FT Downloader

Catégorie: Adwares et PUA Protection disponible depuis:15 avr. 2013 22:51:32 (GMT)
Type: Unspecified PUA Dernière mise à jour :18 août 2014 20:16:07 (GMT)

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

FT Downloader is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of FT Downloader include:

Example 1

File Information

Size
219K
SHA-1
07f3209e240b2059249f8e83396426dd9fbcc2f7
MD5
1b13e393b69636be35c40e9b2db62704
CRC-32
5202ab65
File type
Windows executable
First seen
2013-04-29

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn4.tmp\nsDialogs.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn4.tmp\decline.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn4.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn4.tmp\accept2.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn4.tmp\1clogo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn4.tmp\accept.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn4.tmp\noc
    Size
    6
    SHA-1
    bda0e1fd657de5f3e9b5ae54a37043e981b7ca8c
    MD5
    3fe3125b96d1930c55dbc47c2c31910b
    CRC-32
    493fbc20
    File type
    A small file (too small to be malicious)
    First seen
    2014-07-29
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn4.tmp\x.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn4.tmp\back_dis.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn4.tmp\box2.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn4.tmp\v_sign.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn4.tmp\accept1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn4.tmp\dAg
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn4.tmp\back.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn4.tmp\accept3.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn4.tmp\accept_disabled.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn4.tmp\box3.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn4.tmp\box.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn4.tmp\close.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn4.tmp\inetc3.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn4.tmp\complist.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn4.tmp\skip.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn4.tmp\locate.dll
Registry Keys Created
  • HKCU\Software\1ClickDownload
    LastInstall0
    30387037
HTTP Requests
  • http://data.torntv.net/country.asp
  • http://torntvz.com/ping.php
DNS Requests
  • data.torntv.net
  • torntvz.com

Example 2

File Information

Size
311K
SHA-1
31804b9cb22c91d67764e234bb63650a40c152c9
MD5
fef01f4a6a46dd42a0c5147bbc1fe5f1
CRC-32
07da1586
File type
Windows executable
First seen
2013-05-04

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\accept3.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\NSISdl.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\accept.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\1clogo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\inetc3.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\accept2.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\complist.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\accept1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\back_dis.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\decline.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\accept_disabled.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\close.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\back.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\dAg
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\locate.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\nsDialogs.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\skip.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\side.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\load_0.bmp
Registry Keys Created
  • HKCR\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    id0
    05052013
  • HKCU\Software\1ClickDownload
    LastInstall3
    30296353
HTTP Requests
  • http://data.torntv.net/country.asp
  • http://torntvz.com/ping.php
  • http://torntvz.net/ping.php
DNS Requests
  • data.torntv.net
  • torntvz.com
  • torntvz.net

Example 3

File Information

Size
341K
SHA-1
3b593d6cf68828cd9c48b61c37884a6cbfdbc57c
MD5
28c8199e8196d1cd5556c3c321e38d17
CRC-32
f549ac7b
File type
Windows executable
First seen
2013-07-30

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\accept.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\load_4.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\accept2.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\inetc3.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\1clogo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\accept3.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\accept_disabled.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\back_dis.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\dAg
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\back.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\complist.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\decline.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\close.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\locate.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\nsDialogs.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\NSISdl.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\side.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\skip.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\accept1.bmp
Registry Keys Created
  • HKCU\Software\1ClickDownload
    LastInstall3
    30313822
  • HKCR\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    id0
    30072013
HTTP Requests
  • http://data.torntv.net/country.asp
  • http://torntvz.com/ping.php
  • http://torntvz.net/ping.php
DNS Requests
  • data.torntv.net
  • torntvz.com
  • torntvz.net

download Essayez les produits Sophos gratuitement
Téléchargez maintenant