InstallQ

Catégorie: Adwares et PUA Protection disponible depuis:02 nov. 2012 23:12:57 (GMT)
Type: Unspecified PUA Dernière mise à jour :14 févr. 2014 21:40:37 (GMT)

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

InstallQ is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of InstallQ include:

Example 1

File Information

Size
1.5M
SHA-1
0003825101823f3a331a4aa79deaee15605b9593
MD5
ce2d52489259045a451c6e70d820c525
CRC-32
3f450b18
File type
Windows executable
First seen
2012-06-08

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\ie9_dl_disc.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\disclosure.iq.iqu_legalbox2\ico_check.png
  • c:\Documents and Settings\test user\Local Settings\Temp\APNLogs\ic.log
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_iq_ui_progress.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_close.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_iq_ui_installcart.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\disclosure.iq.ty_icon_v2.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\disclosure.download.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\resource.disclosure.iq.ty_icon_v2.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\APN-Stub\Stbb7413c87-f1ee-4ebb-b6c8-9fab7117f9c3.log
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\ico_installiq.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\js\installiq.js
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6
  • c:\Documents and Settings\test user\Local Settings\Temp\SymCCIS_CheckCriteria.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\ico_legalmark.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\ping.dat
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\SymCCIS.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\stub.log
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX7.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\VGXC.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX8.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\timings.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\VGXA.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\welcomestats.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX2.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\SymCCIS.zip
  • c:\Documents and Settings\test user\Local Settings\Temp\SCCLog.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX6.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX5.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\resource.disclosure.iq.drivergenius_r2_v1.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\product.iq.freefileviewer_r1_v2.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX4.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\sample.log
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\wrapper.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\view.welcome.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\product.iq.freefileviewer_r1_v2\bg_freefileviewer.png
  • c:\Documents and Settings\test user\Local Settings\Temp\VGXB.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX9.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX3.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\resource.disclosure.iq.savingsapp_v1_txtenhance.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\ico_cart.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\AskTB\asktbdet.zip
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_iq_ui_header_l.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\js\DD_belatedPNG_0.0.8a-min.js
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_install_roundbottom.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_install_top.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_installcartcount.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\disclosure.iq.savingsapp_v1_txtenhance\bg_savingsapp.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_install_tab.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\detectionrules.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_installcart_items_ul.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\autorun.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\accept_msg.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_iq_ui_steptitle_blue.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\accept_pop.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\js\jquery-1.4.2.min.js
