Vittalia

Categoria: Adware e PUA Opzioni di protezione ora disponibili:04 ott 2013 16:08:02 (GMT)
Tipo: Adware Ultimo aggiornamento:24 giu 2014 03:33:26 (GMT)

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Examples of Vittalia include:

Example 1

File Information

Size
4.7M
SHA-1
000941ae145e50340014cc91d8cbcbf169b6fdbc
MD5
0373f54737023b621107008f61708e46
CRC-32
fb7eaae3
File type
application/x-ms-dos-executable
First seen
2014-06-12

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\square_donottrackme.bmp
    Size
    1.6K
    SHA-1
    8eb771def93a55722818b421c45d032c19fdb0f7
    MD5
    8974187e3fbf09031330e71854d28eba
    CRC-32
    9249bc36
    File type
    image/x-bmp
    First seen
    2014-05-27
  • c:\Documents and Settings\test user\Local Settings\Temp\square_aartemis.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_pricepeep.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_pcfaster.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\tb_utilsbar.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\logo-kingbrowse.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_driverscanner.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\2e44_appcompat.txt
  • c:\Documents and Settings\test user\Local Settings\Application Data\temp\f194fondo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\tubedimmer_sample.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\irobinhood_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_pt.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\sharpsavings_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa3.tmp\modern-wizard.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_mypcbackup_softpublisher.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\vuupc_offerscreen.bmp
    Size
    331K
    SHA-1
    e7e6854919e8fc8a5baafb51de2033e073871ae0
    MD5
    4b255de22ccbaca97c8d40b2dca03ef5
    CRC-32
    764c1a5b
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-05-27
  • c:\Documents and Settings\test user\Local Settings\Temp\mypcbackup_image1.bmp
    Size
    36K
    SHA-1
    0154d5cfa8c7d68982755e210c5ce99dd54c9347
    MD5
    6e67fa77a96ce2c2fc1a1e9fed6f69e9
    CRC-32
    1d0837eb
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-06-05
  • c:\Documents and Settings\test user\Local Settings\Temp\square_freesofttoday.bmp
    Size
    2.4K
    SHA-1
    0678bf2c2209c04a78a1e8b01c6542b6372cb7e1
    MD5
    ac70f12c9d1b66ba1a647a15f68b969e
    CRC-32
    64aff1d6
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-02-05
  • c:\Documents and Settings\test user\Local Settings\Temp\square_softwareupdater.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\plushd_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\optimizerpro_title.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_jp.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_falcon.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_optimizerpro.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\bubbledock_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Application Data\temp\f194Installer.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\square_vuupc.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mypcbackup_softpublisher_title.bmp
    Size
    52K
    SHA-1
    5e8edb63df0206f3c195f67b06da6a428c329e19
    MD5
    3d4a58b2dfc8b58665ea1867528e4704
    CRC-32
    b56d8d58
    File type
    image/x-bmp
    First seen
    2014-06-05
  • c:\Documents and Settings\test user\Local Settings\Application Data\temp\f194header.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\richtext1.rtf
  • c:\Documents and Settings\test user\Local Settings\Temp\square_sharpsavings.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_bubbledock.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_en.bmp
    Size
    253K
    SHA-1
    9e455de6d2485a4491e49f67c03d128cd828e828
    MD5
    3826834eea5e80a7c79f61bb8b4a827d
    CRC-32
    483d67f0
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-05-13
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_tr.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mysearchdial_chrome_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_irobinhood.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_pcspeedup.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_lollipop.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_saveclicker_developer.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_adducky_tp.bmp
    Size
    2.3K
    SHA-1
    bd7769f40a9947c7ff01a70756df72a70122206a
    MD5
    22b4a63af673fe677c86d62dee82b3ac
    CRC-32
    0446dd7e
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-05-27
  • c:\Documents and Settings\test user\Local Settings\Temp\license.rtf
  • c:\Documents and Settings\test user\Local Settings\Temp\square_tubedimmer.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_vbates.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mockup_softwareupdater.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_passwidget.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mysearchdial_msie_firefox_image.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_pl.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_mypcbackup.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_fr.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\optimizerpro_name.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mypcbackup_title.bmp
