MultiPlug

Categoria: Adware e PUA Opzioni di protezione ora disponibili:09 ott 2013 12:19:29 (GMT)
Tipo: Adware Ultimo aggiornamento:17 apr 2015 09:00:18 (GMT)

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Examples of MultiPlug include:

Example 1

File Information

Size
1.2M
SHA-1
000021812b49d69a136fdd93fe215df11cdaa111
MD5
ccabf0e804965d42e20ca2b16c1c2a2d
CRC-32
6dda5a5d
File type
Windows executable
First seen
2014-12-31

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\03ad83ba\temp\test_item.exe
Dropped Files
  • C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    Size
    7.1K
    SHA-1
    a796dd80b62083fafb7f33c0869b0cab11863eb4
    MD5
    e345f0467197751c2310312786f2af91
    CRC-32
    ce1d0696
    File type
    Unspecified binary - probably data
    First seen
    2015-01-01
  • c:\Documents and Settings\test user\Application Data\Microsoft\Protect\S-1-5-21-1202660629-1454471165-1275210071-1003\bc2a25fb-c392-478a-af77-d48a7c683e9c
    Size
    388
    SHA-1
    340df418c7039a92c75056144590f118c46f06d7
    MD5
    06688eae7e604b5150e8e0077410d7a2
    CRC-32
    5952a23a
    File type
    Unspecified binary - probably data
    First seen
    2015-01-01
  • c:\Documents and Settings\test user\Desktop\sample.lnk
    Size
    1.3K
    SHA-1
    d1cc12722ab8f2fac4f310e41571e10e681a895d
    MD5
    4f5cc85ddf7333440bb2f5afc74c5f09
    CRC-32
    a96ef5fc
    File type
    Windows Shortcut file (.LNK)
    First seen
    2015-01-01
  • c:\Documents and Settings\test user\Local Settings\Temp\03ad83ba\images\loader.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\03ad83ba\images\progressbar.gif
  • C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    Size
    7.1K
    SHA-1
    0dbbe91f668bddcb0b050391a839535860ab8028
    MD5
    30304868661904aada6ed01831fc2bbd
    CRC-32
    94487477
    File type
    Unspecified binary - probably data
    First seen
    2015-01-01
  • c:\Documents and Settings\test user\Local Settings\Temp\03ad83ba\temp\bg.ca
    Size
    479
    SHA-1
    822b6d316e52101f91dec86503fd6afb4814b756
    MD5
    c2cbfa4cc74ff02f775d5811fafe07d6
    CRC-32
    4137dd69
    File type
    Hypertext Markup Language
    First seen
    2014-12-22
Modified Files
  • %PROFILE%\Application Data\Microsoft\Protect\S-1-5-21-1202660629-1454471165-1275210071-1003\Preferred
Registry Keys Created
  • HKCU_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\LocalServer32
    ServerExecutable
    c:\test_item.exe
  • HKCU_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
    (Default)
    TinyJSObject Class
  • HKCU\Software\WebApp\Styles
    MaxScriptStatements
    0xffffffff
  • HKCU_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\Version
    (Default)
    1.0
  • HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\Version
    (Default)
    1.0
  • HKCU_Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\TypeLib
    Version
    1.0
  • HKCU\Software\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCU_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\TypeLib
    (Default)
    {7E77E9F2-D76B-4D54-B515-9A7F93DF03DF}
  • HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    GlobalMaxTcpWindowSize
    0x00ffffff
  • HKCU\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0
    (Default)
    JSIELib
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
    StateIndex
    0x00000001
  • HKCU_Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\HELPDIR
    (Default)
    c:
  • HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\LocalServer32
    ServerExecutable
    c:\test_item.exe
  • HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToBackup
    BITS_metadata
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\*
  • HKCU_Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0
    (Default)
    JSIELib
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\BITS
    ControlFlags
    0x00000001
  • HKCU\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\HELPDIR
    (Default)
    c:
  • HKCU\Software\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCU\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\0\win32
    (Default)
    c:\test_item.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\BITS\CtlGuid
    BitNames
    LogFlagInfo LogFlagWarning LogFlagError LogFlagFunction LogFlagRefCount LogFlagSerialize LogFlagDownload LogFlagTask LogFlagLock LogFlagService LogFlagDataBytes LogFlagTransferDetails
  • HKCU_Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\0\win32
    (Default)
    c:\test_item.exe
  • HKCU\Software\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\TypeLib
    Version
    1.0
  • HKCU\Software\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
    (Default)
    ITinyJSObject
  • HKCU_Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\FLAGS
    (Default)
  • HKCU_Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
    (Default)
    ITinyJSObject
  • HKLM\SYSTEM\CurrentControlSet\Services\BITS\Enum
    NextInstance
    0x00000001
  • HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\TypeLib
    (Default)
    {7E77E9F2-D76B-4D54-B515-9A7F93DF03DF}
  • HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
    (Default)
    TinyJSObject Class
  • HKCU_Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCU_Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCU\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\FLAGS
    (Default)
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\BITS
    Start
    0x00000002
HTTP Requests
  • http://c1.starvel.org/
  • http://c2.winnered.net/
DNS Requests
  • c1.starvel.org
  • c2.winnered.net
  • r1.profficing.org

Example 2

File Information

Size
1.5M
SHA-1
00003316482c3e25ba6d59c1555131421204c499
MD5
488120011aaf4d6686cb486e79624349
CRC-32
8bcbd0e2
File type
Windows executable
First seen
2007-08-27

