline.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\back_dis.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\v_sign.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\load_0.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\noc
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\inetc3.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\dAg
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\x.bmp
Registry Keys Created
  • HKCU\Software\1ClickDownload
    LastInstall0
    30378213
  • HKCR\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    id0
    15062014
HTTP Requests
  • http://data.torntv.net/country.asp
  • http://torntvz.com/ping.php
DNS Requests
  • data.torntv.net
  • torntvz.com

Example 3

File Information

Size
296K
SHA-1
0292271bbb707e1b3a3487d9518be369284e876a
MD5
a86905a42a0e7e409113986c7eec4cdf
CRC-32
6705b22a
File type
Windows executable
First seen
2007-08-19

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\box2.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\load_0.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\accept.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\accept2.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\back.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\1clogo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\box.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\accept_disabled.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\lyfdt.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\box3.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\accept1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\complist.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\noc
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\back_dis.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\accept3.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\x.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\close.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\skip.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\inetc3.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\v_sign.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\decline.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\dAg
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\nsDialogs.dll
Registry Keys Created
  • HKCU\Software\1ClickDownload
    LastInstall0
    30347027
  • HKCR\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    id0
    11012014
HTTP Requests
  • http://data.torntv.net/country.asp
  • http://torntvz.com/ping.php
DNS Requests
  • data.torntv.net
  • torntvz.com

Download Sophos Produkte kostenlos testen
Jetzt downloaden