    Size
    52K
    SHA-1
    5e8edb63df0206f3c195f67b06da6a428c329e19
    MD5
    3d4a58b2dfc8b58665ea1867528e4704
    CRC-32
    b56d8d58
    File type
    image/x-bmp
    First seen
    2014-06-05
  • c:\Documents and Settings\test user\Local Settings\Temp\square_weatherapp.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_utilsbar.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa3.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa3.tmp\version.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_es.bmp
  • c:\Documents and Settings\test user\Local Settings\Application Data\temp\f194Installer.INI
  • c:\Documents and Settings\test user\Local Settings\Temp\config.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\logo_pcspeedup.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\3dboxes_pcspeedup.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\systemspeedup_image.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_boxore.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa3.tmp\nsMath.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\snapdov2_terms.rtf
    Size
    12K
    SHA-1
    e70acf0d9ae2bcc5b85ff6f9ad16b7c1c5016ec6
    MD5
    396fc4e87732d27f95739c6554ce533d
    CRC-32
    78a4e356
    File type
    Rich Text Format (RTF)
    First seen
    2014-06-02
  • c:\Documents and Settings\test user\Local Settings\Temp\ajax_loader.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\hao123_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pcfaster_logo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa3.tmp\modern-header.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa3.tmp\ButtonEvent.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\costmin_developer_moreinfo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pricepeep_logo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_it.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_plushd.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\optimizerpro_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\bubblefootball_title.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_boxore_tp.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_saveclicker.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\tubedimmer_logo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mypcbackup_softpublisher_image1.bmp
    Size
    36K
    SHA-1
    0154d5cfa8c7d68982755e210c5ce99dd54c9347
    MD5
    6e67fa77a96ce2c2fc1a1e9fed6f69e9
    CRC-32
    1d0837eb
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-06-05
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa3.tmp\nsBR.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\instloffer.exe
    Size
    641K
    SHA-1
    7d7a88d0d8cc6bc60f550cccca7d7f0261cb9f1e
    MD5
    08ddf78750ca55178ae1a27a1c9740ea
    CRC-32
    6f4f1fd4
    File type
    Windows executable
    First seen
    2014-06-12
  • c:\Documents and Settings\test user\Local Settings\Temp\square_webstroller_softpublisher.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa3.tmp\nsURL.dll
    Size
    278K
    SHA-1
    7da71a17d2011c08b9c8330b0092a41ff3b73eee
    MD5
    8a4cf95fd1eb60ebf730d66446397f16
    CRC-32
    3b57ca3a
    File type
    Windows executable
    First seen
    2014-05-05
  • c:\Documents and Settings\test user\Local Settings\Temp\passwidget_image3.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\moreinfo_boxore.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa3.tmp\nsArray.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\pricemeter_image.bmp
    Size
    303K
    SHA-1
    fa61636765719f3b576e66c3978f0ccb88541191
    MD5
    fc4f1a36459d576430e9c51045e4e9c9
    CRC-32
    b78165ed
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-04-09
  • c:\Documents and Settings\test user\Local Settings\Temp\moreinfo_driverscanner.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\falcon_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\logo-highliteapp.bmp
    Size
    37K
    SHA-1
    75592ddaa0bdfaf8a21da0d12479c2c00dfeee3f
    MD5
    c4b15f2513eb8cf5b1507c6891bef5fb
    CRC-32
    c9020ea4
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-04-03
  • c:\Documents and Settings\test user\Local Settings\Temp\lollipop_moreinfo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsa3.tmp\tkDecript.dll
Registry Keys Created
  • HKLM\SOFTWARE\Vittalia\AxtanInstaller\versions\na
    LogoUrl
    http://media.sftvit.com/icoinstall/programs/012-excel.png
  • HKLM\SOFTWARE\Vittalia\AxtanInstaller
    enduser_id
    72726133
Processes Created
  • c:\Documents and Settings\test user\local settings\application data\temp\f194installer.exe
HTTP Requests
  • http://xmlinstcp.ddbbvt.eu/cmd/precompiled.html
  • http://xmlinstcp.ffbbvt.eu/cmd/api.php
  • http://xmlinstcp.ffbbvt.eu/cmd/geo.php
  • http://xmlinstcp.ffbbvt.eu/cmd/report.php
DNS Requests
  • xmlinstcp.ddbbvt.eu
  • xmlinstcp.ffbbvt.eu

