InstallBrain

Kategorie: Adware und PUAs Schutz verfügbar seit:19 Okt 2012 23:28:06 (GMT)
Typ: Unspecified PUA Zuletzt aktualisiert:31 Jul 2014 16:03:39 (GMT)

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

InstallBrain is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of InstallBrain include:

Example 1

File Information

Size
768K
SHA-1
000018ea6ba574fa80b2b6cc87435311e399a630
MD5
1aa1efe7fb941743756ef7ad0e0bccf7
CRC-32
e128c075
File type
Windows executable
First seen
2013-10-19

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\Install PDF Speed973868.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\3128.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\ib\arrow.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\3125.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_3746_attr_46.bmp
  • c:\Documents and Settings\test user\Desktop\Continue Install PDF Speed installation.lnk
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\3126.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\ib\b4.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\ib\b-bg.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\4067.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\3935.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\3124.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\ajax-loader2.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\3894.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\3129.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\3916.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_3916_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\3917.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\conditions\conditions.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\3936.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\events\events.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\3746.html
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\ib\arrow.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\check.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\ajax-loader.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\ib\btn2.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\ib\b3.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\ib\btn.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\red-pb-act-left.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_3894_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_3894_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\ib\corn2.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\ib\corn1.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\ib\corn4.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\ib\corn3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\ib\lbg-top.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\ib\main.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_3916_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_3126_attr_15.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\ib\center2.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\ib\lbg-bottom.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\ib\lbg.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\ib\mid.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\ib\trust.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\js\config.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\js\jquery.noselect.min.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\js\locale.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_3125_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_3124_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\js\jquery-1.7.min.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\js\smart.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_3124_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_3125_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_3126_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\js\utils.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\pb-bg.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_3936_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_3125_feature_835.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_3126_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_3128_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_3129_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\red-pb-act-right.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_3129_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\template_40.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_3917_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_3746_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_3917_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_3936_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_3935_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\pb-bg-right.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_3935_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_3935_feature_.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_3128_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\red-pb-act.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\zulagames.ico
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_4067_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\pb-bg-left.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\page_4067_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc810620\config\speedanalysis.ico
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Install PDF Speed973868.exe
    "C:\DOCUME~1\support\LOCALS~1\Temp\Install PDF Speed973868.exe" /XML="C:\DOCUME~1\support\LOCALS~1\Temp\2.tmp" /ROS /STP=0:2
HTTP Requests
  • http://www.softologicse.com/installer/620/start.cf
  • http://www.softologicse.com/installer/620/startgui.cf
DNS Requests
  • stats1-1013604270.us-east-1.elb.amazonaws.com
  • www.softologicse.com

Example 2

File Information

Size
557K
SHA-1
0000768bfe175fc4cc26d0d802ea035c047ece6a
MD5
f9726c001abe329ba7d8e5e77600b2f8
CRC-32
3df58309
File type
Windows executable
First seen
2012-10-15

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\wall2go333317.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\page_586_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\ib\trust.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\js\jquery.noselect.min.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\584.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\page_585_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\1210.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\page_2367_attr_15.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\page_2367_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\page_2365_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\page_584_attr_15.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\page_2367_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\template_40.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\ajax-loader.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\red-pb-act-right.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\ib\corn3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\ajax-loader2.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\js\smart.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\ib\b-bg.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\ib\lbg-top.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\ib\btn2.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\ib\corn2.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\check.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\pb-bg-left.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\585.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\js\config.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\page_584_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\ib\arrow.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\ib\mid.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\ib\arrow.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\page_1210_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\js\jquery-1.7.min.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\page_585_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\ib\corn4.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\ib\lbg-bottom.gif
  • c:\Documents and Settings\test user\Desktop\Continue wall2go installation.lnk
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\ib\b3.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\ib\btn.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\ib\lbg.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\page_584_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\2367.html
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\586.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\ib\corn1.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\events\events.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\ib\main.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\pb-bg.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\2366.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\page_586_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\2365.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\ib\b4.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\page_2366_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\page_2365_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\component_265
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\page_1210_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\ib\center2.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\pb-bg-right.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\page_2366_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\red-pb-act-left.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp5070164\config\red-pb-act.jpg
HTTP Requests
  • http://bootstrap1-639932975.us-east-1.elb.amazonaws.com/installer/bootstrap.php
  • http://d2qsma9t6l5kt7.cloudfront.net/components/SavingsSidekickR_v1.cf
  • http://s3.amazonaws.com/installbrain/bootstrap/164/start.cf
  • http://s3.amazonaws.com/installbrain/bootstrap/164/startgui.cf
  • http://s3.amazonaws.com/installbrain/components/SearchalgoMngr_v5.cf
  • http://s3.amazonaws.com/www.bit89.com/download/wall2go/Wall2Go.NetSetup.exe
DNS Requests
  • bootstrap1-639932975.us-east-1.elb.amazonaws.com
  • d2qsma9t6l5kt7.cloudfront.net
  • s3.amazonaws.com
  • stats1-1013604270.us-east-1.elb.amazonaws.com

Example 3

File Information

Size
579K
SHA-1
0001b7096470188137ae202c37fbe0f10b7804e8
MD5
4fda4d75cb836a96c419e74811592efc
CRC-32
abb817bd
File type
Windows executable
First seen
2012-10-12

Runtime Analysis

HTTP Requests
  • http://bootstrap1-639932975.us-east-1.elb.amazonaws.com/installer/bootstrap.php
DNS Requests
  • bootstrap1-639932975.us-east-1.elb.amazonaws.com

Download Sophos Produkte kostenlos testen
Jetzt downloaden