CoolMirage

Kategorie: Adware und PUAs Schutz verfügbar seit:13 Sep 2013 01:39:28 (GMT)
Typ: Unspecified PUA Zuletzt aktualisiert:16 Jun 2014 02:32:20 (GMT)

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

CoolMirage  is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of CoolMirage include:

Example 1

File Information

Size
296K
SHA-1
00071bdd23d33f3fccb43ed5d3cabe83280aa68d
MD5
ae7861586206226407e01a231355e141
CRC-32
a1074a43
File type
Windows executable
First seen
2013-09-08

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nso4.tmp\box3.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nso4.tmp\accept3.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nso4.tmp\inetc3.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nso4.tmp\v_sign.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nso4.tmp\accept_disabled.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nso4.tmp\complist.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\nso4.tmp\back_dis.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nso4.tmp\box2.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nso4.tmp\load_0.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nso4.tmp\noc
  • c:\Documents and Settings\test user\Local Settings\Temp\nso4.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nso4.tmp\1clogo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nso4.tmp\lyfdt.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\nso4.tmp\decline.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nso4.tmp\x.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nso4.tmp\dAg
  • c:\Documents and Settings\test user\Local Settings\Temp\nso4.tmp\close.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nso4.tmp\back.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nso4.tmp\nsDialogs.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nso4.tmp\accept2.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nso4.tmp\accept.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nso4.tmp\skip.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nso4.tmp\box.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nso4.tmp\accept1.bmp
Registry Keys Created
  • HKCR\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    id0
    11012014
  • HKCU\Software\1ClickDownload
    LastInstall0
    30347026
HTTP Requests
  • http://data.torntv.net/country.asp
  • http://torntvz.com/ping.php
DNS Requests
  • data.torntv.net
  • torntvz.com

Example 2

File Information

Size
296K
SHA-1
015b3133b7d717c448d8480e7b619f8e5c658188
MD5
f75d93457071f1a0655a2080fd913a81
CRC-32
f95c05c1
File type
Windows executable
First seen
2013-09-06

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\v_sign.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\complist.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\skip.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\accept3.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\decline.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\load_0.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\box3.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\noc
    Size
    6
    SHA-1
    bef02f4a031fe3e8923c520011ea2baa44534b50
    MD5
    80d9ff41e9577b4a3f52b75c5d9b7d7d
    CRC-32
    6a66c9ff
    File type
    application/octet-stream
    First seen
    2014-06-15
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\accept_disabled.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\lyfdt.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\accept1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\x.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\1clogo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\close.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\accept2.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\back_dis.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\back.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\dAg
    Size
    144
    SHA-1
    1360a0e44e0928cf2b58f93c51f669a8a4c2ff68
    MD5
    753c6de2448e166593e65f92e240256c
    CRC-32
    47de6d09
    File type
    application/octet-stream
    First seen
    2014-06-15
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\nsDialogs.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\box2.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\accept.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\inetc3.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsq4.tmp\box.bmp
Registry Keys Created
  • HKCR\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    id0
    15062014
  • HKCU\Software\1ClickDownload
    LastInstall0
    30378213
HTTP Requests
  • http://data.torntv.net/country.asp
  • http://torntvz.com/ping.php
DNS Requests
  • data.torntv.net
  • torntvz.com

Example 3

File Information

Size
296K
SHA-1
0292271bbb707e1b3a3487d9518be369284e876a
MD5
a86905a42a0e7e409113986c7eec4cdf
CRC-32
6705b22a
File type
Windows executable
First seen
2007-08-19

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\box.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\1clogo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\accept_disabled.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\complist.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\accept.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\x.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\lyfdt.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\dAg
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\decline.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\nsDialogs.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\load_0.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\skip.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\noc
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\close.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\inetc3.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\accept2.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\back_dis.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\v_sign.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\box3.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\accept3.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\box2.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\back.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa4.tmp\accept1.bmp
Registry Keys Created
  • HKCU\Software\1ClickDownload
    LastInstall0
    30347027
  • HKCR\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    id0
    11012014
HTTP Requests
  • http://data.torntv.net/country.asp
  • http://torntvz.com/ping.php
DNS Requests
  • data.torntv.net
  • torntvz.com

Download Sophos Produkte kostenlos testen
Jetzt downloaden