Mail.ru Downloader

Category: Adware and PUAs Protection available since:11 Dec 2012 00:30:03 (GMT)
Type: Unspecified PUA Last Updated:25 Jun 2014 16:54:11 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Mail.ru Downloader is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of Mail.ru Downloader include:

Example 1

File Information

Size
53K
SHA-1
002eea200d83636a898b31de7bab26ff9447b506
MD5
7281671a8ce6a53542d70d8ded0190c5
CRC-32
b44bb979
File type
Windows executable
First seen
2012-12-06

Runtime Analysis

Dropped Files
  • C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
  • C:\Documents and Settings\All Users\Favorites\Mail.Ru.url
  • c:\Documents and Settings\test user\Local Settings\Application Data\Mail.Ru\GoMailRu.ico
  • C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\GuardMailRu.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\ie.reg
  • C:\Program Files\Mail.Ru\Sputnik\SputnikFlashPlayer.exe
  • c:\Documents and Settings\test user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
  • c:\Documents and Settings\test user\Local Settings\Application Data\Mail.Ru\Sputnik\MailRu.ico
  • C:\Program Files\Mail.Ru\Sputnik\mailrusputnik.exe
Registry Keys Created
  • HKCR\MailRu.MailRuSputnikObj
    (Default)
    ???????@Mail.Ru
  • HKCR\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF}\VersionIndependentProgID
    (Default)
    MailRu.MailRuSputnikObj
  • HKCR\MailRu.MailRuSputnikObj.1
    (Default)
    ???????@Mail.Ru
  • HKCR\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB}\TypeLib
    (Default)
    {D9396DCA-81B4-4C62-8C48-619573A3C4E6}
  • HKCU\Software\Mail.Ru\IE_Bar
    LiteMode
    0x00000000
  • HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
    SuggestionsURL
    http://suggests.go.mail.ru/ie8?q={SearchTerms}
  • HKCR\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF}\InprocServer32
    ThreadingModel
    Apartment
  • HKLM\SOFTWARE\Mail.Ru
    sputnik_installs
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
    {09900DE8-1DCA-443F-9243-26FF581438AF}
    ???????@Mail.Ru
  • HKCR\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB}\ProgID
    (Default)
    MailRuSputnik.MailRuBHO.1
  • HKCR\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF}\TypeLib
    (Default)
    {D9396DCA-81B4-4C62-8C48-619573A3C4E6}
  • HKCU\Software\Microsoft\Internet Explorer\SearchScopes
    DefaultScope
    {FFEBBF0A-C22C-4172-89FF-45215A135AC7}
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
    MRSPUTNIK 2, 4, 1, 110
  • HKCR\MailRuSputnik.MailRuBHO
    (Default)
    MailRuBHO Class
  • HKCU\Software\Mail.Ru\IE_Bar\Settings
    AppendOnNavigateError
    0x00000001
  • HKCR\MailRuSputnik.MailRuBHO.1
    (Default)
    MailRuBHO Class
  • HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
    {09900DE8-1DCA-443F-9243-26FF581438AF}
    ???????@Mail.Ru
  • HKCR\MailRuSputnik.MailRuBHO\CurVer
    (Default)
    MailRuSputnik.MailRuBHO.1
  • HKCR\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF}
    (Default)
    ???????@Mail.Ru
  • HKCR\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB}\VersionIndependentProgID
    (Default)
    MailRuSputnik.MailRuBHO
  • HKCR\MailRu.MailRuSputnikObj.1\CLSID
    (Default)
    {09900DE8-1DCA-443F-9243-26FF581438AF}
  • HKCR\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB}
    (Default)
    MailRuBHO Class
  • HKCR\MailRu.MailRuSputnikObj\CurVer
    (Default)
    MailRu.MailRuSputnikObj.1
  • HKCU\Software\Microsoft\Internet Explorer\Approved Extensions
    {8984B388-A5BB-4DF7-B274-77B879E179DB}
    Qf□□l□□□□□□□□□□□□□□□□□□□p}□P□□□□□□□□
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MailRuSputnik
    VersionMinor
    0x00000004
  • HKCR\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB}\InprocServer32
    ThreadingModel
    Apartment
  • HKCR\MailRuSputnik.MailRuBHO\CLSID
    (Default)
    {8984B388-A5BB-4DF7-B274-77B879E179DB}
  • HKCR\MailRuSputnik.MailRuBHO.1\CLSID
    (Default)
    {8984B388-A5BB-4DF7-B274-77B879E179DB}
  • HKCU\Software\Mail.Ru\IE_Bar\Recovery\ie
    DefaultScope
  • HKCR\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF}\ProgID
    (Default)
    MailRu.MailRuSputnikObj.1
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8984B388-A5BB-4DF7-B274-77B879E179DB}
    (Default)
    ???????@Mail.Ru
  • HKCR\MailRu.MailRuSputnikObj\CLSID
    (Default)
    {09900DE8-1DCA-443F-9243-26FF581438AF}
Registry Keys Modified
  • HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
    ITBarLayout
    11 00 00 00 4c 00 00 00 00 00 00 00 34 00 00 00 1f 00 00 00 00 00 00 00 01 00 00 00 20 07 00 00 a0 0f 00 00 05 00 00 00 62 05 00 00 26 00 00 00 02 00 00 00 21 07 00 00 a0 0f 00 00 04 00 00 00 21 01 00 00 a0 0f 00 00 03 00 00 00 20 03 00 00 00 00 00 00 06 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 0d 90 09 ca 1d 3f 44 92 43 26 ff 58 14 38 af 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKCU\Software\Microsoft\Internet Explorer\Main
    Start Page
    http://www.mail.ru/cnt/9516
Processes Created
  • c:\docume~1\support\locals~1\temp\mailrusputnik.exe
HTTP Requests
  • http://binupdate.mail.ru/dwnld/url
  • http://exe.agent.mail.ru/sputnik/mailrusputnik.exe
  • http://internetmailru.cdnmail.ru/Internet.exe
  • http://mrb.mail.ru/update/2/version.txt
  • http://profitraf.ru/get_xml
  • http://r.mail.ru/cln5491/exe.agent.mail.ru/sputnik/mailrusputnik.exe
DNS Requests
  • binupdate.mail.ru
  • exe.agent.mail.ru
  • internetmailru.cdnmail.ru
  • mrb.mail.ru
  • profitraf.ru
  • r.mail.ru
  • s1.file-space.org

