InstallQ

Categoria: Adware e PUA Opzioni di protezione ora disponibili:02 nov 2012 23:12:57 (GMT)
Tipo: Unspecified PUA Ultimo aggiornamento:09 ott 2014 22:35:02 (GMT)

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

InstallQ is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of InstallQ include:

Example 1

File Information

Size
1.5M
SHA-1
0003825101823f3a331a4aa79deaee15605b9593
MD5
ce2d52489259045a451c6e70d820c525
CRC-32
3f450b18
File type
Windows executable
First seen
2012-06-08

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e.xsl
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_installcartcount.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\stub.log
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX7.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_install_tab.png
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\js\jquery-1.4.2.min.js
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\ping.dat
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F
  • c:\Documents and Settings\test user\Local Settings\Temp\APN-Stub\Stbb7413c87-f1ee-4ebb-b6c8-9fab7117f9c3.log
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F
  • c:\Documents and Settings\test user\Local Settings\Temp\VGXB.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX3.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\AskTB\ApnIC.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\ie9_dl_disc_single.png
  • c:\Documents and Settings\test user\Local Settings\Temp\APNLogs\ic.log
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\ico_help.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\AskTB\ApnStub.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\btn_addons.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\btn_medium.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\AskTB\asktbdet.zip
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_installcartcount_active.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\autorun.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\disclosure.download.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\disclosure.iq.drivergenius_r2_v1.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\sample.log
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_installcart_items.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\js\installiq.js
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\disclosure.iq.savingsapp_v1_txtenhance\bg_savingsapp.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\disclosure.iq.iqu_legalbox2\ico_check.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_iq_ui_steptitle_blue.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\disclosure.iq.savingsapp_v1_txtenhance.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\welcomestats.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\disclosure.browseroptions.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\disclosure.iq.ty_icon_v2.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_install_top.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\disclosure.cancel.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_installcart_items_ul.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\detectionrules.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_install_roundbottom.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\disclosure.iq.iqu_legalbox2.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\ico_legalmark.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_min.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_iq_ui_installcart.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\ie9_dl_disc.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\product.iq.freefileviewer_r1_v2\tn_FreeFileViewer_new.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_progress_softwarecount.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\resource.product.iq.freefileviewer_r1_v2.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\accept_msg.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_progress_holder.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_iq_ui_header_l.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_close.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\ico_cart_active.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\resource.disclosure.iq.iqu_legalbox2.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\accept_pop.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_installcartactive.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_iq_ui_installcart.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_iq_ui_wrap.png
