Mixi Toolbar

Categoria: Adware e PUA Opzioni di protezione ora disponibili:06 giu 2013 13:32:19 (GMT)
Tipo: Adware Ultimo aggiornamento:29 lug 2013 08:26:36 (GMT)

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Examples of Mixi Toolbar include:

Example 1

File Information

Size
815K
SHA-1
25592b49ffb4e3e9647dae84b6e5c4ab780cdff7
MD5
fffebbee4920059902277812a3c07ed8
CRC-32
744ad00a
File type
Windows executable
First seen
2013-05-05

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\B0CD7715-BAB0-7891-B55F-DC453F5C92C4\BabyTBConf.ini
  • c:\Documents and Settings\test user\Application Data\Babylon\log_file.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\B0CD7715-BAB0-7891-B55F-DC453F5C92C4\SetupParams.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\MixiDJToolbar.exe
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
    BTRS101493
  • HKLM\SOFTWARE\BabylonToolbar\BabylonToolbar
    dlp_url
    cmVzOi8vbXNodG1sLmRsbC9ibGFuay5odG0=
  • HKCR\Prod.cap
    Info
    C?□□x□□c□ b□□I□0b□□F□0j□□□□p7□0□□p□□□g□03□□]□0C□pc□□'□0#□0]□pc□□7□p7□p□□pG□0□□□□□□□□□□□ !□□□□0L□□F□
  • HKLM\SOFTWARE\Babylon\Babylon Client\DefaultSettings
    SetSearch
    0x01111004
Registry Keys Modified
  • HKCU\Software\Microsoft\Internet Explorer\Main
    Start Page
    http://search.babylon.com/?affID=121120&babsrc=HP_ss&mntrId=601F000C299B4080
Processes Created
  • c:\docume~1\support\locals~1\temp\b0cd7715-bab0-7891-b55f-dc453f5c92c4\setup.exe
  • c:\docume~1\support\locals~1\temp\mixidjtoolbar.exe
HTTP Requests
  • http://dl.babylon.com/site/files/Setup9/dwr/DefaultClient/DefaultClient/Default-tbdat.zpb
  • http://dl.babylon.com/site/files/Setup9/dwr/DefaultToolbar/DefaultToolbar/Setup-tbdef.zpb
  • http://stat.info-stream.net/report.php
  • http://stp.babylon.com/downloader.php
DNS Requests
  • dl.babylon.com
  • stat.info-stream.net
  • stp.babylon.com

Example 2

File Information

Size
573K
SHA-1
40972aaec808dc05dc147de73cc4a61892d80550
MD5
19461ead91e5fa66719ab07f790ef6e2
CRC-32
3614b318
File type
Windows executable
First seen
2013-07-28

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\DownloadManager.exe
Registry Keys Created
  • HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}\1.0\HELPDIR
    (Default)
    C:\DOCUME~1\support\LOCALS~1\Temp
  • HKCR\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}\TypeLib
    (Default)
    {DCABB943-792E-44C4-9029-ECBEE6265AF9}
  • HKCR\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}
    (Default)
    CBrowserExternal Class
  • HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
    (Default)
    IBrowserExternals
  • HKCR\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}\LocalServer32
    ServerExecutable
    C:\DOCUME~1\support\LOCALS~1\Temp\DownloadManager.exe
  • HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}\1.0\0\win32
    (Default)
    C:\DOCUME~1\support\LOCALS~1\Temp\DownloadManager.exe
  • HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}\TypeLib
    Version
    1.0
  • HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}\1.0
    (Default)
    SmartInstallerLib
  • HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}\1.0\FLAGS
    (Default)
  • HKCR\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}\Version
    (Default)
    1.0
Processes Created
  • c:\docume~1\support\locals~1\temp\downloadmanager.exe
HTTP Requests
  • http://installer.ppdownload.com/Installer/Flow
DNS Requests
  • installer.ppdownload.com

Example 3

File Information

Size
573K
SHA-1
b18287690954bf0c2277294697b4df3918cd9f7e
MD5
1162bb20d731a5fa2722be0d1a70fb96
CRC-32
ae8e2a08
File type
Windows executable
First seen
2013-07-28

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\DownloadManager.exe
Registry Keys Created
  • HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}\1.0
    (Default)
    SmartInstallerLib
  • HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
    (Default)
    IBrowserExternals
  • HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}\1.0\0\win32
    (Default)
    C:\DOCUME~1\support\LOCALS~1\Temp\DownloadManager.exe
  • HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}\1.0\FLAGS
    (Default)
  • HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}\TypeLib
    Version
    1.0
  • HKCR\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}\Version
    (Default)
    1.0
  • HKCR\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}\TypeLib
    (Default)
    {DCABB943-792E-44C4-9029-ECBEE6265AF9}
  • HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}\LocalServer32
    ServerExecutable
    C:\DOCUME~1\support\LOCALS~1\Temp\DownloadManager.exe
  • HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}\1.0\HELPDIR
    (Default)
    C:\DOCUME~1\support\LOCALS~1\Temp
  • HKCR\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}
    (Default)
    CBrowserExternal Class
Processes Created
  • c:\docume~1\support\locals~1\temp\downloadmanager.exe
HTTP Requests
  • http://installer.ppdownload.com/Installer/Flow
DNS Requests
  • installer.ppdownload.com

scarica Prova gratuita dei prodotti Sophos
Scarica subito