Example 2

File Information

Size
50K
SHA-1
003cc88c925b7587453c97de2f9d9294393afd0f
MD5
d0b580d82d7ce70e8bc01c959ff3200f
CRC-32
e11f8980
File type
Windows executable
First seen
2007-07-09

Runtime Analysis

HTTP Requests
  • http://binupdate.mail.ru/dwnld/url
  • http://n-torrents.ru/_ld/161/16152_N-TORRENTS.RU.torrent
  • http://n-torrents.ru/load/0-0-0-16152-20
  • http://profitraf.ru/get_xml
DNS Requests
  • binupdate.mail.ru
  • n-torrents.ru
  • profitraf.ru

Example 3

File Information

Size
50K
SHA-1
00bd9e82fbd764a17347b95cfbdb5599da0b5bd0
MD5
9c961a93e3ee54cff4bc7088bcf8d7a3
CRC-32
8fef3080
File type
Windows executable
First seen
2012-11-26

Runtime Analysis

Dropped Files
  • C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\runprog.exe
  • C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
  • C:\Program Files\Mail.Ru\Sputnik\SputnikFlashPlayer.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\ie.reg
  • c:\Documents and Settings\test user\Local Settings\Temp\Internet.exe.xdl!
  • C:\Program Files\Mail.Ru\Sputnik\mailrusputnik.exe
  • c:\Documents and Settings\test user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
  • c:\Documents and Settings\test user\Local Settings\Application Data\Mail.Ru\GoMailRu.ico
  • c:\Documents and Settings\test user\Local Settings\Application Data\Mail.Ru\Sputnik\MailRu.ico
  • c:\Documents and Settings\test user\Desktop\pro-evolution-soccer-2013.torrent
  • C:\Documents and Settings\All Users\Favorites\Mail.Ru.url
  • c:\Documents and Settings\test user\Local Settings\Temp\.xdl!
Registry Keys Created
  • HKCU\Software\Mail.Ru\IE_Bar\Settings
    Layout_ID
    0x00000006
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8984B388-A5BB-4DF7-B274-77B879E179DB}
    (Default)
    ???????@Mail.Ru
  • HKCR\MailRuSputnik.MailRuBHO.1
    (Default)
    MailRuBHO Class
  • HKCR\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF}
    (Default)
    ???????@Mail.Ru
  • HKCR\MailRuSputnik.MailRuBHO.1\CLSID
    (Default)
    {8984B388-A5BB-4DF7-B274-77B879E179DB}
  • HKCR\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB}\VersionIndependentProgID
    (Default)
    MailRuSputnik.MailRuBHO
  • HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
    {09900DE8-1DCA-443F-9243-26FF581438AF}
    ???????@Mail.Ru
  • HKCR\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB}
    (Default)
    MailRuBHO Class
  • HKCR\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF}\InprocServer32
    ThreadingModel
    Apartment
  • HKCR\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB}\InprocServer32
    ThreadingModel
    Apartment
  • HKCR\MailRuSputnik.MailRuBHO\CurVer
    (Default)
    MailRuSputnik.MailRuBHO.1
  • HKCR\MailRu.MailRuSputnikObj\CurVer
    (Default)
    MailRu.MailRuSputnikObj.1
  • HKCR\MailRuSputnik.MailRuBHO
    (Default)
    MailRuBHO Class