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\disclosure.iq.savingsapp_v1_txtenhance.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_min.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_progress_holder.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_installcart_items.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\ie9_dl_disc_single.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\disclosure.cancel.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\img_progressbar_bg.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_iq_ui_wrap.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_installcartcount_active.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e.xsl
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\disclosure.browseroptions.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\btn_addons.png
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\disclosure.iq.iqu_legalbox2.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\product.iq.freefileviewer_r1_v2\tn_FreeFileViewer_new.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_installcartactive.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\disclosure.iq.drivergenius_r2_v1.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\img_progressbar_top.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\resource.product.iq.freefileviewer_r1_v2.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\btn_medium.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\AskTB\ApnStub.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_iq_ui_installcart.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\resource.installiq_v2e.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\ico_cart_active.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\resource.disclosure.iq.iqu_legalbox2.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\AskTB\ApnIC.dll
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\ico_help.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_progress_softwarecount.png
Modified Files
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    test_item.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012060820120609
    CacheRepair
    0x00000000
  • HKCU\Software\Ask.com.tmp\Installer
    repurl
    http://img.apnanalytics.com/images/nocache/apn/tr.gif?ev=eichk&p2=^A8P^YYYYYY^YY^BG&encb={incbid}&chk={ic_chk}&ts={random}&guid=
  • HKLM\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
    Name
    test_item.exe
  • HKCU\Software\Ask.com.tmp\Macro
    to
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012052820120604
    CacheRepair
    0x00000000
  • HKCU\Software\Ask.com.tmp\General
    wft
    local
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    ID
    0x4fc5405c
Processes Created
  • c:\docume~1\support\locals~1\temp\pkg_ae153b70\asktb\apnstub.exe
HTTP Requests
  • http://crl.verisign.com/pca3-g5.crl
  • http://crl.verisign.com/pca3.crl
  • http://csc3-2010-crl.verisign.com/CSC3-2010.crl
  • http://dl.installiq.com/api/detectionrequest.aspx
  • http://dl.installiq.com/ping/installping.aspx
  • http://dl6.iq7download.com/disclosures/offers/disclosure.iq.drivergenius_r2_v1.zip
  • http://dl6.iq7download.com/disclosures/offers/disclosure.iq.iqu_legalbox2.zip
  • http://dl6.iq7download.com/disclosures/offers/disclosure.iq.savingsapp_v1_txtenhance.zip
  • http://dl6.iq7download.com/disclosures/offers/disclosure.iq.ty_icon_v2.zip
  • http://dl6.iq7download.com/disclosures/products/product.iq.freefileviewer_r1_v2.zip
  • http://dl6.iq7download.com/lm/bundles/ask/ask_detection.zip
  • http://dl6.iq7download.com/templates/installiq_v2e.zip
  • http://img.apnanalytics.com/images/nocache/apn/tr.gif
  • http://installer.freeze.com/initialization_screen/images/TRUSTe_logo_skinny.png
  • http://installer.freeze.com/initialization_screen/index_skinny.html
  • http://liveupdate.symantecliveupdate.com/upgrade/NSS/SymCCIS/Production/SCC/w3i/SCC.config.txt
  • http://liveupdate.symantecliveupdate.com/upgrade/NSS/SymCCIS/Production/SCC/w3i/SCC.dll
  • http://stats.norton.com/n/p
  • http://websearch.ask.com/installed
DNS Requests
  • crl.verisign.com
  • csc3-2010-crl.verisign.com
  • dl.installiq.com
  • dl6.iq7download.com
  • img.apnanalytics.com
  • installer.freeze.com
  • liveupdate.symantecliveupdate.com
  • stats.norton.com
  • websearch.ask.com

