Mail.ru Downloader

Category: Adware and PUAs Protection available since:11 Dec 2012 00:30:03 (GMT)
Type: Unspecified PUA Last Updated:11 Dec 2012 00:30:03 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Mail.ru Downloader is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of Mail.ru Downloader include:

Example 1

File Information

Size
50K
SHA-1
00289b7f3c965e967e41c099427ac873cb922b41
MD5
3a8aa4018a5e12172a2181609427b2fa
CRC-32
220ab302
File type
Windows executable
First seen
2012-12-03

Runtime Analysis

Dropped Files
  • C:\Program Files\Mail.Ru\Sputnik\SputnikFlashPlayer.exe
    Size
    582K
    SHA-1
    9c809656571806145e8ac94111ab84fc3f367b9d
    MD5
    8d2e41b2b917b361c50b74db271d31b9
    CRC-32
    e0bc0264
    File type
    Windows executable
    First seen
    2012-10-30
  • c:\Documents and Settings\test user\Local Settings\Temp\Internet.exe.xdl!
    Size
    17M
    SHA-1
    fd12d3743f42c1c73b10a526cfd25de6382231b5
    MD5
    b942aecb5c18564c148fd42eed1cce9a
    CRC-32
    c2603525
    File type
    Windows executable
    First seen
    2012-11-29
  • C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
    Size
    1.8M
    SHA-1
    369d920cb822f0b4d7231fd6f4ec00b59b05deaf
    MD5
    b8922d1f13333e8cd3555d35b81fb57f
    CRC-32
    66958c90
    File type
    Windows executable
    First seen
    2012-10-30
  • C:\Program Files\Mail.Ru\Sputnik\mailrusputnik.exe
    Size
    4.5M
    SHA-1
    f57d036135dc27bd0388915f4103036e83d8d7ca
    MD5
    7215345d63652dc8e750a5d40088284e
    CRC-32
    229e204a
    File type
    Windows executable
    First seen
    2012-10-30
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012120420121205
    CacheRepair
    0x00000000
HTTP Requests
  • http://binupdate.mail.ru/dwnld/url
  • http://exe.agent.mail.ru/sputnik/mailrusputnik.exe
  • http://internetmailru.cdnmail.ru/Internet.exe
  • http://mrb.mail.ru/update/2/version.txt
  • http://n-torrents.ru/_ld/145/14576_Dishonored_by_S.torrent
  • http://n-torrents.ru/load/0-0-0-14576-20
  • http://profitraf.ru/get_xml
  • http://r.mail.ru/cln5491/exe.agent.mail.ru/sputnik/mailrusputnik.exe
DNS Requests
  • binupdate.mail.ru
  • exe.agent.mail.ru
  • internetmailru.cdnmail.ru
  • mrb.mail.ru
  • n-torrents.ru
  • profitraf.ru
  • r.mail.ru

Example 2

File Information

Size
44K
SHA-1
0062620646e2424593af42c8683ded7df3792f17
MD5
f08963ff8c39abd1e4782302e9673316
CRC-32
6e53b37f
File type
Windows executable
First seen
2012-11-16