  • c:\Documents and Settings\test user\Local Settings\Temp\VGXA.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\product.iq.freefileviewer_r1_v2.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\img_progressbar_bg.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\ico_cart.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\resource.disclosure.iq.drivergenius_r2_v1.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\bg_iq_ui_progress.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\SymCCIS.zip
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\resource.installiq_v2e.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\resource.disclosure.iq.ty_icon_v2.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\ico_installiq.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\timings.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\product.iq.freefileviewer_r1_v2\bg_freefileviewer.png
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX6.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\SCCLog.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX9.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\template_skin\img_progressbar_top.png
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX4.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\resource.disclosure.iq.savingsapp_v1_txtenhance.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX5.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\view.welcome.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\SymCCIS.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\SymCCIS_CheckCriteria.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\wrapper.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX2.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX8.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\VGXC.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_ae153b70\installiq_v2e\js\DD_belatedPNG_0.0.8a-min.js
Modified Files
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
Registry Keys Created
  • HKCU\Software\Ask.com.tmp\General
    wft
    local
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    test_item.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012060820120609
    CacheRepair
    0x00000000
  • HKCU\Software\Ask.com.tmp\Installer
    repurl
    http://img.apnanalytics.com/images/nocache/apn/tr.gif?ev=eichk&p2=^A8P^YYYYYY^YY^BG&encb={incbid}&chk={ic_chk}&ts={random}&guid=
  • HKLM\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
    Name
    test_item.exe
  • HKCU\Software\Ask.com.tmp\Macro
    to
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012052820120604
    CacheRepair
    0x00000000
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    ID
    0x4fc5405c
Processes Created
  • c:\docume~1\support\locals~1\temp\pkg_ae153b70\asktb\apnstub.exe
HTTP Requests
  • http://crl.verisign.com/pca3-g5.crl
  • http://crl.verisign.com/pca3.crl
  • http://csc3-2010-crl.verisign.com/CSC3-2010.crl
  • http://dl.installiq.com/api/detectionrequest.aspx
  • http://dl.installiq.com/ping/installping.aspx
  • http://dl6.iq7download.com/disclosures/offers/disclosure.iq.drivergenius_r2_v1.zip
  • http://dl6.iq7download.com/disclosures/offers/disclosure.iq.iqu_legalbox2.zip
  • http://dl6.iq7download.com/disclosures/offers/disclosure.iq.savingsapp_v1_txtenhance.zip
  • http://dl6.iq7download.com/disclosures/offers/disclosure.iq.ty_icon_v2.zip
  • http://dl6.iq7download.com/disclosures/products/product.iq.freefileviewer_r1_v2.zip
  • http://dl6.iq7download.com/lm/bundles/ask/ask_detection.zip
  • http://dl6.iq7download.com/templates/installiq_v2e.zip
  • http://img.apnanalytics.com/images/nocache/apn/tr.gif
  • http://installer.freeze.com/initialization_screen/images/TRUSTe_logo_skinny.png
  • http://installer.freeze.com/initialization_screen/index_skinny.html
  • http://liveupdate.symantecliveupdate.com/upgrade/NSS/SymCCIS/Production/SCC/w3i/SCC.config.txt
  • http://liveupdate.symantecliveupdate.com/upgrade/NSS/SymCCIS/Production/SCC/w3i/SCC.dll
  • http://stats.norton.com/n/p
  • http://websearch.ask.com/installed
DNS Requests
  • crl.verisign.com
  • csc3-2010-crl.verisign.com
  • dl.installiq.com
  • dl6.iq7download.com
  • img.apnanalytics.com
  • installer.freeze.com
  • liveupdate.symantecliveupdate.com
  • stats.norton.com
  • websearch.ask.com

