Advanced Mass Sender

Category: Viruses and Spyware Protection available since:02 Sep 2010 07:52:44 (GMT)
Type: Win32 worm Last Updated:13 Jun 2011 19:10:10 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Advanced Mass Sender include:

Example 1

Runtime Analysis

Registry Keys Created
  • HKCR\CLSID\{237561AB-1162-5837-1307-251216710420}\Info
    Data
    00 13 00 00 01 00 00 00 00 00 00 00 78 01 14 00 cd ab ba dc 00 00 00 00 a8 f9 12 00 7d de 0b 5d d4 f9 12 00 16 88 41 7e f8 fb fd 7f 50 d9 90 7c f4 f9 12 00 b0 f9 12 00 3c f6 90 7c 41 f6 90 7c f4 f9 12 00 50 d9 90 7c f8 fb fd 7f 8c f9 12 00 5c d9 90 7c 24 fb 12 00 00 e9 90 7c 48 f6 90 7c ff ff ff ff 41 00 90 7c db 6f dd 77 34 00 00 c0 1c fb 12 00 f8 fb fd 7f e6 6f dd 77 e8 fa 12 00 dc 00 00 00 f0 fa 12 00 dc fa 12 00 dc 00 00 00 00 00 00 00 f4 f9 12 00 96 01 01 00 00 00 00 00 00 00 00 00 34 00 00 c0 68 01 14 00 00 00 00 00 00 00 00 00 90 00 00 00 90 00 00 00 d0 a4 15 00 8f 01 ff ff 78 01 14 00 90 00 00 00 01 00 00 00 00 00 14 00 18 f8 12 00 90 fb 12 00 00 00 14 00 20 00 00 00 78 fa 12 00 b8 fa 12 00 00 00 00 00 64 fa 12 00 79 eb 01 00 12 00 00 00 a4 f9 12 00 [... 384 intervening characters ...] cc 2a 69 00 d4 2a 69 00 d0 55 f0 00 1c ef f1 00 1c ef f1 00 04 32 2e 30 30 ad 6b 52 95 ef ea 3f 0f 00 00 00 8c 2f 69 00 57 03 12 00 6c 52 95 ef 6c 52 95 ef 5a e2 e3 40 01 00 0d 00 14 00 0c 00

Example 2

Other vendor detection

Avira
Worm/IrcBot.5001058
Kaspersky
Backdoor.Win32.IRCBot.nou

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Thinstall\Advanced Mass Sender 4.3\Registry.tvr.backup
    Size
    4.0K
    SHA-1
    637ae26c2bb4d77485abd06d8a5f9ec5e17121b8
    MD5
    099ba93e30495eab8c734d6a2938b42d
    CRC-32
    f38b8b66
    File type
    application/octet-stream
    First seen
    2011-06-13
  • c:\Documents and Settings\test user\Application Data\Thinstall\Advanced Mass Sender 4.3\%ProgramFilesDir%\MassSender\Data\BadAdr.DAT
  • c:\Documents and Settings\test user\Application Data\Thinstall\Advanced Mass Sender 4.3\%ProgramFilesDir%\MassSender\Data\ProxyList.DAT
  • c:\Documents and Settings\test user\Application Data\Thinstall\Advanced Mass Sender 4.3\%ProgramFilesDir%\MassSender\Data\Accounts.DAT
  • c:\Documents and Settings\test user\Application Data\Thinstall\Advanced Mass Sender 4.3\%ProgramFilesDir%\MassSender\Data\StdGroups.DAT
  • c:\Documents and Settings\test user\Application Data\Thinstall\Advanced Mass Sender 4.3\%ProgramFilesDir%\MassSender\Data\MailList.IDX
  • c:\Documents and Settings\test user\Application Data\Thinstall\Advanced Mass Sender 4.3\%ProgramFilesDir%\MassSender\Data\BlackList.DAT
  • c:\Documents and Settings\test user\Application Data\Thinstall\Advanced Mass Sender 4.3\Registry.rw.lck
  • c:\Documents and Settings\test user\Application Data\Thinstall\Advanced Mass Sender 4.3\%ProgramFilesDir%\MassSender\Data\StdGroups.IDX
  • c:\Documents and Settings\test user\Application Data\Thinstall\Advanced Mass Sender 4.3\%ProgramFilesDir%\MassSender\Data\History.DAT
  • c:\Documents and Settings\test user\Application Data\Thinstall\Advanced Mass Sender 4.3\%ProgramFilesDir%\MassSender\Data\RandomFromList.IDX
  • c:\Documents and Settings\test user\Application Data\Thinstall\Advanced Mass Sender 4.3\%ProgramFilesDir%\MassSender\Data\RandomFromList.DAT
  • c:\Documents and Settings\test user\Application Data\Thinstall\Advanced Mass Sender 4.3\%ProgramFilesDir%\MassSender\Data\History.IDX
  • c:\Documents and Settings\test user\Application Data\Thinstall\Advanced Mass Sender 4.3\%ProgramFilesDir%\MassSender\Data\ProxyList.IDX
  • c:\Documents and Settings\test user\Application Data\Thinstall\Advanced Mass Sender 4.3\%ProgramFilesDir%\MassSender\Data\MailList.DAT
  • c:\Documents and Settings\test user\Application Data\Thinstall\Advanced Mass Sender 4.3\%ProgramFilesDir%\MassSender\Data\Accounts.IDX
  • c:\Documents and Settings\test user\Application Data\Thinstall\Advanced Mass Sender 4.3\%ProgramFilesDir%\MassSender\Data\BlackList.IDX
  • c:\Documents and Settings\test user\Application Data\Thinstall\Advanced Mass Sender 4.3\%ProgramFilesDir%\MassSender\Data\Groups.IDX
  • c:\Documents and Settings\test user\Application Data\Thinstall\Advanced Mass Sender 4.3\Registry.rw.tvr
    Size
    36K
    SHA-1
    d1a58163ada37b35b7416e54d28d7a9ab68ea6ee
    MD5
    6fee5b6ac612ea8c8606ec80e949f737
    CRC-32
    beacc327
    File type
    application/octet-stream
    First seen
    2011-06-13
  • c:\Documents and Settings\test user\Application Data\Thinstall\Advanced Mass Sender 4.3\%ProgramFilesDir%\MassSender\Data\BadAdr.IDX
  • c:\Documents and Settings\test user\Application Data\Thinstall\Advanced Mass Sender 4.3\%ProgramFilesDir%\MassSender\Data\NotSent.IDX
  • c:\Documents and Settings\test user\Application Data\Thinstall\Advanced Mass Sender 4.3\%ProgramFilesDir%\MassSender\Data\NotSent.DAT
  • c:\Documents and Settings\test user\Application Data\Thinstall\Advanced Mass Sender 4.3\%ProgramFilesDir%\MassSender\Data\Groups.DAT

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy