Download Admin

Kategorie: Adware und PUAs Schutz verfügbar seit:07 Nov 2011 18:50:56 (GMT)
Typ: Unspecified PUA Zuletzt aktualisiert:22 Sep 2014 22:10:36 (GMT)

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Download Admin is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of Download Admin include:

Example 1

File Information

Size
792K
SHA-1
001a627df937e2be6ef0fe4be1a1bb92aa4ce24d
MD5
8e13ef8c228d644cabfa11bc0921d53f
CRC-32
dc89d8de
File type
Windows executable
First seen
2014-04-15

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\wininet\ftp.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\LuaSocket\lua\socket\url.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\options.json
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\skin\cancel.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\skin\step_on.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\LuaSocket\mime\core.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\luaxml.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\packaged_app.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\UACInfo.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\res\common.css
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\skin\DALogo2.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\skin\minimise.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\skin\icon_folder.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\LuaSocket\lua\socket\tp.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\res\jquery.js
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\nsisunz.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\definitions.lua
    Size
    9.7K
    SHA-1
    bd10f31bbe65e4292725bd8bcc028705575e2ae2
    MD5
    c22998007db23ae38f578421628fc4f7
    CRC-32
    7e3a6cf1
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-04-10
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\skin\acceptGreen2x.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\win32_constants.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\skin\DALogo.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\service_registry.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\skin\cancel.css
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\wininet\wintypes.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\skin\bg4.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\version.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\skin\progress.css
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\wininet\core.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\wininet\url.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\skin\skip_all_offers_btn.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\IntegratedOffer.lua
    Size
    43K
    SHA-1
    d87f173564c0418ac3c4fb5a28d0ba04551d1d70
    MD5
    bf7ea3647e9d40ac9f3a47ce92a73711
    CRC-32
    0016ec59
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-04-10
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\processfreefile.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\FloatingProgress.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\wininet\compat.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\skin\stepBG.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\LuaSocket\lua\socket\ftp.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\LuaSocket\lua\socket\smtp.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\__web.xml
    Size
    13K
    SHA-1
    af4b932c46adcfa1d62235c8bb3ebc0154bca468
    MD5
    d29bdb898c3a5f56ad6962f9a7f63c59
    CRC-32
    ad98190b
    File type
    Extensible Markup Language (XML)
    First seen
    2014-04-15
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\skin\step_off.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\utils.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\LuaSocket\lua\socket.lua
  • c:\Documents and Settings\test user\My Documents\My Videos\Desktop.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\wininet\ltn12.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\LuaSocket\lua\ltn12.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\un.package.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin.zip
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\notifyicon.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\luacom.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\skin\offers.css
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\skin\ok.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\uistate.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\downloads.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\wininet\defs.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\LuaSocket\lua\socket\http.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\AdvancedTests.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\sandbox.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\scheduler.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\skin\decline.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\bit.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\ffi.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\DownloadList.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\LuaBridge.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\LuaXml_lib.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\Events.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\LuaSocket\lua\mime.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\skin\uninstall.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\skin\decline_offer_btn.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\skin\mod.css
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\skin\close.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\skin\truste.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\eagerinstall.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\BrowserControl.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\GuiInit.lua
    Size
    155K
    SHA-1
    22bc9a63b3ee17f997000dc9968a58cb07e9c66a
    MD5
    581cd72a3dcbb09b79dcdb6ffd6350ce
    CRC-32
    a70d2af8
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-04-10
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\res\common.js
    Size
    99K
    SHA-1
    fdb788157fbc2865f97e4bbc25d4dd649317254c
    MD5
    b87b71c2952dd5f08e4ea9ea1ccf8311
    CRC-32
    5443567d
    File type
    JavaScript
    First seen
    2014-05-14
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\skin\install_now_btn.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\wininet\http.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\res\knockout.js
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\json.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\skin\headerBG.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\nsis7z.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\skin\back.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\index.html
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\DownloadThread.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\skin\skin\next.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\bundleinstall.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\env.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\callbackproxy.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\wininet\wininet_h.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\lua51.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\browserutils.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\extension.tlb
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr4.tmp\LuaSocket\socket\core.dll
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    Administrative Tools
    c:\Documents and Settings\test user\Start Menu\Programs\Administrative Tools
HTTP Requests
  • http://mirror.mirror-files.com/skins/da/11132013/DownloadAdmin-Google-Wide-nocancel.zip
  • http://service.downloadadmin.com/env
  • http://service.downloadadmin.com/install
DNS Requests
  • mirror.mirror-files.com
  • service.downloadadmin.com