Runtime Analysis

Dropped Files
  • C:\Program Files\Mail.Ru\Sputnik\SputnikFlashPlayer.exe
    Size
    582K
    SHA-1
    9c809656571806145e8ac94111ab84fc3f367b9d
    MD5
    8d2e41b2b917b361c50b74db271d31b9
    CRC-32
    e0bc0264
    File type
    Windows executable
    First seen
    2012-10-30
  • c:\Documents and Settings\test user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
    Size
    1.8K
    SHA-1
    ce626526cdd6d879fcfbd63e71b89be7752c66a6
    MD5
    6612f3f4e3599167c7fb3e9a2adf39a5
    CRC-32
    98126198
    File type
    Windows Shortcut file (.LNK)
    First seen
    2012-11-16
  • c:\Documents and Settings\test user\Local Settings\Application Data\Mail.Ru\GoMailRu.ico
    Size
    122K
    SHA-1
    b0920e159bc1eca47d7dd9e950b65c03e61b42c3
    MD5
    678737d36baabc4d152e6d5af7115c10
    CRC-32
    bcf59632
    File type
    Icon for 32-bit Windows
    First seen
    2011-09-24
  • C:\Documents and Settings\All Users\Favorites\Mail.Ru.url
    Size
    152
    SHA-1
    76f691e383ec8bf1f554abe0f91ceadba62af3b3
    MD5
    c48288674af90ab27b68ecb1f025a6a5
    CRC-32
    5b1e5424
    File type
    Configuration Data File (generic)
    First seen
    2012-10-10
  • c:\Documents and Settings\test user\Local Settings\Temp\GuardMailRu.exe
    Size
    2.2M
    SHA-1
    921ec9e6a40e1d53bde65fd95728896226e76602
    MD5
    5e1555f00a1f93b3c2748bd42d4720bb
    CRC-32
    1e40cb9a
    File type
    Windows executable
    First seen
    2012-10-30
  • c:\Documents and Settings\test user\Local Settings\Temp\Internet.exe.xdl!
    Size
    19M
    SHA-1
    5078f5800d1e0e20b27ec0c98dbf5cbb69370f6a
    MD5
    94088fb4f98897cd08144379b5b8e99a
    CRC-32
    dc19efd1
    File type
    Windows executable
    First seen
    2012-11-13
  • c:\Documents and Settings\test user\Local Settings\Temp\ie.reg
    Size
    336
    SHA-1
    48ca64c27bd52fcd2d5953a10aedc28bcca7ef6d
    MD5
    eade9dbd92d81933aa3b2c3d03505a5b
    CRC-32
    ab896da3
    File type
    Windows regedit file (.reg)
    First seen
    2012-10-10
  • C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
    Size
    1.8M
    SHA-1
    369d920cb822f0b4d7231fd6f4ec00b59b05deaf
    MD5
    b8922d1f13333e8cd3555d35b81fb57f
    CRC-32
    66958c90
    File type
    Windows executable
    First seen
    2012-10-30
  • C:\Program Files\Mail.Ru\Sputnik\mailrusputnik.exe
    Size
    4.5M
    SHA-1
    f57d036135dc27bd0388915f4103036e83d8d7ca
    MD5
    7215345d63652dc8e750a5d40088284e
    CRC-32
    229e204a
    File type
    Windows executable
    First seen
    2012-10-30
  • C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
    Size
    2.2M
    SHA-1
    921ec9e6a40e1d53bde65fd95728896226e76602
    MD5
    5e1555f00a1f93b3c2748bd42d4720bb
    CRC-32
    1e40cb9a
    File type
    Windows executable
    First seen
    2012-10-30
  • c:\Documents and Settings\test user\Local Settings\Application Data\Mail.Ru\Sputnik\MailRu.ico
    Size
    25K
    SHA-1
    ecf132289a6428ccdfa97cf1ac316dd36b8c9e07
    MD5
    6686266728fa1dd286d097fec1a0ca5b
    CRC-32
    bfc229ef
    File type
    Unspecified binary - probably data
    First seen
    2011-02-12
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\Guard.Mail.ru\Enum
    NextInstance
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8984B388-A5BB-4DF7-B274-77B879E179DB}
    (Default)
    ???????@Mail.Ru
  • HKCU\Software\Microsoft\Internet Explorer\SearchScopes
    DefaultScope
    {FFEBBF0A-C22C-4172-89FF-45215A135AC7}
  • HKCU\Software\Microsoft\Internet Explorer\Approved Extensions
    {8984B388-A5BB-4DF7-B274-77B879E179DB}
    Qf□□l□□□□□□□□□□□□□□□□□□□p}□P□□□□□□□□
  • HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
    {09900DE8-1DCA-443F-9243-26FF581438AF}
    ???????@Mail.Ru
  • HKCR\MailRuSputnik.MailRuBHO\CurVer
    (Default)
    MailRuSputnik.MailRuBHO.1
  • HKCR\MailRuSputnik.MailRuBHO.1
    (Default)
    MailRuBHO Class
  • HKCU\Software\Mail.Ru\IE_Bar\Settings
    AppendOnNavigateError
    0x00000001
  • HKCR\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF}\ProgID
    (Default)
    MailRu.MailRuSputnikObj.1
  • HKLM\SOFTWARE\Mail.Ru\Guard
    UserGUID
    {04464702-6EA5-4258-91BC-4A166D58BB80}
  • HKCR\MailRu.MailRuSputnikObj.1
    (Default)
    ???????@Mail.Ru
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
    {09900DE8-1DCA-443F-9243-26FF581438AF}
    ???????@Mail.Ru
  • HKCR\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF}
