WebDevAz Inc

Kategorie: Adware und PUAs Schutz verfügbar seit:27 Mrz 2013 05:32:05 (GMT)
Typ: Unspecified PUA Zuletzt aktualisiert:27 Mrz 2013 05:32:05 (GMT)

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

WebDevAz Inc is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

WebDevAz Inc exhibits the following characteristics:

File Information

Size
267K
SHA-1
065956c96fcf97005d4ac6c16f3f64b5eb36defe
MD5
43a4cedf53cc184f9330523db3f4d198
CRC-32
e9482f70
File type
Windows executable
First seen
2013-03-26

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh3.tmp\BACKNEXT_on.bmp
    Size
    6.1K
    SHA-1
    46fce7569491eb7e08535f2174f1efc2cc7b6eb8
    MD5
    61891392960d7a3fdfa8ef33c0302a0c
    CRC-32
    1db57b35
    File type
    Device-independent bitmap (DIB) file
    First seen
    2012-01-21
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh3.tmp\NEXT_off.bmp
    Size
    6.1K
    SHA-1
    9d229670fee35031c2070a36106e52b829fd88b4
    MD5
    fbffe7d36c18c73e192341fc04e05dbc
    CRC-32
    60d78387
    File type
    Device-independent bitmap (DIB) file
    First seen
    2012-01-21
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh3.tmp\FINISH_on.bmp
    Size
    6.1K
    SHA-1
    d45634309bd10f0a2b429bffc74b2bffec261c91
    MD5
    7b89534f0d02ea1459b5e04dc1e4bff8
    CRC-32
    de859949
    File type
    Device-independent bitmap (DIB) file
    First seen
    2012-01-21
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh3.tmp\ACCEPT_on.bmp
    Size
    6.1K
    SHA-1
    3f33ecc7ffe83ede9a19bca12f07f01291ed7481
    MD5
    a9c536a9e9f10a4bc0a9cba508264efb
    CRC-32
    b0f58af3
    File type
    Device-independent bitmap (DIB) file
    First seen
    2012-01-21
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFC21.tmp
    Size
    96K
    SHA-1
    0d42ae728185709e233f883ab7716b3abf945fce
    MD5
    8a9564231be576b582e9939aa6f96340
    CRC-32
    bb2703ac
    File type
    Microsoft OLE2 file format
    First seen
    2013-03-26
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh3.tmp\linker.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh3.tmp\bottom.ole
    Size
    7.7K
    SHA-1
    d1258e30c873323d6d82e1fa7382ee784026522a
    MD5
    87e059eb1c6893d2d140fe4a78998afa
    CRC-32
    3eb8366c
    File type
    JPEG Interchange Format
    First seen
    2013-02-01
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh3.tmp\NEXT_on.bmp
    Size
    6.1K
    SHA-1
    82ec6230b9de3ace977aa49807c1949cb902babb
    MD5
    2e08b6c62b372bf6c739a32ae66cfdcd
    CRC-32
    1f2be3f9
    File type
    Device-independent bitmap (DIB) file
    First seen
    2012-01-21
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh3.tmp\E_sample.themepack.ini
    Size
    420
    SHA-1
    fec499eabee1a6914a02488b8cd0b6703d352bcd
    MD5
    f952519ff8a71b60fc63dfd8d2cbb630
    CRC-32
    d1d71502
    File type
    Hypertext Markup Language
    First seen
    2013-03-22
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh3.tmp\S_sample.themepack.ini
    Size
    421
    SHA-1
    2ee562f0e1fd419faeb969868e734d6cb120fe08
    MD5
    7fa25bdfb67c953b3839be332a200ac6
    CRC-32
    6d4f7a86
    File type
    Hypertext Markup Language
    First seen
    2013-03-22
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh3.tmp\top.ole
    Size
    2.3K
    SHA-1
    f83a3a531b63f26f856cf7d85ecb7d61e30e64d0
    MD5
    5d46dd89b53379f0c5b460d3de63f0ab
    CRC-32
    5f2d0973
    File type
    JPEG Interchange Format
    First seen
    2013-02-01
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh3.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh3.tmp\nsDialogs.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh3.tmp\BACK.bmp
    Size
    6.1K
    SHA-1
    cdca13a61a919d5fc275a7e8d8cd558a77d682b5
    MD5
    8d0da88e83791e0a58115942feeedccd
    CRC-32
    5cb88b8e
    File type
    Device-independent bitmap (DIB) file
    First seen
    2012-01-21