Example 2

File Information

Size
793K
SHA-1
0074130e7095c610cbabfc096a4d9be9d3c5cbe1
MD5
f8f1a812465f5cf1777bf6ca644312db
CRC-32
1346f6f0
File type
Windows executable
First seen
2014-03-21

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\win32_constants.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\processfreefile.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\LuaSocket\lua\mime.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\downloads.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\wininet\http.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\wininet\compat.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\IntegratedOffer.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\LuaSocket\lua\socket\http.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\service_registry.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\nsis7z.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\UACInfo.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\ffi.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\Events.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\lua51.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\version.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\LuaSocket\mime\core.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\skin\res\common.css
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\skin\res\common.js
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\bundleinstall.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\LuaSocket\socket\core.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\definitions.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\wininet\ftp.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\nsisunz.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\DownloadList.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\wininet\wininet_h.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\LuaSocket\lua\socket\smtp.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\browserutils.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\LuaSocket\lua\ltn12.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\uistate.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\LuaSocket\lua\socket\tp.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\luaxml.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\env.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\packaged_app.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\skin\res\knockout.js
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\wininet\wintypes.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\callbackproxy.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\utils.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\notifyicon.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\bit.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\un.package.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\wininet\ltn12.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\LuaSocket\lua\socket.lua
  • c:\Documents and Settings\test user\My Documents\My Videos\Desktop.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\scheduler.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\LuaSocket\lua\socket\url.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\FloatingProgress.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\sandbox.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\LuaSocket\lua\socket\ftp.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\wininet\defs.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\GuiInit.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\extension.tlb
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\DownloadThread.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\wininet\url.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\BrowserControl.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\luacom.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\AdvancedTests.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\wininet\core.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\json.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\LuaBridge.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\skin\res\jquery.js
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\LuaXml_lib.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg4.tmp\eagerinstall.lua
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    Administrative Tools
    c:\Documents and Settings\test user\Start Menu\Programs\Administrative Tools
HTTP Requests
  • http://service.downloadadmin.com/install
DNS Requests
  • service.downloadadmin.com

Example 3

File Information

Size
914K
SHA-1
01c927d3dcb0575f35295630e47dfe68c93dc151
MD5
f81c9a7bc72ac5a5c262ef1ac0db12bd
CRC-32
07e0a4eb
File type
Windows executable
First seen
2014-08-11

