Unlimited Downloads

Categoria: Adware e PUA Opzioni di protezione ora disponibili:04 ott 2013 22:04:31 (GMT)
Tipo: Adware Ultimo aggiornamento:04 ott 2013 22:04:31 (GMT)

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Examples of Unlimited Downloads include:

Example 1

File Information

Size
1.5M
SHA-1
050225d1bdc3c600b2d0eef37c6032ddefaae9da
MD5
ebb95182afa82ff577191f03c4826da1
CRC-32
d33f0d06
File type
Windows executable
First seen
2013-09-28

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Application Data\UnitLayers\repair.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Application Data\UnitLayers\uninst.exe
    Size
    555K
    SHA-1
    e93a8c864185a4e589e1d49b4c3da978b3542596
    MD5
    527767b09ca9c738246d575e7a6a23e3
    CRC-32
    ef738996
    File type
    Windows executable
    First seen
    2013-10-04
  • c:\Documents and Settings\test user\Local Settings\Application Data\UnitLayers\.build
    Size
    17
    SHA-1
    f667bc5ac2edde96902c53822f30b6dd8872422f
    MD5
    4d487417faaf49dd8ef6964482810b06
    CRC-32
    43e18273
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-10-04
  • c:\Documents and Settings\test user\Local Settings\Application Data\UnitLayers\eula.txt
    Size
    20K
    SHA-1
    e3c048e96c76d269226e5e13fe9f97dea71cd880
    MD5
    da1ec428bd199bbad0a50634fccaf14c
    CRC-32
    811c8560
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-10-04
  • c:\Documents and Settings\test user\Local Settings\Application Data\UnitLayers\.user
    Size
    101
    SHA-1
    b3c05f58f8fa48e48a2ca44c1ed1e1db6d4ce373
    MD5
    5a6c1e78d815621a8acb210113c3ebf9
    CRC-32
    88304abb
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-10-04
  • c:\Documents and Settings\test user\Local Settings\Application Data\UnitLayers\temp.dat
    Size
    811K
    SHA-1
    531b82c8ece2af3e96f0720e66806293a5eb5470
    MD5
    06ee1343d4575832b0ece2166f5902e9
    CRC-32
    e0a23ce1
    File type
    Windows executable
    First seen
    2013-08-13
  • c:\Documents and Settings\test user\Local Settings\Temp\nsm3.tmp\nxs.dll
  • c:\Documents and Settings\test user\Start Menu\Programs\Unit Layers\Uninstall.lnk
    Size
    1.1K
    SHA-1
    c73137e3eee6d30eabfc926e2ef6f70488bd9ff8
    MD5
    d8f9c5a2c8440c8cbe3734d13c39c00e
    CRC-32
    884535aa
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-10-04
  • c:\Documents and Settings\test user\Local Settings\Temp\nsm3.tmp\textreplace.dll
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Unit Layers
    Publisher
    Unit Layers
  • HKCU\Software\Unit Layers
    mode_locked
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext
    DisableAddonLoadTimePerformanceNotifications
    1
  • HKCR\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
    (Default)
    Un□□t□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
    NoExplorer
    0x00000001
  • HKLM\SOFTWARE\Unit Layers
    mode_perms
    1
  • HKCU\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
    (Default)
  • HKCR\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}\InProcServer32
    ThreadingModel
    Apartment
Processes Created
  • c:\Documents and Settings\test user\local settings\application data\unitlayers\curl.exe
  • c:\docume~1\support\locals~1\temp\nsm3.tmp\ns4.tmp
  • c:\docume~1\support\locals~1\temp\nsm3.tmp\ns5.tmp
  • c:\windows\system32\rundll32.exe
HTTP Requests
  • http://app.unitlayers.com/
DNS Requests
  • app.unitlayers.com

Example 2

File Information

Size
1.5M
SHA-1
78ecbd6b8eb97b9d8e87ba11583abc4c42b9a78e
MD5
c2629f3e17ec59a6048caa55103022fa
CRC-32
5201c06e
File type
Windows executable
First seen
2013-09-17

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nse3.tmp\nsExec.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nse3.tmp\UAC.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nse3.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nse3.tmp\modern-header.bmp
    Size
    26K
    SHA-1
    be5e81b76434f32fecfd7fb2dfeca6bd85fe2a79
    MD5
    93dccd4721127047fffcacba61c81821
    CRC-32
    7e3c5b92
    File type
    Device-independent bitmap (DIB) file
    First seen
    2013-10-04
  • c:\Documents and Settings\test user\Local Settings\Application Data\DefineExt\curl.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\nse3.tmp\md5dll.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nse3.tmp\nxs.dll
Registry Keys Created
  • HKLM\SOFTWARE\Define Ext
    mode_perms
    1
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    Define Ext
    "c:\Documents and Settings\test user\Local Settings\Application Data\Temporary Files\.exe"
  • HKCU\Software\Define Ext
    age
    1380859200
Processes Created
  • c:\Documents and Settings\test user\local settings\application data\defineext\curl.exe
  • c:\docume~1\support\locals~1\temp\nse3.tmp\ns4.tmp
HTTP Requests
  • http://ads.vlmac.com/
DNS Requests
  • ads.vlmac.com

Example 3

File Information

Size
1.5M
SHA-1
a2bec44b9207575cf8521e9aed08210a1a6190e8
MD5
bb2ea9c6a1ecf452aeabb91ef531dfda
CRC-32
032c63c4
File type
Windows executable
First seen
2013-10-03

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Application Data\WordOv\curl.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\nsz3.tmp\UAC.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsz3.tmp\nsExec.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsz3.tmp\modern-header.bmp
    Size
    26K
    SHA-1
    98eab907571a6066fba79b3d5aa7131fe3b064fd
    MD5
    72f0fc9d566dab507d8b2cd62201ec90
    CRC-32
    63123d55
    File type
    Device-independent bitmap (DIB) file
    First seen
    2013-10-03
  • c:\Documents and Settings\test user\Local Settings\Temp\nsz3.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsz3.tmp\md5dll.dll
Registry Keys Created
  • HKLM\SOFTWARE\WordOv
    uuid
    5208bc2efbfd3c982ffbeacf78ebfcb3
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    WordOv
    "c:\Documents and Settings\test user\Local Settings\Application Data\Temporary Files\.exe"
  • HKCU\Software\WordOv
    uuid
    5208bc2efbfd3c982ffbeacf78ebfcb3

scarica Prova gratuita dei prodotti Sophos
Scarica subito