Search Donkey

Category: Adware and PUAs Protection available since:13 Dec 2013 06:52:32 (GMT)
Type: Unspecified PUA Last Updated:07 Sep 2014 04:19:30 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Search Donkey include:

Example 1

File Information

Size
400K
SHA-1
02a5696f29b885c90b9216cd2bb76a681c4b5910
MD5
5123245316e337427c38ac6896b28b8e
CRC-32
1bd52c21
File type
Windows executable
First seen
2014-02-06

Runtime Analysis

Registry Keys Created
  • HKCR\DynConIE.DynConIEObject.1
    (Default)
    Websteroids
  • HKCR\DynConIE.DynConIEObject\CurVer
    (Default)
    DynConIE.DynConIEObject.1
  • HKCR\AppID\DynConIE.DLL
    AppID
    {384997EE-E3BE-49C4-9ECA-C62B7C08128A}
  • HKCR\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
    (Default)
    IDynConIEObject
  • HKCR\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}\1.0\0\win32
    (Default)
    c:\test_item.dll
  • HKCR\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}\1.0
    (Default)
    Common 430 1.0 Type Library
  • HKCR\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}\1.0\FLAGS
    (Default)
  • HKCR\CLSID\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}\VersionIndependentProgID
    (Default)
    DynConIE.DynConIEObject
  • HKCR\CLSID\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}\TypeLib
    (Default)
    {781ca792-9b6e-400b-b36f-15c097d2ca54}
  • HKCR\CLSID\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}\InprocServer32
    ThreadingModel
    Apartment
  • HKCR\DynConIE.DynConIEObject\CLSID
    (Default)
    {44ed99e2-16a6-4b89-80d6-5b21cf42e78b}
  • HKCR\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}\TypeLib
    Version
    1.0
  • HKCR\DynConIE.DynConIEObject
    (Default)
    Websteroids
  • HKCR\AppID\{384997EE-E3BE-49C4-9ECA-C62B7C08128A}
    (Default)
    DynConIE
  • HKCU\Software\DynConIE
    id
    cCc51b05a66365F005AD572E4F6772C9
  • HKCR\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}\1.0\HELPDIR
    (Default)
    c:
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}
    NoExplorer
    0x00000001
  • HKCR\CLSID\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}\ProgID
    (Default)
    DynConIE.DynConIEObject.1
  • HKCR\DynConIE.DynConIEObject.1\CLSID
    (Default)
    {44ed99e2-16a6-4b89-80d6-5b21cf42e78b}
  • HKCR\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\CLSID\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}
    (Default)
    Websteroids

Example 2

File Information

Size
400K
SHA-1
050f9ae615d0307080a8b808042125ec18bd1075
MD5
0e2916c45cae77548ac3c1ac167458f1
CRC-32
8cec7ae7
File type
Windows executable
First seen
2013-12-20

Runtime Analysis

Registry Keys Created
  • HKCR\CLSID\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}
    (Default)
    Websteroids
  • HKCU\Software\DynConIE
    id
    cCc3e7cbda28769E72CE97CDD263F1BD
  • HKCR\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
    (Default)
    IDynConIEObject
  • HKCR\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}\1.0\0\win32
    (Default)
    c:\test_item.dll
  • HKCR\DynConIE.DynConIEObject.1
    (Default)
    Websteroids
  • HKCR\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\AppID\{384997EE-E3BE-49C4-9ECA-C62B7C08128A}
    (Default)
    DynConIE
  • HKCR\DynConIE.DynConIEObject\CurVer
    (Default)
    DynConIE.DynConIEObject.1
  • HKCR\DynConIE.DynConIEObject
    (Default)
    Websteroids
  • HKCR\AppID\DynConIE.DLL
    AppID
    {384997EE-E3BE-49C4-9ECA-C62B7C08128A}
  • HKCR\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}\1.0\FLAGS
    (Default)
  • HKCR\CLSID\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}\ProgID
    (Default)
    DynConIE.DynConIEObject.1
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}
    NoExplorer
    0x00000001
  • HKCR\CLSID\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}\TypeLib
    (Default)
    {781ca792-9b6e-400b-b36f-15c097d2ca54}
  • HKCR\CLSID\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}\InprocServer32
    ThreadingModel
    Apartment
  • HKCR\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\DynConIE.DynConIEObject.1\CLSID
    (Default)
    {44ed99e2-16a6-4b89-80d6-5b21cf42e78b}
  • HKCR\DynConIE.DynConIEObject\CLSID
    (Default)
    {44ed99e2-16a6-4b89-80d6-5b21cf42e78b}
  • HKCR\CLSID\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}\VersionIndependentProgID
    (Default)
    DynConIE.DynConIEObject
  • HKCR\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}\1.0
    (Default)
    Common 430 1.0 Type Library
  • HKCR\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}\1.0\HELPDIR
    (Default)
    c:
  • HKCR\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}\TypeLib
    Version
    1.0

Example 3

File Information

Size
471K
SHA-1
0bc0bfccbbd6885279789f72792bed786e39db9f
MD5
7960a33ef6ce9ef9ec76e4737ae05944
CRC-32
c8552598
File type
Windows executable
First seen
2013-11-23

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\tbdm.txt
HTTP Requests
  • http://d.tubedimmerapp.com/updater/images/TubeDimmer.ico
  • http://d.tubedimmerapp.com/updater/tbdm.txt
DNS Requests
  • d.tubedimmerapp.com

download Try Sophos products for free
Download now