Goodware Installer

Categoria: Adware e PUA Opzioni di protezione ora disponibili:03 ott 2013 11:58:20 (GMT)
Tipo: Adware Ultimo aggiornamento:03 ott 2013 11:58:20 (GMT)

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Examples of Goodware Installer include:

Example 1

File Information

Size
198K
SHA-1
712252cf20918cf3dfa8e24b0a3364a2590e936d
MD5
94716bd904d6017e42ab173783ad37c7
CRC-32
40a14d52
File type
Windows executable
First seen
2013-09-18

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr3.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr3.tmp\ginetc.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\d080813C\20130918220629.exe
    Size
    496K
    SHA-1
    c2652859a4a16c4b1d2837b46d226144d3f3ed35
    MD5
    2ebf6ae43bd377b9e2594e2e6d24709d
    CRC-32
    8ee6e924
    File type
    Windows executable
    First seen
    2007-08-18
HTTP Requests
  • http://smart.gmtrack.com/public/smartinstaller/smartinstaller.gpp
DNS Requests
  • smart.gmtrack.com

Example 2

File Information

Size
198K
SHA-1
b307d57488f08a10cc42a5160074d99ad435c720
MD5
1719fe82dac292bb0973c417d6215e89
CRC-32
bfbc1dde
File type
Windows executable
First seen
2013-10-01

Example 3

File Information

Size
222K
SHA-1
b4649133ac1e98b65ea17705b908e3c989bb091f
MD5
05ae82d40c345f80b983611d5ca238d3
CRC-32
88fcac6d
File type
Windows executable
First seen
2013-07-21