Example 2

File Information

Size
4.7M
SHA-1
000b6263f454e0d8c4db29e5b7a0725d098663e3
MD5
bc38dfae460e68a73060e31ddb7fe364
CRC-32
0f1abca2
File type
application/x-ms-dos-executable
First seen
2014-06-14

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\square_bubbledock.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr3.tmp\nsArray.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\tb_utilsbar.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\bubbledock_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_boxore_tp.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_passwidget.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mypcbackup_softpublisher_image1.bmp
    Size
    36K
    SHA-1
    0154d5cfa8c7d68982755e210c5ce99dd54c9347
    MD5
    6e67fa77a96ce2c2fc1a1e9fed6f69e9
    CRC-32
    1d0837eb
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-06-05
  • c:\Documents and Settings\test user\Local Settings\Temp\sharpsavings_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mysearchdial_chrome_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_freesofttoday.bmp
    Size
    2.4K
    SHA-1
    0678bf2c2209c04a78a1e8b01c6542b6372cb7e1
    MD5
    ac70f12c9d1b66ba1a647a15f68b969e
    CRC-32
    64aff1d6
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-02-05
  • c:\Documents and Settings\test user\Local Settings\Temp\square_vbates.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\tubedimmer_sample.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_irobinhood.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mockup_softwareupdater.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_es.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_jp.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\bubblefootball_title.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_falcon.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_mypcbackup.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\plushd_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_it.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_saveclicker.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\optimizerpro_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr3.tmp\nsMath.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\square_saveclicker_developer.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_pricepeep.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_optimizerpro.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pricepeep_logo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr3.tmp\ButtonEvent.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\square_lollipop.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\irobinhood_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_interstat.bmp
    Size
    1.8K
    SHA-1
    18e407443d30583213124b90324a3ab993afa16f
    MD5
    1cca2f22d72e35e84b8db4add4130d75
    CRC-32
    89ece744
    File type
    image/x-bmp
    First seen
    2014-06-13
  • c:\Documents and Settings\test user\Local Settings\Temp\logo-highliteapp.bmp
    Size
    37K
    SHA-1
    75592ddaa0bdfaf8a21da0d12479c2c00dfeee3f
    MD5
    c4b15f2513eb8cf5b1507c6891bef5fb
    CRC-32
    c9020ea4
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-04-03
  • c:\Documents and Settings\test user\Local Settings\Temp\3dboxes_pcspeedup.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\costmin_developer_moreinfo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_adducky_tp.bmp
    Size
    2.3K
    SHA-1
    bd7769f40a9947c7ff01a70756df72a70122206a
    MD5
    22b4a63af673fe677c86d62dee82b3ac
    CRC-32
    0446dd7e
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-05-27
  • c:\Documents and Settings\test user\Local Settings\Temp\systemspeedup_image.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_softwareupdater.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\snapdov2_terms.rtf
    Size
    12K
    SHA-1
    e70acf0d9ae2bcc5b85ff6f9ad16b7c1c5016ec6
    MD5
    396fc4e87732d27f95739c6554ce533d
    CRC-32
    78a4e356
    File type
    Rich Text Format (RTF)
    First seen
    2014-06-02
  • c:\Documents and Settings\test user\Local Settings\Temp\falcon_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_pcspeedup.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_fr.bmp
  • c:\Documents and Settings\test user\Local Settings\Application Data\temp\4da8Installer.INI
  • c:\Documents and Settings\test user\Local Settings\Temp\mypcbackup_softpublisher_title.bmp
    Size
    52K
    SHA-1
    5e8edb63df0206f3c195f67b06da6a428c329e19
    MD5
    3d4a58b2dfc8b58665ea1867528e4704
    CRC-32
    b56d8d58
    File type
    image/x-bmp
    First seen
    2014-06-05
  • c:\Documents and Settings\test user\Local Settings\Temp\square_driverscanner.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\config.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\square_weatherapp.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr3.tmp\modern-header.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\optimizerpro_title.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_mypcbackup_softpublisher.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mypcbackup_image1.bmp
    Size
    36K
    SHA-1
    0154d5cfa8c7d68982755e210c5ce99dd54c9347
    MD5