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\DownloadList.lua
    Size
    16K
    SHA-1
    fbe6a34dc51c0c3054ab5da96eb361a9580c3ef2
    MD5
    6cb4ac3d391aeae3f690e7429d152967
    CRC-32
    db1f65ff
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-07-02
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\vm_details.lua
    Size
    1.5K
    SHA-1
    ce0378688854334172b8d62c8b91a48104d1a8cf
    MD5
    da19e9d4592e74550afde019c3003780
    CRC-32
    374748a1
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-07-02
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\processfreefile.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\LuaSocket\lua\socket\ftp.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\wininet\wintypes.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\skin\res\knockout.js
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\LuaXml_lib.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\uistate.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\wininet\defs.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\skin\res\common.css
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\skin\res\common.js
    Size
    99K
    SHA-1
    fb7de45904b9943392d9da1ff5389a2c1004fe28
    MD5
    a0a18f844697492a0b73c0cc4226e615
    CRC-32
    322c6d97
    File type
    JavaScript
    First seen
    2014-07-03
  • c:\Documents and Settings\test user\My Documents\My Videos\Desktop.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\nsisunz.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\luaxml.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\win32_constants.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\LuaSocket\lua\socket\smtp.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\LuaSocket\lua\socket\url.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\extension.tlb
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\GuiInit.lua
    Size
    162K
    SHA-1
    139f5e61f5b063627eb6858ae8d9e078bc06ee34
    MD5
    d277a99093503c0cbc86f1e29389fd7b
    CRC-32
    4c544484
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-07-02
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\wininet\core.lua
    Size
    8.5K
    SHA-1
    ca92ee6965526757e23c164911f63a73a16d0600
    MD5
    af7651093c77505d895a671dcd135d40
    CRC-32
    0fec734c
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-07-03
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\LuaBridge.dll
    Size
    56K
    SHA-1
    2a3a41ff3986486c76ea8cbf24bc8a12562e3c79
    MD5
    37a354de9f7a50c63eb0ced75f32c0c8
    CRC-32
    07d1b4a2
    File type
    Windows executable
    First seen
    2014-07-02
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\wininet\ltn12.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\LuaSocket\lua\socket\tp.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\Events.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\service_registry.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\json.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\BrowserControl.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\survey_environment.lua
    Size
    7.3K
    SHA-1
    15886d6a2e78152694c24d2d3f3c8708eb444646
    MD5
    11f2994a7c2f65b32eed4fb830671c5b
    CRC-32
    dfa3195b
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-07-02
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\bit.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\data_injection.lua
    Size
    4.9K
    SHA-1
    b974491164368b918d52e0610ac25276e33241ef
    MD5
    bbaef7d55ddabdba51f8d2264a4dfa13
    CRC-32
    bc8e8d9e
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-07-02
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\LuaSocket\lua\socket\http.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\wininet\url.lua
    Size
    13K
    SHA-1
    c93598630895b60cabfd22b4fc280158f70e75d9
    MD5
    3d8665da9f10eb1cee52aa10aa63103e
    CRC-32
    739816e9
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-06-14
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\ffi.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\skin\res\jquery.js
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\FloatingProgress.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\async_tracking.lua
    Size
    799
    SHA-1
    4a0a3f8af71ac4dfc7d3dfccfb82647fb7665435
    MD5
    62fb7edb471cfdfe18069e2e7c6aa0cd
    CRC-32
    0313b5f5
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-07-02
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\UACInfo.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\browserutils.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\version.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\un.package.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\wininet\wininet_h.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\luacom.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\DownloadThread.lua
    Size
    579
    SHA-1
    b174e7740e88bedab6972b354ab66478996c2c40
    MD5
    e51bf1be80d956a304dda51e89516a30
    CRC-32
    e8949575
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-06-14
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\downloads.lua
    Size
    14K
    SHA-1
    f186c17758c4b95770f2bc4004e3f672a47d12bf
    MD5
    d4913b3dfc6136467ca1367e5464f32f
    CRC-32
    c6088e42
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-07-02
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\bundleinstall.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\nsis7z.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\wininet\http.lua
    Size
    16K
    SHA-1
    932728885109e838e9821bf88d06033db727b4ba
    MD5
    d9ae1fe142112a30dada3b73073a5ac3
    CRC-32
    a6a61072
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-06-29
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\utils.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\LuaSocket\mime\core.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\LuaSocket\lua\socket.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\AdvancedTests.lua
    Size
    6.9K
    SHA-1
    817344dc50563aa7a295b8cc7e263f95af29d4b8
    MD5
    fe69d3b0caef87b0ec5d11ea4a281da4
    CRC-32
    288d8a6b
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-07-02
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\sandbox.lua
    Size
    8.3K
    SHA-1
    cb0ff012bd5a0a97be420cff3dfd7de5a4daf476
    MD5
    00afc9fd78721f864d23510f9201e9aa
    CRC-32
    187fa248
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-07-02
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\packaged_app.lua
    Size
    9.7K
    SHA-1
    8529745ebc4c2885449769d741bbc5fd01dde274
    MD5
    115dab4488c349e5aeaa4baad8725094
    CRC-32
    8b74612d
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-06-14
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\eagerinstall.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\net_utils.lua
    Size
    4.4K
    SHA-1
    05f18cf6642e33dddd6f6353eca13e8d5ad72948
    MD5
    81964864a30ded206b3bd86f14c8cd1a
    CRC-32
    87e670c9
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-07-02
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\lua51.dll
    Size
    255K
    SHA-1
    3e10da57143599eae915a688178abada78b8d82b
    MD5
    fceee0026aafd237afdb4aea4ecd3557
    CRC-32
    bedfe64e
    File type
    Windows executable
    First seen
    2014-06-14
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\wininet\compat.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\IntegratedOffer.lua
    Size
    43K
    SHA-1
    4bab4651f2fedd61d7f454bd3e4c8a081ccdbda5
    MD5
    da573ccbab6f29e0ae7784acf49bd699
    CRC-32
    e5ad2001
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-07-02
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\scheduler.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\callbackproxy.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\notifyicon.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\LuaSocket\lua\ltn12.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\env.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\wininet\ftp.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\LuaSocket\lua\mime.lua
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\definitions.lua
    Size
    11K
    SHA-1
    854903aaf63860b2d836db889d0448bc43e8b0bb
    MD5
    0566a6c7945ae4b1a9a363b625768d02
    CRC-32
    e6f416c0
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-07-02
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\api_substitution.lua
    Size
    6.5K
    SHA-1
    b7d7ac07b7e35a148c00ad849b0a613835e0d076
    MD5
    7128d121fdc41e15742c7d3dbd53397a
    CRC-32
    c7a8f0e9
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-07-02
  • c:\Documents and Settings\test user\Local Settings\Temp\nss4.tmp\LuaSocket\socket\core.dll
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    Administrative Tools
    c:\Documents and Settings\test user\Start Menu\Programs\Administrative Tools
DNS Requests
  • service.downloadadmin.com

Download Sophos Produkte kostenlos testen
Jetzt downloaden