Sanctioned Media

Category: Adware and PUAs Protection available since:27 Oct 2011 00:41:09 (GMT)
Type: Adware Last Updated:25 Mar 2013 20:23:07 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Sanctioned Media include:

Example 1

File Information

Size
43K
SHA-1
1cf8205ed41debccb2ee2e410c260c28d3c4e6d3
MD5
ba86e1110a81541cc5cb48724f91127a
CRC-32
8fff0c43
File type
Windows executable
First seen
2011-09-02

Example 2

File Information

Size
52K
SHA-1
1e87ebca46f449f2b8ec31b5cd3b7979732f8bd5
MD5
b01b3d48cee348e90c779a2926f0795b
CRC-32
49fcd554
File type
Windows executable
First seen
2011-06-25

Example 3

File Information

Size
52K
SHA-1
2bfbc94071a6cd2d38a50f48889652a8c22c7389
MD5
567aa9e96433b95ab3d107d5b070c223
CRC-32
345d63f8
File type
Windows executable
First seen
2011-07-05

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Application Data\SanctionedMedia\Smad\Smad.exe
    Size
    43K
    SHA-1
    f0425269ff429c6564400dfe5549e5dc73dc8122
    MD5
    14be2e149604bdc7c4e0f913e80a11dd
    CRC-32
    9487ce6c
    File type
    Windows executable
    First seen
    2011-07-05
Modified Files
  • %PROFILE%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    • Changed the file contents
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Smad
    "c:\Documents and Settings\test user\Local Settings\Application Data\SanctionedMedia\Smad\Smad.exe"
  • HKCU\Software\SanctionedMedia\Smad
    Uid
    MJBU-BIDP-MHXN-LNGQ
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smad
    DisplayName
    SanctionedMedia
Processes Created
  • c:\Documents and Settings\test user\local settings\application data\sanctionedmedia\smad\smad.exe
HTTP Requests
  • http://www.sanctionedmedia.com/version2.XML
DNS Requests
  • www.sanctionedmedia.com

download Try Sophos products for free
Download now