Example 2

File Information

Size
1.6M
SHA-1
0005430ae32f801418b9e47108559fc7ee309442
MD5
01bf568d39fb0aece18ea0e7f6aa4244
CRC-32
70b7d7fb
File type
Windows executable
First seen
2007-06-11

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\ico_cart.png
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX8.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\VGXA.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX6.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX4.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\SymCCIS_CheckCriteria.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\welcomestats.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX5.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX3.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\wrapper.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\view.welcome.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\VGXB.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\stub.log
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\sample.log
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\resource.installiq_v2_wallpapers.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\resource.disclosure.iq.ty_icon_v2.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\resource.disclosure.iq.saturationtoolbar_suite.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\product.iq.astronomy.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\product.iq.astronomy\astronomy_new.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\SymCCIS.zip
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\ie9_dl_disc.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\ie9_dl_disc_single.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\img_progressbar_top.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_iq_ui_installcart.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_iq_ui_header.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\ico_legalmark.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\ico_cart_active.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_iq_ui_progress.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_iq_ui_wrap.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\js\jquery-1.4.2.min.js
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_progress_holder.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_iq_ui_header_l.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_install_top.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\btn_medium.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\ico_help.png
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\btn_addons.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_installcart_items.png
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_iq_ui_buttons.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_install_tab.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_installcart_items_ul.png
  • c:\Documents and Settings\test user\Local Settings\Temp\APN-Stub\Stb9689af0e-e674-474a-9477-c7b4979ffd6c.log
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\AskTB\ApnStub.exe
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_install_roundbottom.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_installcartcount_active.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_installcartcount.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\disclosure.download.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_min.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_close.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\detectionrules.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\disclosure.cancel.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\js\DD_belatedPNG_0.0.8a-min.js
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\disclosure.iq.drivergenius_r2_v1.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_installcartactive.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\accept_msg.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\disclosure.iq.saturationtoolbar_suite\saturationtoolbar_bg.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX9.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\accept_pop.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX7.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX2.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\timings.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\VGXC.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\resource.disclosure.iq.drivergenius_r2_v1.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\resource.product.iq.astronomy.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers.xsl
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\img_progressbar_bg.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_iq_ui_header.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\ico_installiq.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_progress_softwarecount.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\js\installiq.js
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_iq_ui_installcart.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\autorun.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\disclosure.iq.ty_icon_v2.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\ping.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\SymCCIS.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\AskTB\asktbdet.zip
  • c:\Documents and Settings\test user\Local Settings\Temp\APNLogs\ic.log
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\disclosure.browseroptions.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\AskTB\ApnIC.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_iq_ui_steptitle.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\disclosure.iq.saturationtoolbar_suite.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_iq_ui_container.png
Modified Files
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012091420120915
    CacheRepair
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
    Name
    test_item.exe
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    test_item.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    ID
    0x504def0a
Processes Created
  • c:\docume~1\support\locals~1\temp\pkg_c18373c70\asktb\apnstub.exe
HTTP Requests
  • http://crl.verisign.com/pca3-g5.crl
  • http://crl.verisign.com/pca3.crl
  • http://csc3-2010-crl.verisign.com/CSC3-2010.crl
  • http://dl.installiq.com/api/detectionrequest.aspx
  • http://dl.installiq.com/ping/installping.aspx
  • http://dl6.iq7download.com/lm/bundles/ask/ask_detection.zip
  • http://dl6.iq8download.com/disclosures/offers/disclosure.iq.drivergenius_r2_v1.zip
  • http://dl6.iq8download.com/disclosures/offers/disclosure.iq.saturationtoolbar_suite.zip
  • http://dl6.iq8download.com/disclosures/offers/disclosure.iq.ty_icon_v2.zip
  • http://dl6.iq8download.com/disclosures/products/product.iq.astronomy.zip
  • http://dl6.iq8download.com/templates/installiq_v2_wallpapers.zip
  • http://img.apnanalytics.com/images/nocache/apn/tr.gif
  • http://liveupdate.symantecliveupdate.com/upgrade/NSS/SymCCIS/Production/SCC/w3i/SCC.dll
  • http://stats.norton.com/n/p
  • http://websearch.ask.com/installed
DNS Requests
  • crl.verisign.com
  • csc3-2010-crl.verisign.com
  • dl.installiq.com
  • dl6.iq7download.com
  • dl6.iq8download.com
  • img.apnanalytics.com
  • liveupdate.symantecliveupdate.com
  • stats.norton.com
  • websearch.ask.com

Example 3

File Information

Size
1.5M
SHA-1
001ad61811252430c54a20553fa3aca9fa98a843
MD5
bf4e065a66f8ba4cccad48ea032ed2cd
CRC-32
dc1a74d1
File type
Windows executable
First seen
2007-05-02