Example 2

File Information

Size
1.6M
SHA-1
0005430ae32f801418b9e47108559fc7ee309442
MD5
01bf568d39fb0aece18ea0e7f6aa4244
CRC-32
70b7d7fb
File type
Windows executable
First seen
2007-06-11

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_iq_ui_progress.png
  • c:\Documents and Settings\test user\Local Settings\Temp\VGXA.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\accept_msg.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\disclosure.iq.drivergenius_r2_v1.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\welcomestats.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\APNLogs\ic.log
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_iq_ui_installcart.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_close.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_iq_ui_header.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\AskTB\ApnIC.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_iq_ui_buttons.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\ie9_dl_disc_single.png
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\js\DD_belatedPNG_0.0.8a-min.js
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\disclosure.cancel.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\APN-Stub\Stb9689af0e-e674-474a-9477-c7b4979ffd6c.log
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\AskTB\ApnStub.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\timings.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_installcartactive.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_install_tab.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_install_roundbottom.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_iq_ui_steptitle.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\ico_cart_active.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\AskTB\asktbdet.zip
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\js\installiq.js
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\product.iq.astronomy\astronomy_new.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\resource.product.iq.astronomy.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\disclosure.download.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_installcartcount_active.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\disclosure.iq.saturationtoolbar_suite.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\ico_installiq.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\detectionrules.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\disclosure.iq.ty_icon_v2.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_progress_softwarecount.png
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX9.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX7.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX6.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\wrapper.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX8.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\stub.log
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\img_progressbar_bg.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers.xsl
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX4.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\resource.installiq_v2_wallpapers.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX2.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX5.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\btn_addons.png
  • c:\Documents and Settings\test user\Local Settings\Temp\SymCCIS_CheckCriteria.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_iq_ui_wrap.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\product.iq.astronomy.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\resource.disclosure.iq.drivergenius_r2_v1.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_iq_ui_header_l.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\view.welcome.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_install_top.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_installcart_items_ul.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\sample.log
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_progress_holder.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\js\jquery-1.4.2.min.js
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\resource.disclosure.iq.saturationtoolbar_suite.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\ie9_dl_disc.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_min.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\SymCCIS.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\VGXC.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\VGXB.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_iq_ui_header.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_iq_ui_installcart.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\accept_pop.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_installcartcount.png
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\ico_help.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\btn_medium.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\SymCCIS.zip
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\resource.disclosure.iq.ty_icon_v2.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\img_progressbar_top.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\ico_cart.png
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX3.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_installcart_items.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\bg_iq_ui_container.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\ping.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\template_skin\ico_legalmark.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\disclosure.iq.saturationtoolbar_suite\saturationtoolbar_bg.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\autorun.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_c18373c70\installiq_v2_wallpapers\disclosure.browseroptions.xml
Modified Files
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    test_item.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012091420120915
    CacheRepair
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
    Name
    test_item.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    ID
    0x504def0a
Processes Created
  • c:\docume~1\support\locals~1\temp\pkg_c18373c70\asktb\apnstub.exe
HTTP Requests
  • http://crl.verisign.com/pca3-g5.crl
  • http://crl.verisign.com/pca3.crl
  • http://csc3-2010-crl.verisign.com/CSC3-2010.crl
  • http://dl.installiq.com/api/detectionrequest.aspx
  • http://dl.installiq.com/ping/installping.aspx
  • http://dl6.iq7download.com/lm/bundles/ask/ask_detection.zip
  • http://dl6.iq8download.com/disclosures/offers/disclosure.iq.drivergenius_r2_v1.zip
  • http://dl6.iq8download.com/disclosures/offers/disclosure.iq.saturationtoolbar_suite.zip
  • http://dl6.iq8download.com/disclosures/offers/disclosure.iq.ty_icon_v2.zip
  • http://dl6.iq8download.com/disclosures/products/product.iq.astronomy.zip
  • http://dl6.iq8download.com/templates/installiq_v2_wallpapers.zip
  • http://img.apnanalytics.com/images/nocache/apn/tr.gif
  • http://liveupdate.symantecliveupdate.com/upgrade/NSS/SymCCIS/Production/SCC/w3i/SCC.dll
  • http://stats.norton.com/n/p
  • http://websearch.ask.com/installed
DNS Requests
  • crl.verisign.com
  • csc3-2010-crl.verisign.com
  • dl.installiq.com
  • dl6.iq7download.com
  • dl6.iq8download.com
  • img.apnanalytics.com
  • liveupdate.symantecliveupdate.com
  • stats.norton.com
  • websearch.ask.com

Example 3

File Information

Size
1.5M
SHA-1
001ad61811252430c54a20553fa3aca9fa98a843
MD5
bf4e065a66f8ba4cccad48ea032ed2cd
CRC-32
dc1a74d1
File type
Windows executable
First seen
2007-05-02

