FT Downloader

Catégorie: Adwares et PUA Protection disponible depuis:15 avr. 2013 22:51:32 (GMT)
Type: Unspecified PUA Dernière mise à jour :11 avr. 2014 21:25:11 (GMT)

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

FT Downloader is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of FT Downloader include:

Example 1

File Information

Size
311K
SHA-1
31804b9cb22c91d67764e234bb63650a40c152c9
MD5
fef01f4a6a46dd42a0c5147bbc1fe5f1
CRC-32
07da1586
File type
Windows executable
First seen
2013-05-04

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\accept3.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\side.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\accept_disabled.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\load_0.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\complist.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\back.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\locate.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\dAg
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\accept.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\accept1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\accept2.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\nsDialogs.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\decline.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\skip.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\NSISdl.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\1clogo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\inetc3.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\close.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nst4.tmp\back_dis.bmp
Registry Keys Created
  • HKCU\Software\1ClickDownload
    LastInstall3
    30296353
  • HKCR\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    id0
    05052013
HTTP Requests
  • http://data.torntv.net/country.asp
  • http://torntvz.com/ping.php
  • http://torntvz.net/ping.php
DNS Requests
  • data.torntv.net
  • torntvz.com
  • torntvz.net

Example 2

File Information

Size
341K
SHA-1
3b593d6cf68828cd9c48b61c37884a6cbfdbc57c
MD5
28c8199e8196d1cd5556c3c321e38d17
CRC-32
f549ac7b
File type
Windows executable
First seen
2013-07-30

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\accept2.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\1clogo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\accept3.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\accept.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\NSISdl.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\back.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\skip.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\decline.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\nsDialogs.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\dAg
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\inetc3.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\back_dis.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\accept_disabled.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\accept1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\locate.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\close.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\side.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\load_4.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\complist.txt
Registry Keys Created
  • HKCU\Software\1ClickDownload
    LastInstall3
    30313822
  • HKCR\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    id0
    30072013
HTTP Requests
  • http://data.torntv.net/country.asp
  • http://torntvz.com/ping.php
  • http://torntvz.net/ping.php
DNS Requests
  • data.torntv.net
  • torntvz.com
  • torntvz.net

Example 3

File Information

Size
262K
SHA-1
4986d2c450599eac07d3c81a0fd1efc3d45f483e
MD5
048dd480678aa564c0c2ac280d20716f
CRC-32
2e34f6ed
File type
Windows executable
First seen
2007-07-22

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\bab_on.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\box.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\stvheader2.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\locate.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\dAg
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\x.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\nsDialogs.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\bab_off.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\skip.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\1clogo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\accept2.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\decline.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\accept3.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\accept.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsc4.tmp\accept1.bmp
Registry Keys Created
  • HKCU\Software\1ClickDownload
    LastInstall3
    30291827

download Essayez les produits Sophos gratuitement
Téléchargez maintenant