MultiPlug

Catégorie: Adwares et PUA Protection disponible depuis:09 oct. 2013 12:19:29 (GMT)
Type: Adware Dernière mise à jour :12 déc. 2014 02:07:32 (GMT)

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

Examples of MultiPlug include:

Example 1

File Information

Size
1.5M
SHA-1
00003316482c3e25ba6d59c1555131421204c499
MD5
488120011aaf4d6686cb486e79624349
CRC-32
8bcbd0e2
File type
Windows executable
First seen
2007-08-27

Runtime Analysis

Dropped Files
  • C:\Documents and Settings\All Users\Application Data\5d5d60c3d6235bf2\{C1A27135-69EB-8D44-7358-34727DD7B820}
  • C:\Documents and Settings\All Users\Application Data\DoWNLoaD, keeper\AYlFVw68.dat
  • c:\Documents and Settings\test user\AppData\LocalLow\{2FB6CC18-5C3E-A17E-2DB7-34B250599632}\DoWNLoaD, keeper.2.7.dat
  • C:\Program Files\DoWNLoaD, keeper\0k5uDnR.dat
  • C:\Program Files\DoWNLoaD, keeper\0k5uDnR.x64.dll
  • C:\Documents and Settings\All Users\Application Data\DoWNLoaD, keeper\AYlFVw68.exe
  • C:\Program Files\DoWNLoaD, keeper\0k5uDnR.tlb
  • C:\Program Files\DoWNLoaD, keeper\0k5uDnR.dll
    Size
    417K
    SHA-1
    86c7cf982e18ca23f8ef30718417903dc010b00a
    MD5
    aabcede5b824bd00717350b6b7474c46
    CRC-32
    5b50655c
    File type
    Windows executable
    First seen
    2013-12-03
Registry Keys Created
  • HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib
    Version
    1.0
  • HKCR\KeePeer\CLSID
    (Default)
    {2FB6CC18-5C3E-A17E-2DB7-34B250599632}
  • HKCR\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    (Default)
    ILocalStorage
  • HKCR\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib
    Version
    1.0
  • HKCR\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    (Default)
    IRegistry
  • HKCR\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\KeePeer\CurVer
    (Default)
    DDOwnLooaada KeePeer.1.6
  • HKCR\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
    {2FB6CC18-5C3E-A17E-2DB7-34B250599632}
    1
  • HKCR\CLSID\{2FB6CC18-5C3E-A17E-2DB7-34B250599632}\InprocServer32
    ThreadingModel
    Apartment
  • HKCR\KeePeer
    (Default)
    DoWNLoaD, keeper
  • HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32
    (Default)
    C:\Program Files\DoWNLoaD, keeper\0k5uDnR.tlb
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1A27135-69EB-8D44-7358-34727DD7B820}
    _In
    20131207
  • HKCR\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\CLSID\{2FB6CC18-5C3E-A17E-2DB7-34B250599632}
    (Default)
    DoWNLoaD, keeper
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2FB6CC18-5C3E-A17E-2DB7-34B250599632}
    NoExplorer
    0x00000001
  • HKCR\CLSID\{2FB6CC18-5C3E-A17E-2DB7-34B250599632}\ProgID
    (Default)
    DDOwnLooaada KeePeer.1.6
  • HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0
    (Default)
    IEPluginLib
  • HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS
    (Default)
  • HKCR\KeePeer.1.6\CLSID
    (Default)
    {2FB6CC18-5C3E-A17E-2DB7-34B250599632}
  • HKCR\KeePeer.1.6
    (Default)
    DoWNLoaD, keeper
  • HKCR\CLSID\{2FB6CC18-5C3E-A17E-2DB7-34B250599632}\VersionIndependentProgID
    (Default)
    DDOwnLooaada KeePeer
  • HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR
    (Default)
    C:\Program Files\DoWNLoaD, keeper
  • HKCU\Software\RegisteredApplicationsEx
    4b58cf866f1c57a54a7e1e93674e349f
    1□□□
  • HKCR\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\TypeLib
    Version
    1.0
  • HKCR\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    (Default)
    IIEPluginMain
Processes Created
  • c:\docume~1\support\locals~1\temp\3c612fff\aylfvw68.exe
  • c:\windows\system32\regsvr32.exe

