InstallRex

Categoria: Adware e PUA Opzioni di protezione ora disponibili:10 ott 2012 22.59.32 (GMT)
Tipo: Unspecified PUA Ultimo aggiornamento:10 apr 2014 20.30.26 (GMT)

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

InstallRex  is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of InstallRex include:

Example 1

File Information

Size
306K
SHA-1
00000da361529cc33b2d99293ef1a149947fe559
MD5
11f08e19c49c99193e98d5e824e7f206
CRC-32
5e3aad99
File type
Windows executable
First seen
2013-12-06

Runtime Analysis

Dropped Files
  • C:\Documents and Settings\All Users\Application Data\InstallMate\42C4372C\cfg\2_0.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\sample.log
  • c:\Documents and Settings\test user\Local Settings\Temp\Tsu38A53324.dll
  • C:\Documents and Settings\All Users\Application Data\InstallMate\42C4372C\cfg\1.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\{DE444649-53A7-4E5A-ACB1-1B8505A764BF}\general_logo.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\{DE444649-53A7-4E5A-ACB1-1B8505A764BF}\Custom.dll
    Size
    74K
    SHA-1
    49d8ef6835a6de734ead4e0b2cbbc65735cd5c17
    MD5
    e8d86c771d7e23b080921b9803f1654c
    CRC-32
    0e5f78b4
    File type
    Windows executable
    First seen
    2007-08-25
  • c:\Documents and Settings\test user\Local Settings\Temp\{DE444649-53A7-4E5A-ACB1-1B8505A764BF}\Readme.txt
    Size
    2.1K
    SHA-1
    d7cb88e3b7baa98f0c99e89340121a92d315676f
    MD5
    699229b3fe2ee75aefa3d2b54f7e13cb
    CRC-32
    35af7cb0
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-11-20
  • c:\Documents and Settings\test user\Local Settings\Temp\{DE444649-53A7-4E5A-ACB1-1B8505A764BF}\v_grey.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\{DE444649-53A7-4E5A-ACB1-1B8505A764BF}\Setup.ico
  • c:\Documents and Settings\test user\Local Settings\Temp\{DE444649-53A7-4E5A-ACB1-1B8505A764BF}\_Setup.dll
    Size
    167K
    SHA-1
    999582209e73d92d0040b8092666087aac2cee90
    MD5
    262cc5a5e5a007ae182c45e41ac35adf
    CRC-32
    e37eef62
    File type
    Windows executable
    First seen
    2013-11-20
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFC775.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\{DE444649-53A7-4E5A-ACB1-1B8505A764BF}\Setup.exe
  • C:\Documents and Settings\All Users\Application Data\InstallMate\42C4372C\cfg\4.ini
HTTP Requests
  • http://c1.stylezip.info/
  • http://i1.stylezip.info/images/general_logo.jpg
  • http://i1.stylezip.info/images/v_grey.jpg
DNS Requests
  • c1.stylezip.info
  • i1.stylezip.info
  • r1.stylezip.info

Example 2

File Information

Size
314K
SHA-1
00001602edf273083b4daaa5294a18d9307a18b2
MD5
2f0c50dcaf177097d2efe92d94178428
CRC-32
05abd8d4
File type
Windows executable
First seen
2014-02-01

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\sample.log
    Size
    60K
    SHA-1
    7f972fcb314b73545f63c6c486c67d0a9525d150
    MD5
    f564a6883243b48d7d9b3af51d042a29
    CRC-32
    f7488675
    File type
    Data Log File (generic)
    First seen
    2014-02-01
  • c:\Documents and Settings\test user\Local Settings\Temp\{0FDD1553-751E-4CB8-AE53-3D3CD43E37A5}\Setup.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\{0FDD1553-751E-4CB8-AE53-3D3CD43E37A5}\_Setup.dll
    Size
    171K
    SHA-1
    082d05c392a00a6045afabc6aece91e5879cbdcc
    MD5
    1aabcda403b1a6801317ef9921e80c91
    CRC-32
    35d8f8b4
    File type
    Windows executable
    First seen
    2014-01-29
  • c:\Documents and Settings\test user\Local Settings\Temp\TsuD2C51C9F.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\{0FDD1553-751E-4CB8-AE53-3D3CD43E37A5}\Custom.dll
    Size
    92K
    SHA-1
    5f0546ec86f3e27f0eec4d5d5451edc630907654
    MD5
    c9d3d86ee95ae4d20c80de9ddaa8fa40
    CRC-32
    f3445fc6
    File type
    Windows executable
    First seen
    2014-01-29
  • c:\Documents and Settings\test user\Local Settings\Temp\{0FDD1553-751E-4CB8-AE53-3D3CD43E37A5}\Readme.txt
    Size
    2.1K
    SHA-1
    2b47e6d7af95c7e50e517950bc0e552e5ab4f388
    MD5
    cdb83c5f8ef48383f7db8f186d98f7bd
    CRC-32
    a1b64f56
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-01-29
  • c:\Documents and Settings\test user\Local Settings\Temp\{0FDD1553-751E-4CB8-AE53-3D3CD43E37A5}\Setup.ico
    Size
    4.8K
    SHA-1
    379dd117192abfa3ebadad54f5d968f9cb40a17f
    MD5
    e1d796d68cef7297976b889df8327a24
    CRC-32
    acf3f493
    File type
    Icon for 32-bit Windows
    First seen
    2014-01-26
HTTP Requests
  • http://c1.getapplicationmy.info/
  • http://c2.getapplicationmy.info/
DNS Requests
  • c1.getapplicationmy.info
  • c2.getapplicationmy.info
  • r1.getapplicationmy.info
  • r2.getapplicationmy.info

Example 3

File Information

Size
306K
SHA-1
00002d6ece4affdd02de5da13ab3f9d5b7408a9d
MD5
9a3e00ec97d67504a90f570782e56798
CRC-32
3ba3882e
File type
Windows executable
First seen
2007-08-19

Runtime Analysis

Dropped Files
  • C:\Documents and Settings\All Users\Application Data\InstallMate\BD3D6FD0\cfg\1.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\sample.log
  • c:\Documents and Settings\test user\Local Settings\Temp\{3F64BB47-6100-4551-A7BA-2922E48799B1}\general_logo.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\{3F64BB47-6100-4551-A7BA-2922E48799B1}\Custom.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\Tsu08EF48E9.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\{3F64BB47-6100-4551-A7BA-2922E48799B1}\v_grey.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\{3F64BB47-6100-4551-A7BA-2922E48799B1}\_Setup.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\{3F64BB47-6100-4551-A7BA-2922E48799B1}\Setup.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\{3F64BB47-6100-4551-A7BA-2922E48799B1}\Readme.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\{3F64BB47-6100-4551-A7BA-2922E48799B1}\Setup.ico
  • c:\Documents and Settings\test user\Local Settings\Temp\~DF5D72.tmp
  • C:\Documents and Settings\All Users\Application Data\InstallMate\BD3D6FD0\cfg\4_2.ini
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    ReceiveTimeout
    0x000927c0
HTTP Requests
  • http://c1.stylefun.info/
  • http://i1.stylefun.info/images/ebook_logo.jpg
  • http://i1.stylefun.info/images/v_grey.jpg
DNS Requests
  • c1.stylefun.info
  • i1.stylefun.info
  • r1.stylefun.info

scarica Prova gratuita dei prodotti Sophos
Scarica subito