BigBrother

Category:	Adware and PUAs	Protection available since:	14 Apr 2011 21:36:29 (GMT)
Type:	Remote Administration Tool	Last Updated:	14 Apr 2011 21:36:29 (GMT)

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of BigBrother include:

Example 1

Other vendor detection

Kaspersky: not-a-virus:Monitor.Win32.BigBrother.104

Runtime Analysis

Dropped Files

C:\WINDOWS\Help\BIGBRO.HLP
Size
21K
SHA-1
892f2a0d02b3f3f162a331f9fa09fc0e06d01096
MD5
63357820c868252fdc30fa21a53f2d1c
CRC-32
c634291c
File type
application/octet-stream
First seen
2011-04-14
c:\Documents and Settings\test user\Local Settings\Temp\MSE2.tmp\BIGBRO.INF
Size
1.3K
SHA-1
24994ca62f734e27fb16d194d1d4a5007c620739
MD5
c74a5da4259454dd3d370e94d194cc59
CRC-32
264df581
File type
application/octet-stream
First seen
2011-04-14
C:\WINDOWS\Help\BigBro.cnt
Size
708
SHA-1
da5b95d4f163fd9677d5a5ea2db4f1516a27f437
MD5
cbb9a52f81c55e053cea622e38aac75c
CRC-32
32626670
File type
application/octet-stream
First seen
2011-04-14
C:\WINDOWS\Klever\BigBro.exe
c:\Documents and Settings\test user\Local Settings\Temp\MSE2.tmp\BIGBRO.EXE
c:\Documents and Settings\test user\Local Settings\Temp\MSE2.tmp\BIGBRO.HLP
Size
21K
SHA-1
892f2a0d02b3f3f162a331f9fa09fc0e06d01096
MD5
63357820c868252fdc30fa21a53f2d1c
CRC-32
c634291c
File type
application/octet-stream
First seen
2011-04-14
C:\WINDOWS\inf\BIGBRO.INF
Size
1.3K
SHA-1
24994ca62f734e27fb16d194d1d4a5007c620739
MD5
c74a5da4259454dd3d370e94d194cc59
CRC-32
264df581
File type
application/octet-stream
First seen
2011-04-14
c:\Documents and Settings\test user\Start Menu\Programs\Accessories\Klever Co\Big Brother.lnk
Size
592
SHA-1
d7e481261aeac3581e92d84a151a1291929547dd
MD5
e02497cb18e4bb8ea83d2ae941ad93c2
CRC-32
5c410eff
File type
application/octet-stream
First seen
2011-04-14
c:\Documents and Settings\test user\Local Settings\Temp\MSE2.tmp\BIGBRO.CNT
Size
708
SHA-1
da5b95d4f163fd9677d5a5ea2db4f1516a27f437
MD5
cbb9a52f81c55e053cea622e38aac75c
CRC-32
32626670
File type
application/octet-stream
First seen
2011-04-14

Modified Files

%SYSTEM%\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp

Registry Keys Created

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BigBrother
UninstallString
RunDll setupx.dll,InstallHinfSection DefaultUninstall 4 BIGBRO.INF

Registry Keys Modified

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
Installation Sources
C:\DOCUME~1\support\LOCALS~1\Temp\MSE2.tmp D:\I386 D:\

Processes Created

c:\windows\system32\rundll32.exe

Example 2

Runtime Analysis

Registry Keys Created

HKCR\.BRO
(Default)
BigBrother.Document
HKCR\BigBrother.Document
(Default)
BigBro Document
HKCR\BigBrother.Document\DefaultIcon
(Default)
c:\test_item.exe,1
HKCR\.BRO\ShellNew
NullFile

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

BigBrother

Example 1

Other vendor detection

Runtime Analysis

Dropped Files

Modified Files

Registry Keys Created

Registry Keys Modified

Processes Created

Example 2

Runtime Analysis

Registry Keys Created

Free Mac Anti-Virus

Popular topics