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\wrapper.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\resource.disclosure.iq.drivergenius_r2_v1.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX3.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX5.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX6.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\VGXB.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_iq_ui_header_l.png
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX7.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\disclosure.iq.drivergenius_r2_v1.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\js\installiq.js
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\disclosure.iq.ty_icon_v2.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\disclosure.iq.savingsapp_v1_txtenhance.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\resource.product.iq.miranda.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_iq_ui_progress.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_installcart_items.png
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX4.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\AskTB\ApnIC.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\ico_installiq.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_iq_ui_steptitle_blue.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_iq_ui_wrap.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\AskTB\asktbdet.zip
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\disclosure.cancel.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_installcartcount_active.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_install_top.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_min.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\resource.installiq_v2e.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\SymCCIS.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\ping.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_iq_ui_installcart.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_installcart_items_ul.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\disclosure.iq.iqu_legalbox2\ico_check.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\ico_cart.png
  • c:\Documents and Settings\test user\Local Settings\Temp\SCCLog.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_install_roundbottom.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\SymCCIS.zip
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\detectionrules.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e.xsl
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\accept_msg.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_iq_ui_installcart.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\resource.disclosure.iq.savingsapp_v1_txtenhance.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\resource.disclosure.iq.iqu_legalbox2.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\btn_addons.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\resource.disclosure.iq.ty_icon_v2.pkg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\img_progressbar_bg.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\product.iq.miranda.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\SymCCIS_CheckCriteria.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\accept_pop.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\js\DD_belatedPNG_0.0.8a-min.js
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\ie9_dl_disc_single.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\btn_medium.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_close.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_install_tab.png
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX8.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\product.iq.miranda\miranda_bg(1_1).jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX9.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_progress_holder.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\timings.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\product.iq.miranda\miranda_tn_new1.png
  • c:\Documents and Settings\test user\Local Settings\Temp\VGXA.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\welcomestats.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\view.welcome.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\VGXC.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\ico_legalmark.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_progress_softwarecount.png
  • c:\Documents and Settings\test user\Local Settings\Temp\VGX2.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_installcartactive.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\js\jquery-1.4.2.min.js
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\img_progressbar_top.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\AskTB\ApnStub.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\ie9_dl_disc.png
  • c:\Documents and Settings\test user\Local Settings\Temp\APN-Stub\Stb649df8f0-a620-4bf7-a67d-b88dfbd1052e.log
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\ico_cart_active.png
  • c:\Documents and Settings\test user\Local Settings\Temp\APNLogs\ic.log
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\ico_help.png
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\sample.log
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\autorun.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\disclosure.browseroptions.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\stub.log
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\disclosure.iq.iqu_legalbox2.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\disclosure.download.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\disclosure.iq.savingsapp_v1_txtenhance\bg_savingsapp.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\pkg_a1d1a3e50\installiq_v2e\template_skin\bg_installcartcount.png
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F
Modified Files
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012061320120614
    CacheRepair
    0x00000000
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    test_item.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012052820120604
    CacheRepair
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
    Name
    test_item.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    ID
    0x4fc5405c
Processes Created
  • c:\docume~1\support\locals~1\temp\pkg_a1d1a3e50\asktb\apnstub.exe
HTTP Requests
  • http://crl.verisign.com/pca3-g5.crl
  • http://crl.verisign.com/pca3.crl
  • http://csc3-2010-crl.verisign.com/CSC3-2010.crl
  • http://dl.installiq.com/api/detectionrequest.aspx
  • http://dl.installiq.com/ping/installping.aspx
  • http://dl6.iq7download.com/disclosures/offers/disclosure.iq.drivergenius_r2_v1.zip
  • http://dl6.iq7download.com/disclosures/offers/disclosure.iq.iqu_legalbox2.zip
  • http://dl6.iq7download.com/disclosures/offers/disclosure.iq.savingsapp_v1_txtenhance.zip
  • http://dl6.iq7download.com/disclosures/offers/disclosure.iq.ty_icon_v2.zip
  • http://dl6.iq7download.com/disclosures/products/product.iq.miranda.zip
  • http://dl6.iq7download.com/lm/bundles/ask/ask_detection.zip
  • http://dl6.iq7download.com/templates/installiq_v2e.zip
  • http://img.apnanalytics.com/images/nocache/apn/tr.gif
  • http://installer.freeze.com/initialization_screen/images/TRUSTe_logo_skinny.png
  • http://installer.freeze.com/initialization_screen/index_skinny.html
  • http://liveupdate.symantecliveupdate.com/upgrade/NSS/SymCCIS/Production/SCC/w3i/SCC.config.txt
  • http://liveupdate.symantecliveupdate.com/upgrade/NSS/SymCCIS/Production/SCC/w3i/SCC.dll
  • http://stats.norton.com/n/p
  • http://websearch.ask.com/installed
DNS Requests
  • crl.verisign.com
  • csc3-2010-crl.verisign.com
  • dl.installiq.com
  • dl6.iq7download.com
  • img.apnanalytics.com
  • installer.freeze.com
  • liveupdate.symantecliveupdate.com
  • stats.norton.com
  • websearch.ask.com

scarica Prova gratuita dei prodotti Sophos
Scarica subito