Example 2

File Information

Size
704K
SHA-1
00003e3910362dd635470c2ecd8ff8f733a85a16
MD5
f797a822d7c6d379122db88cdbc673b4
CRC-32
0a996631
File type
Windows executable
First seen
2014-08-22

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\sho\images\progressbar.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\sho\steps\1.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\sho\images\loader.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\sho\steps\2_0.ini
Registry Keys Created
  • HKCR\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\TypeLib
    Version
    1.0
  • HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\LocalServer32
    ServerExecutable
    c:\test_item.exe
  • HKCU_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\Version
    (Default)
    1.0
  • HKCR\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\FLAGS
    (Default)
  • HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\TypeLib
    (Default)
    {7E77E9F2-D76B-4D54-B515-9A7F93DF03DF}
  • HKCR\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0
    (Default)
    JSIELib
  • HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\Version
    (Default)
    1.0
  • HKCR\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\0\win32
    (Default)
    c:\test_item.exe
  • HKCU_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\TypeLib
    (Default)
    {7E77E9F2-D76B-4D54-B515-9A7F93DF03DF}
  • HKCU\Software\WebApp\Styles
    MaxScriptStatements
    0xffffffff
  • HKCR\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
    (Default)
    ITinyJSObject
  • HKCR\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\HELPDIR
    (Default)
    c:
  • HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
    (Default)
    TinyJSObject Class
  • HKCU_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
    (Default)
    TinyJSObject Class
  • HKCU_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\LocalServer32
    ServerExecutable
    c:\test_item.exe
HTTP Requests
  • http://c1.epicbookallguard.net/
  • http://i1.nicedataget.com/images/next.png
  • http://i1.nicedataget.com/images/sidebar.jpg
  • http://i1.nicedataget.com/images/titlebar.png
DNS Requests
  • c1.epicbookallguard.net
  • i1.nicedataget.com
  • r1.sunusadirall.net

Example 3

File Information

Size
704K
SHA-1
000071aa75a3de37b2afa9f7008b524ea5151816
MD5
2b50fe057ccd9a6012943928107f195a
CRC-32
a6ae7701
File type
Windows executable
First seen
2014-04-28

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\sm0\images\loader.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\sm0\images\progressbar.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\sm0\steps\1.ini
Registry Keys Created
  • HKCU_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\Version
    (Default)
    1.0
  • HKCR\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
    (Default)
    ITinyJSObject
  • HKCR\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\0\win32
    (Default)
    c:\test_item.exe
  • HKCR\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\Version
    (Default)
    1.0
  • HKCR\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\TypeLib
    Version
    1.0
  • HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\LocalServer32
    ServerExecutable
    c:\test_item.exe
  • HKCU_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\TypeLib
    (Default)
    {7E77E9F2-D76B-4D54-B515-9A7F93DF03DF}
  • HKCR\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0
    (Default)
    JSIELib
  • HKCR\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\FLAGS
    (Default)
  • HKCU_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
    (Default)
    TinyJSObject Class
  • HKCU\Software\WebApp\Styles
    MaxScriptStatements
    0xffffffff
  • HKCU_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\LocalServer32
    ServerExecutable
    c:\test_item.exe
  • HKCR\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\HELPDIR
    (Default)
    c:
  • HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
    (Default)
    TinyJSObject Class
  • HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\TypeLib
    (Default)
    {7E77E9F2-D76B-4D54-B515-9A7F93DF03DF}
HTTP Requests
  • http://c1.epicbookallguard.net/
DNS Requests
  • c1.epicbookallguard.net
  • r1.sunusadirall.net

download Essayez les produits Sophos gratuitement
Téléchargez maintenant