    6e67fa77a96ce2c2fc1a1e9fed6f69e9
    CRC-32
    1d0837eb
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-06-05
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr3.tmp\nsBR.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\square_tubedimmer.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_vuupc.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_pcfaster.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\hao123_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\tubedimmer_logo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\license.rtf
  • c:\Documents and Settings\test user\Local Settings\Temp\square_sharpsavings.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mypcbackup_title.bmp
    Size
    52K
    SHA-1
    5e8edb63df0206f3c195f67b06da6a428c329e19
    MD5
    3d4a58b2dfc8b58665ea1867528e4704
    CRC-32
    b56d8d58
    File type
    image/x-bmp
    First seen
    2014-06-05
  • c:\Documents and Settings\test user\Local Settings\Temp\ajax_loader.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\passwidget_image3.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\vuupc_offerscreen.bmp
    Size
    331K
    SHA-1
    e7e6854919e8fc8a5baafb51de2033e073871ae0
    MD5
    4b255de22ccbaca97c8d40b2dca03ef5
    CRC-32
    764c1a5b
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-05-27
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_tr.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_pt.bmp
  • c:\Documents and Settings\test user\Local Settings\Application Data\temp\4da8header.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\instloffer.exe
    Size
    646K
    SHA-1
    9a1ae7cdad5b7314d4cf171749fe896f200772c6
    MD5
    b585178e443b34037b767fa5ad003dcd
    CRC-32
    8e2147bc
    File type
    application/x-ms-dos-executable
    First seen
    2014-06-13
  • c:\Documents and Settings\test user\Local Settings\Temp\square_aartemis.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr3.tmp\tkDecript.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\richtext1.rtf
  • c:\Documents and Settings\test user\Local Settings\Temp\moreinfo_driverscanner.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_utilsbar.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\logo_pcspeedup.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\searchprotect_conduit_text.rtf
  • c:\Documents and Settings\test user\Local Settings\Temp\square_donottrackme.bmp
    Size
    1.6K
    SHA-1
    8eb771def93a55722818b421c45d032c19fdb0f7
    MD5
    8974187e3fbf09031330e71854d28eba
    CRC-32
    9249bc36
    File type
    image/x-bmp
    First seen
    2014-05-27
  • c:\Documents and Settings\test user\Local Settings\Temp\mysearchdial_msie_firefox_image.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_pl.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_plushd.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\logo-kingbrowse.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\lollipop_moreinfo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr3.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Application Data\temp\4da8fondo.bmp
    Size
    207K
    SHA-1
    c325859bfc43c725f4d53ed0ee3374c5a6cd19b9
    MD5
    6f860948f38cfc250b61b52dcfad946d
    CRC-32
    5ffad4f0
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-04-12
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr3.tmp\nsDialogs.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\pricemeter_image.bmp
    Size
    303K
    SHA-1
    fa61636765719f3b576e66c3978f0ccb88541191
    MD5
    fc4f1a36459d576430e9c51045e4e9c9
    CRC-32
    b78165ed
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-04-09
  • c:\Documents and Settings\test user\Local Settings\Application Data\temp\4da8Installer.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr3.tmp\version.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\pcfaster_logo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_webstroller_softpublisher.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr3.tmp\nsURL.dll
    Size
    278K
    SHA-1
    7da71a17d2011c08b9c8330b0092a41ff3b73eee
    MD5
    8a4cf95fd1eb60ebf730d66446397f16
    CRC-32
    3b57ca3a
    File type
    Windows executable
    First seen
    2014-05-05
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr3.tmp\modern-wizard.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\optimizerpro_name.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_en.bmp
    Size
    253K
    SHA-1
    9e455de6d2485a4491e49f67c03d128cd828e828
    MD5
    3826834eea5e80a7c79f61bb8b4a827d
    CRC-32
    483d67f0
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-05-13
Registry Keys Created
  • HKLM\SOFTWARE\Vittalia\AxtanInstaller\versions\674616
    LogoUrl
    http://media.sftvit.com/icoinstall/programs/Ares%20copia.png
  • HKLM\SOFTWARE\Vittalia\AxtanInstaller
    enduser_id
    72759083
Processes Created
  • c:\Documents and Settings\test user\local settings\application data\temp\4da8installer.exe
HTTP Requests
  • http://xmlinstcp.ddbbvt.eu/cmd/precompiled.html
  • http://xmlinstcp.ffbbvt.eu/cmd/api.php
  • http://xmlinstcp.ffbbvt.eu/cmd/geo.php
  • http://xmlinstcp.ffbbvt.eu/cmd/log.php
  • http://xmlinstcp.ffbbvt.eu/cmd/report.php
DNS Requests
  • xmlinstcp.ddbbvt.eu
  • xmlinstcp.ffbbvt.eu