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh3.tmp\ACCEPT.bmp
    Size
    6.1K
    SHA-1
    fffe20de1fd7e5c8585e8c887da072992028da18
    MD5
    0cc69d11d471d1d8cc6b075f3ee6b7a1
    CRC-32
    af5f01e6
    File type
    Device-independent bitmap (DIB) file
    First seen
    2012-01-21
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh3.tmp\FGet.exe
    Size
    52K
    SHA-1
    265d7bba1a96decafde9d0946d0b8f46f70990b1
    MD5
    aee371b287d879be8e0e861fb380b1f7
    CRC-32
    8e6c4c5f
    File type
    Windows executable
    First seen
    2012-09-21
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh3.tmp\YES_on.bmp
    Size
    6.1K
    SHA-1
    f9e886f49f21b8c261cc7f02b562451a2f24a5db
    MD5
    d768ea3ed4ca22b440f113de9e865635
    CRC-32
    cd81ab5f
    File type
    Device-independent bitmap (DIB) file
    First seen
    2012-01-21
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh3.tmp\DECLINE.bmp
    Size
    6.1K
    SHA-1
    7aee6dc1af7969caed8e82d5a1ca43f19c31e507
    MD5
    01cdd4fd9b372dec8f9bb80685772cc9
    CRC-32
    cfa1ccee
    File type
    Device-independent bitmap (DIB) file
    First seen
    2012-01-21
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh3.tmp\pwgen.dll
    Size
    17K
    SHA-1
    f44b192d66473f01a6540aaec4b6c9ac4c611d35
    MD5
    a555472395178ac8c733d90928e05017
    CRC-32
    452cc453
    File type
    Windows executable
    First seen
    2011-04-14
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh3.tmp\AGREE_on.bmp
    Size
    6.1K
    SHA-1
    4e52e2235a7fbee124a70f32c9a164e102fdae0f
    MD5
    fef0bd3da656c531a06b0e55d5182cc5
    CRC-32
    e64bb085
    File type
    Device-independent bitmap (DIB) file
    First seen
    2012-01-21
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh3.tmp\NO.bmp
    Size
    6.1K
    SHA-1
    467b7592d244faa23a9d34324560cd4faeea3204
    MD5
    0b9acd52fbda383e587d5cc541f1c452
    CRC-32
    f38239d8
    File type
    Device-independent bitmap (DIB) file
    First seen
    2012-01-21
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh3.tmp\left.ole
    Size
    20K
    SHA-1
    d72945a82c3d78e9fb88d864fb2c8242e019895a
    MD5
    d5a6822b058ba6f087281180ae9bc969
    CRC-32
    255ebb24
    File type
    JPEG Interchange Format
    First seen
    2013-03-26
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh3.tmp\DISAGREE.bmp
    Size
    6.1K
    SHA-1
    61e6ac263d36ffd1101263c8fa4b9acd74412330
    MD5
    43bdb43c6b8a5e77a2480a377e6a32c5
    CRC-32
    f51a154b
    File type
    Device-independent bitmap (DIB) file
    First seen
    2012-01-21
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh3.tmp\BLANK.bmp
    Size
    6.8K
    SHA-1
    cbab34e25b66c39bd0446372331f78389ee9c2ef
    MD5
    13d33c398ac619eba25079172dc93c19
    CRC-32
    acabc5ac
    File type
    Device-independent bitmap (DIB) file
    First seen
    2012-01-21
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh3.tmp\banner.ole
    Size
    15K
    SHA-1
    7bec0c5f712d09e88b53dabbf597272106056ee0
    MD5
    c19eab5cfd8f86483fa92868d1c48a24
    CRC-32
    44ddde24
    File type
    JPEG Interchange Format
    First seen
    2013-03-26
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh3.tmp\CANCEL.bmp
    Size
    6.1K
    SHA-1
    7b7e0756f0632676c7ed887ac91fd8a4ebed0e21
    MD5
    269b0cb08414e7519c95b583fc62a068
    CRC-32
    1bb7a170
    File type
    Device-independent bitmap (DIB) file
    First seen
    2012-01-21
Registry Keys Created
  • HKLM\SOFTWARE\dlQUE
    PGMid
    2EwuVKjn4sKZ0qkL
Processes Created
  • c:\docume~1\support\locals~1\temp\nsh3.tmp\fget.exe
HTTP Requests
  • http://www.ezthemes.com/installer_writelog.php
  • http://www.themexp.org/country_err.php
  • http://www.windows7screensavers.com/installer_writelog.php
DNS Requests
  • www.ezthemes.com
  • www.themexp.org
  • www.windows7screensavers.com

Download Sophos Produkte kostenlos testen
Jetzt downloaden