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\242821\public\installerconfiguration\3.bmp
    Size
    83K
    SHA-1
    4c4f3c044e6d7527fd0239ee212c92a70a71f597
    MD5
    3241a3f8dffb82faf37f102898fc437f
    CRC-32
    f1a1ada4
    File type
    Device-independent bitmap (DIB) file
    First seen
    2013-10-01
  • c:\Documents and Settings\test user\Local Settings\Temp\242821\smart.ini
    Size
    4.6K
    SHA-1
    ea3fda16c4025cbca7712f1abd60f484ca3451f9
    MD5
    39822ee094bf26908ee311d10f39d916
    CRC-32
    f816279a
    File type
    application/octet-stream
    First seen
    2013-10-01
  • c:\Documents and Settings\test user\Local Settings\Temp\242821\public\componentimage\770.bmp
    Size
    167K
    SHA-1
    bc096f8ad295923d50c911f4bcc93dba62b20d5a
    MD5
    b0f3fe8fcb667d7cd138ebbc0f6489e6
    CRC-32
    e3006b42
    File type
    Device-independent bitmap (DIB) file
    First seen
    2013-09-06
  • c:\Documents and Settings\test user\Local Settings\Temp\242821\20131001192031.exe
    Size
    496K
    SHA-1
    c2652859a4a16c4b1d2837b46d226144d3f3ed35
    MD5
    2ebf6ae43bd377b9e2594e2e6d24709d
    CRC-32
    8ee6e924
    File type
    Windows executable
    First seen
    2007-08-18
  • c:\Documents and Settings\test user\Local Settings\Temp\setup__118.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\amitest.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\amipixel.cfg
    Size
    101
    SHA-1
    b223ca7c8d739fbef85cf87f9ea4339427ff54a9
    MD5
    74342dc79155a74c4098dda777bdcc5c
    CRC-32
    664a2484
    File type
    Configuration Data File (generic)
    First seen
    2013-08-14
  • c:\Documents and Settings\test user\Local Settings\Temp\nst7.tmp\NSISArray.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\242821\public\componentimage\314.bmp
    Size
    204K
    SHA-1
    f749cae73dbdba2db1831a50d57871d057d9f94f
    MD5
    241108f47a5116a98c3690c6cdff4c8a
    CRC-32
    feeb0388
    File type
    Device-independent bitmap (DIB) file
    First seen
    2013-08-21
  • c:\Documents and Settings\test user\Local Settings\Temp\PreCheckAMWhiteSmoke_118_041713203938.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\components.html
    Size
    14
    SHA-1
    fc3c1ad03c3c62597f8dfc966a0aa75517812753
    MD5
    55c0fff5af7b4e5ea181a59356dd390d
    CRC-32
    dbb1caa3
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-10-01
  • c:\Documents and Settings\test user\Local Settings\Temp\242821\ovh.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\Yahoo_242821_116235.exe
    Size
    198K
    SHA-1
    b307d57488f08a10cc42a5160074d99ad435c720
    MD5
    1719fe82dac292bb0973c417d6215e89
    CRC-32
    bfbc1dde
    File type
    Windows executable
    First seen
    2013-10-01
Registry Keys Created
  • HKCR\AmiBs.Installer.1\CLSID
    (Default)
    {A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}
  • HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}\1.0\HELPDIR
    (Default)
    C:\DOCUME~1\support\LOCALS~1\Temp
  • HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\VersionIndependentProgID
    (Default)
    AmiBs.Installer
  • HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\ProgID
    (Default)
    AmiBs.Installer.1
  • HKCR\AmiBs.Installer
    (Default)
    Installer Class
  • HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\TypeLib
    (Default)
    {1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}
  • HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}\1.0\FLAGS
    (Default)
  • HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
    (Default)
    IBoot
  • HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\Version
    (Default)
    1.0
  • HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}\1.0\0\win32
    (Default)
    C:\DOCUME~1\support\LOCALS~1\Temp\setup__118.exe
  • HKCR\AmiBs.Installer\CurVer
    (Default)
    AmiBs.Installer.1
  • HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}
    (Default)
    Installer Class
  • HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\LocalServer32
    ServerExecutable
    C:\DOCUME~1\support\LOCALS~1\Temp\setup__118.exe
  • HKCR\AmiBs.Installer.1
    (Default)
    Installer Class
  • HKLM\SOFTWARE\Microsoft\ESENT\Process\setup__118\DEBUG
    Trace Level
  • HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}\1.0
    (Default)
    InstallerLib
  • HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\TypeLib
    Version
    1.0
Processes Created
  • c:\docume~1\support\locals~1\temp\242821\20131001192031.exe
  • c:\docume~1\support\locals~1\temp\242821\7za.exe
  • c:\docume~1\support\locals~1\temp\nst7.tmp\ns8.tmp
  • c:\docume~1\support\locals~1\temp\precheckamwhitesmoke_118_041713203938.exe
  • c:\docume~1\support\locals~1\temp\yahoo_242821_116235.exe
HTTP Requests
  • http://cdn.download.sweetpacks.com/simsdm/bing/Agent/BundleSweetIMSetup.exe
  • http://cdn1.reallydownload.com/amipb.js
  • http://i.gmtrack.com/campaignsettings/thankyoupageurl
  • http://s.dfast.us/PreCheckAMWhiteSmoke_118_041713203938.exe
  • http://s.dfast.us/am_whitesmoke__118.gup
  • http://s.dfast.us/sono_smart_sweetim_bing_090513232306.gpp
  • http://s.downloadnow2.com/PreCheckAMWhiteSmoke_118_041713203938.exe
  • http://s.downloadnow2.com/am_whitesmoke__118.gup
  • http://s.downloadnow2.com/sono_smart_sweetim_bing_090513232306.gpp
  • http://smart.gmtrack.com/campaign/getconfiguration
  • http://smart.gmtrack.com/precheck/precheck/
  • http://smart.gmtrack.com/public/installer/3.zip
  • http://smart.gmtrack.com/public/smartinstaller/smartinstaller.gpp
DNS Requests
  • cdn.download.sweetpacks.com
  • cdn1.reallydownload.com
  • i.gmtrack.com
  • s.dfast.us
  • s.downloadnow2.com
  • smart.gmtrack.com
  • www.amonitizer.com

scarica Prova gratuita dei prodotti Sophos
Scarica subito