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
    {09900DE8-1DCA-443F-9243-26FF581438AF}
    ???????@Mail.Ru
  • HKCR\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB}\ProgID
    (Default)
    MailRuSputnik.MailRuBHO.1
  • HKCR\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF}\VersionIndependentProgID
    (Default)
    MailRu.MailRuSputnikObj
  • HKCR\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF}\TypeLib
    (Default)
    {D9396DCA-81B4-4C62-8C48-619573A3C4E6}
  • HKCU\Software\Microsoft\Internet Explorer\Approved Extensions
    {8984B388-A5BB-4DF7-B274-77B879E179DB}
    Qf□□l□□□□□□□□□□□□□□□□□□□p}□P□□□□□□□□
  • HKCR\MailRu.MailRuSputnikObj\CLSID
    (Default)
    {09900DE8-1DCA-443F-9243-26FF581438AF}
  • HKCR\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF}\ProgID
    (Default)
    MailRu.MailRuSputnikObj.1
  • HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
    SuggestionsURL
    http://suggests.go.mail.ru/ie8?q={SearchTerms}
  • HKCR\MailRu.MailRuSputnikObj.1\CLSID
    (Default)
    {09900DE8-1DCA-443F-9243-26FF581438AF}
  • HKCR\MailRu.MailRuSputnikObj.1
    (Default)
    ???????@Mail.Ru
  • HKCU\Software\Mail.Ru\IE_Bar\Recovery\ie
    DefaultScope
  • HKCU\Software\Microsoft\Internet Explorer\SearchScopes
    DefaultScope
    {FFEBBF0A-C22C-4172-89FF-45215A135AC7}
  • HKCR\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB}\TypeLib
    (Default)
    {D9396DCA-81B4-4C62-8C48-619573A3C4E6}
  • HKCR\MailRuSputnik.MailRuBHO\CLSID
    (Default)
    {8984B388-A5BB-4DF7-B274-77B879E179DB}
  • HKCR\MailRu.MailRuSputnikObj
    (Default)
    ???????@Mail.Ru
Registry Keys Modified
  • HKCU\Software\Microsoft\Internet Explorer\Main
    Start Page
    http://www.mail.ru/cnt/9516
  • HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
    ITBarLayout
    11 00 00 00 4c 00 00 00 00 00 00 00 34 00 00 00 1f 00 00 00 00 00 00 00 01 00 00 00 20 07 00 00 a0 0f 00 00 05 00 00 00 62 05 00 00 26 00 00 00 02 00 00 00 21 07 00 00 a0 0f 00 00 04 00 00 00 21 01 00 00 a0 0f 00 00 03 00 00 00 20 03 00 00 00 00 00 00 06 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 0d 90 09 ca 1d 3f 44 92 43 26 ff 58 14 38 af 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Processes Created
  • c:\docume~1\support\locals~1\temp\runprog.exe
HTTP Requests
  • http://binupdate.mail.ru/dwnld/url
  • http://download-games-torrent.ru/engine/download.php
  • http://exe.agent.mail.ru/sputnik/mailrusputnik.exe
  • http://internetmailru.cdnmail.ru/Internet.exe
  • http://mrb.mail.ru/update/2/version.txt
  • http://profitraf.ru/get_xml
  • http://r.mail.ru/cln5491/exe.agent.mail.ru/sputnik/mailrusputnik.exe
DNS Requests
  • binupdate.mail.ru
  • download-games-torrent.ru
  • exe.agent.mail.ru
  • internetmailru.cdnmail.ru
  • mrb.mail.ru
  • profitraf.ru
  • r.mail.ru

download Try Sophos products for free
Download now