Runtime Analysis

Dropped Files
  • C:\Documents and Settings\All Users\Application Data\5d5d60c3d6235bf2\{C1A27135-69EB-8D44-7358-34727DD7B820}
  • C:\Documents and Settings\All Users\Application Data\DoWNLoaD, keeper\AYlFVw68.dat
  • c:\Documents and Settings\test user\AppData\LocalLow\{2FB6CC18-5C3E-A17E-2DB7-34B250599632}\DoWNLoaD, keeper.2.7.dat
  • C:\Documents and Settings\All Users\Application Data\DoWNLoaD, keeper\AYlFVw68.exe
  • C:\Program Files\DoWNLoaD, keeper\0k5uDnR.x64.dll
  • C:\Program Files\DoWNLoaD, keeper\0k5uDnR.dat
  • C:\Program Files\DoWNLoaD, keeper\0k5uDnR.tlb
  • C:\Program Files\DoWNLoaD, keeper\0k5uDnR.dll
    Size
    417K
    SHA-1
    86c7cf982e18ca23f8ef30718417903dc010b00a
    MD5
    aabcede5b824bd00717350b6b7474c46
    CRC-32
    5b50655c
    File type
    Windows executable
    First seen
    2013-12-03
Registry Keys Created
  • HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib
    Version
    1.0
  • HKCR\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\KeePeer\CLSID
    (Default)
    {2FB6CC18-5C3E-A17E-2DB7-34B250599632}
  • HKCR\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\TypeLib
    Version
    1.0
  • HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0
    (Default)
    IEPluginLib
  • HKCR\CLSID\{2FB6CC18-5C3E-A17E-2DB7-34B250599632}\ProgID
    (Default)
    DDOwnLooaada KeePeer.1.6
  • HKCR\KeePeer.1.6
    (Default)
    DoWNLoaD, keeper
  • HKCR\KeePeer.1.6\CLSID
    (Default)
    {2FB6CC18-5C3E-A17E-2DB7-34B250599632}
  • HKCR\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCU\Software\RegisteredApplicationsEx
    4b58cf866f1c57a54a7e1e93674e349f
    1□□□
  • HKCR\CLSID\{2FB6CC18-5C3E-A17E-2DB7-34B250599632}\VersionIndependentProgID
    (Default)
    DDOwnLooaada KeePeer
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
    {2FB6CC18-5C3E-A17E-2DB7-34B250599632}
    1
  • HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR
    (Default)
    C:\Program Files\DoWNLoaD, keeper
  • HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS
    (Default)
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2FB6CC18-5C3E-A17E-2DB7-34B250599632}
    NoExplorer
    0x00000001
  • HKCR\CLSID\{2FB6CC18-5C3E-A17E-2DB7-34B250599632}
    (Default)
    DoWNLoaD, keeper
  • HKCR\KeePeer
    (Default)
    DoWNLoaD, keeper
  • HKCR\CLSID\{2FB6CC18-5C3E-A17E-2DB7-34B250599632}\InprocServer32
    ThreadingModel
    Apartment
  • HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32
    (Default)
    C:\Program Files\DoWNLoaD, keeper\0k5uDnR.tlb
  • HKCR\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib
    Version
    1.0
  • HKCR\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    (Default)
    IRegistry
  • HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    (Default)
    ILocalStorage
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1A27135-69EB-8D44-7358-34727DD7B820}
    _In
    20131207
  • HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\KeePeer\CurVer
    (Default)
    DDOwnLooaada KeePeer.1.6
  • HKCR\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    (Default)
    IIEPluginMain
  • HKCR\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
Processes Created
  • c:\docume~1\support\locals~1\temp\3c612fff\aylfvw68.exe
  • c:\windows\system32\regsvr32.exe

Example 3

File Information

Size
704K
SHA-1
00003e3910362dd635470c2ecd8ff8f733a85a16
MD5
f797a822d7c6d379122db88cdbc673b4
CRC-32
0a996631
File type
Windows executable
First seen
2014-08-22

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\sho\images\loader.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\sho\images\progressbar.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\sho\steps\1.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\sho\steps\2_0.ini
Registry Keys Created
  • HKCR\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\0\win32
    (Default)
    c:\test_item.exe
  • HKCU\Software\WebApp\Styles
    MaxScriptStatements
    0xffffffff
  • HKCU_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\LocalServer32
    ServerExecutable
    c:\test_item.exe
  • HKCU_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
    (Default)
    TinyJSObject Class
  • HKCR\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
    (Default)
    ITinyJSObject
  • HKCR\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\HELPDIR
    (Default)
    c:
  • HKCR\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0
    (Default)
    JSIELib
  • HKCR\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
    (Default)
    TinyJSObject Class
  • HKCU_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\TypeLib
    (Default)
    {7E77E9F2-D76B-4D54-B515-9A7F93DF03DF}
  • HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\LocalServer32
    ServerExecutable
    c:\test_item.exe
  • HKCR\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\FLAGS
    (Default)
  • HKCU_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\Version
    (Default)
    1.0
  • HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\TypeLib
    (Default)
    {7E77E9F2-D76B-4D54-B515-9A7F93DF03DF}
  • HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\Version
    (Default)
    1.0
  • HKCR\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\TypeLib
    Version
    1.0
HTTP Requests
  • http://c1.epicbookallguard.net/
  • http://i1.nicedataget.com/images/next.png
  • http://i1.nicedataget.com/images/sidebar.jpg
  • http://i1.nicedataget.com/images/titlebar.png
DNS Requests
  • c1.epicbookallguard.net
  • i1.nicedataget.com
  • r1.sunusadirall.net

scarica Prova gratuita dei prodotti Sophos
Scarica subito