    (Default)
    ???????@Mail.Ru
  • HKCR\MailRuSputnik.MailRuBHO.1\CLSID
    (Default)
    {8984B388-A5BB-4DF7-B274-77B879E179DB}
  • HKCR\MailRu.MailRuSputnikObj\CurVer
    (Default)
    MailRu.MailRuSputnikObj.1
  • HKCU\Software\Mail.Ru\IE_Bar
    LiteMode
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Guard.Mail.ru
    UninstallString
    "C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe" /uninstall
  • HKLM\SYSTEM\CurrentControlSet\Services\Guard.Mail.ru
    Description
    ???????????? ?????? ???????? ????????? ?? ???????????????????? ????????? (version 1.0.0.453)
  • HKCR\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF}\VersionIndependentProgID
    (Default)
    MailRu.MailRuSputnikObj
  • HKCU\Software\Mail.Ru\IE_Bar\Recovery\ie
    DefaultScope
  • HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
    SuggestionsURL
    http://suggests.go.mail.ru/ie8?q={SearchTerms}
  • HKCR\MailRu.MailRuSputnikObj.1\CLSID
    (Default)
    {09900DE8-1DCA-443F-9243-26FF581438AF}
  • HKCR\MailRuSputnik.MailRuBHO
    (Default)
    MailRuBHO Class
  • HKCR\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB}\InprocServer32
    ThreadingModel
    Apartment
  • HKCR\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB}\VersionIndependentProgID
    (Default)
    MailRuSputnik.MailRuBHO
  • HKCR\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF}\InprocServer32
    ThreadingModel
    Apartment
  • HKLM\SOFTWARE\Mail.Ru
    GuardNEW
    0x00000001
  • HKCR\MailRu.MailRuSputnikObj
    (Default)
    ???????@Mail.Ru
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
    MRSPUTNIK 2, 4, 1, 110
  • HKCR\MailRuSputnik.MailRuBHO\CLSID
    (Default)
    {8984B388-A5BB-4DF7-B274-77B879E179DB}
  • HKCR\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB}\ProgID
    (Default)
    MailRuSputnik.MailRuBHO.1
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MailRuSputnik
    VersionMinor
    0x00000004
  • HKCR\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB}\TypeLib
    (Default)
    {D9396DCA-81B4-4C62-8C48-619573A3C4E6}
  • HKCR\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF}\TypeLib
    (Default)
    {D9396DCA-81B4-4C62-8C48-619573A3C4E6}
  • HKLM\SYSTEM\CurrentControlSet\Services\Guard.Mail.ru\Security
    Security
    □□□@□□□□□□□□□□□□□□@□□□□□□□□□□□ □□□□□□□□□□□ □□@□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□@□□□□□□□□@□□□□□ □□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□0□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□ □□□□□
  • HKCR\MailRu.MailRuSputnikObj\CLSID
    (Default)
    {09900DE8-1DCA-443F-9243-26FF581438AF}
  • HKCR\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB}
    (Default)
    MailRuBHO Class
Registry Keys Modified
  • HKCU\Software\Microsoft\Internet Explorer\Main
    Start Page
    http://www.mail.ru/cnt/9516
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    Local AppData
    C:\Documents and Settings\LocalService\Local Settings\Application Data
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    Local AppData
    C:\Documents and Settings\LocalService\Local Settings\Application Data
  • HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
    ITBarLayout
    11 00 00 00 4c 00 00 00 00 00 00 00 34 00 00 00 1f 00 00 00 00 00 00 00 01 00 00 00 20 07 00 00 a0 0f 00 00 05 00 00 00 62 05 00 00 26 00 00 00 02 00 00 00 21 07 00 00 a0 0f 00 00 04 00 00 00 21 01 00 00 a0 0f 00 00 03 00 00 00 20 03 00 00 00 00 00 00 06 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 0d 90 09 ca 1d 3f 44 92 43 26 ff 58 14 38 af 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Processes Created
  • c:\docume~1\support\locals~1\temp\mailrusputnik.exe
  • c:\windows\system32\netsh.exe
  • c:\windows\system32\reg.exe
HTTP Requests
  • http://binupdate.mail.ru/dwnld/url
  • http://exe.agent.mail.ru/sputnik/mailrusputnik.exe
  • http://internetmailru.cdnmail.ru/Internet.exe
  • http://mrb.mail.ru/update/2/version.txt
  • http://profitraf.ru/get_xml
  • http://r.mail.ru/cln5491/exe.agent.mail.ru/sputnik/mailrusputnik.exe
DNS Requests
  • binupdate.mail.ru
  • exe.agent.mail.ru
  • internetmailru.cdnmail.ru
  • mrb.mail.ru
  • profitraf.ru
  • r.mail.ru

Example 3

File Information

Size
50K
SHA-1
00af737d30faa6fea2a7441307aca785a54bc258
MD5
c3106c127e721adbcf4dd92fe1e783f3
CRC-32
d0bb9cbc
File type
Windows executable
First seen
2012-12-01

download Try Sophos products for free
Download now