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\disclosure.iq.iqu_legalbox2\ico_check.png
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX4.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_min.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_installcartcount_active.png
  • c:\Documents and Settings\test user\Local Settings\Temp\VGXC.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\accept_pop.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_iq_ui_progress.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_install_tab.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_iq_ui_header_l.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_iq_ui_installcart.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_progress_holder.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\view.welcome.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\SymCCIS.zip
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX2.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\welcomestats.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_installcart_items_ul.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\img_progressbar_top.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_install_top.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\resource.disclosure.iq.savingsapp_v1_txtenhance.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\stub.log
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\resource.installiq_v2e.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\SymCCIS.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\timings.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\sample.log
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_progress_softwarecount.png
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX3.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\product.iq.miranda\miranda_tn_new1.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\ico_cart.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\ie9_dl_disc_single.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\resource.disclosure.iq.drivergenius_r2_v1.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_installcartcount.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\js\installiq.js
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX9.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\AskTB\ApnStub.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_iq_ui_installcart.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_iq_ui_steptitle_blue.png
  • c:\Documents and Settings\test user\Local Settings\Temp\APN-Stub\Stb649df8f0-a620-4bf7-a67d-b88dfbd1052e.log
  • c:\Documents and Settings\test user\Local Settings\Temp\APNLogs\ic.log
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e.xsl
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\ico_cart_active.png
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\ico_installiq.png
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\disclosure.iq.iqu_legalbox2.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\VGXA.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX5.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\SCCLog.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX6.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX7.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\VGXB.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\accept_msg.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\disclosure.iq.ty_icon_v2.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\AskTB\ApnIC.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\ico_help.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\disclosure.cancel.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\btn_medium.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\detectionrules.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_installcart_items.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_close.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\resource.disclosure.iq.iqu_legalbox2.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\product.iq.miranda\miranda_bg(1_1).jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\disclosure.iq.savingsapp_v1_txtenhance.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\disclosure.browseroptions.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\resource.disclosure.iq.ty_icon_v2.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_installcartactive.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\disclosure.download.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\disclosure.iq.drivergenius_r2_v1.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\autorun.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX8.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\disclosure.iq.savingsapp_v1_txtenhance\bg_savingsapp.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\ico_legalmark.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\wrapper.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\ie9_dl_disc.png
  • c:\Documents and Settings\test user\Local Settings\Temp\SymCCIS_CheckCriteria.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\img_progressbar_bg.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_install_roundbottom.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\btn_addons.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_iq_ui_wrap.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\product.iq.miranda.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\AskTB\asktbdet.zip
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\resource.product.iq.miranda.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\ping.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\js\DD_belatedPNG_0.0.8a-min.js
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\js\jquery-1.4.2.min.js
Modified Files
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    test_item.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012061320120614
    CacheRepair
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012052820120604
    CacheRepair
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
    Name
    test_item.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    ID
    0x4fc5405c
Processes Created
  • c:\docume~1\support\locals~1\temp\pkg_a1d1a3e50\asktb\apnstub.exe
HTTP Requests
  • http://crl.verisign.com/pca3-g5.crl
  • http://crl.verisign.com/pca3.crl
  • http://csc3-2010-crl.verisign.com/CSC3-2010.crl
  • http://dl.installiq.com/api/detectionrequest.aspx
  • http://dl.installiq.com/ping/installping.aspx
  • http://dl6.iq7download.com/disclosures/offers/disclosure.iq.drivergenius_r2_v1.zip
  • http://dl6.iq7download.com/disclosures/offers/disclosure.iq.iqu_legalbox2.zip
  • http://dl6.iq7download.com/disclosures/offers/disclosure.iq.savingsapp_v1_txtenhance.zip
  • http://dl6.iq7download.com/disclosures/offers/disclosure.iq.ty_icon_v2.zip
  • http://dl6.iq7download.com/disclosures/products/product.iq.miranda.zip
  • http://dl6.iq7download.com/lm/bundles/ask/ask_detection.zip
  • http://dl6.iq7download.com/templates/installiq_v2e.zip
  • http://img.apnanalytics.com/images/nocache/apn/tr.gif
  • http://installer.freeze.com/initialization_screen/images/TRUSTe_logo_skinny.png
  • http://installer.freeze.com/initialization_screen/index_skinny.html
  • http://liveupdate.symantecliveupdate.com/upgrade/NSS/SymCCIS/Production/SCC/w3i/SCC.config.txt
  • http://liveupdate.symantecliveupdate.com/upgrade/NSS/SymCCIS/Production/SCC/w3i/SCC.dll
  • http://stats.norton.com/n/p
  • http://websearch.ask.com/installed
DNS Requests
  • crl.verisign.com
  • csc3-2010-crl.verisign.com
  • dl.installiq.com
  • dl6.iq7download.com
  • img.apnanalytics.com
  • installer.freeze.com
  • liveupdate.symantecliveupdate.com
  • stats.norton.com
  • websearch.ask.com

download Essayez les produits Sophos gratuitement
Téléchargez maintenant