Example 3

File Information

Size
5.0M
SHA-1
000bf3a294a80482e42b1a6833d9b2410708437c
MD5
03561750e8c24933a0863b47523e0607
CRC-32
b0bf3451
File type
application/x-ms-dos-executable
First seen
2014-06-21

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\square_pcspeedup.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_donottrackme.bmp
    Size
    1.6K
    SHA-1
    8eb771def93a55722818b421c45d032c19fdb0f7
    MD5
    8974187e3fbf09031330e71854d28eba
    CRC-32
    9249bc36
    File type
    image/x-bmp
    First seen
    2014-05-27
  • c:\Documents and Settings\test user\Local Settings\Temp\square_saveclicker.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_aartemis.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\config.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\pricepeep_logo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\tubedimmer_logo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_vbates.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_webstroller_softpublisher.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_tubedimmer.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_saveclicker_developer.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_utilsbar.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_passwidget.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\bubbledock_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mypcbackup_softpublisher_title.bmp
    Size
    52K
    SHA-1
    5e8edb63df0206f3c195f67b06da6a428c329e19
    MD5
    3d4a58b2dfc8b58665ea1867528e4704
    CRC-32
    b56d8d58
    File type
    image/x-bmp
    First seen
    2014-06-05
  • c:\Documents and Settings\test user\Local Settings\Temp\hao123_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\vuupc_offerscreen.bmp
    Size
    331K
    SHA-1
    e7e6854919e8fc8a5baafb51de2033e073871ae0
    MD5
    4b255de22ccbaca97c8d40b2dca03ef5
    CRC-32
    764c1a5b
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-05-27
  • c:\Documents and Settings\test user\Local Settings\Temp\systemspeedup_image.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_adducky_tp.bmp
    Size
    2.3K
    SHA-1
    bd7769f40a9947c7ff01a70756df72a70122206a
    MD5
    22b4a63af673fe677c86d62dee82b3ac
    CRC-32
    0446dd7e
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-05-27
  • c:\Documents and Settings\test user\Local Settings\Temp\square_bubbledock.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\modern-header.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\bubblefootball_title.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\richtext1.rtf
  • c:\Documents and Settings\test user\Local Settings\Temp\sharpsavings_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\logo_pcspeedup.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_softwareupdater.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\plushd_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_pcfaster.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\optimizerpro_name.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_pricepeep.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\license.rtf
  • c:\Documents and Settings\test user\Local Settings\Application Data\temp\4aecInstaller.INI
  • c:\Documents and Settings\test user\Local Settings\Temp\optimizerpro_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_optimizerpro.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_plushd.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\nsArray.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\passwidget_image3.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_vuupc.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_mypcbackup.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\falcon_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ajax_loader.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\ButtonEvent.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\nsDialogs.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\pcfaster_logo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_mypcbackup_softpublisher.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\costmin_developer_moreinfo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\nsBR.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\mockup_softwareupdater.bmp
  • c:\Documents and Settings\test user\Local Settings\Application Data\temp\4aecheader.bmp
    Size
    26K
    SHA-1
    219ce39f35bcfa0ed3b4913289d667f992b8f49c
    MD5
    4d272e88bd405e6af2de95cc5a9962cc
    CRC-32
    a5ca5e93
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-06-25
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\version.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_it.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_jp.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mobogenie_image1.bmp
    Size
    207K
    SHA-1
    b717815022160e9897d46c46aaa51da525828099
    MD5
    06f35d95ef88b738700820c3866fd846
    CRC-32
    823ad49a
    File type
    image/x-bmp
    First seen
    2014-06-17
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_fr.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\logo-highliteapp.bmp
    Size
    37K
    SHA-1
    75592ddaa0bdfaf8a21da0d12479c2c00dfeee3f
    MD5
    c4b15f2513eb8cf5b1507c6891bef5fb
    CRC-32
    c9020ea4
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-04-03
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_pl.bmp
  • c:\Documents and Settings\test user\Local Settings\Application Data\temp\4aecfondo.bmp
    Size
    207K
    SHA-1
    c11fe8592bcd4d710d8486a00a6495d426a979a1
    MD5
    a46d5aba3d3201fe4acb1fe04a3d2511
    CRC-32
    49c571a6
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-06-25
  • c:\Documents and Settings\test user\Local Settings\Temp\tb_utilsbar.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\instloffer.exe
    Size
    644K
    SHA-1
    d305bdd135116a7fbc1f7032033cd13c3360e333
    MD5
    9d0c21377e01ab0bf1816b7dfcf259b0
    CRC-32
    85e0466b
    File type
    application/x-ms-dos-executable
    First seen
    2014-06-20
  • c:\Documents and Settings\test user\Local Settings\Temp\widdit_big_image.bmp
    Size
    116K
    SHA-1
    3e81f30461070cab3912a994e932c3f64c2904c3
    MD5
    b04483d38bb6924c567779eb51c3b329
    CRC-32
    1daf74ac
    File type
    image/x-bmp
    First seen
    2014-06-18
  • c:\Documents and Settings\test user\Local Settings\Temp\square_boxore_tp.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_pt.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mypcbackup_title.bmp
    Size
    52K
    SHA-1
    5e8edb63df0206f3c195f67b06da6a428c329e19
    MD5
    3d4a58b2dfc8b58665ea1867528e4704
    CRC-32
    b56d8d58
    File type
    image/x-bmp
    First seen
    2014-06-05
  • c:\Documents and Settings\test user\Local Settings\Temp\square_freesofttoday.bmp
    Size
    2.4K
    SHA-1
    0678bf2c2209c04a78a1e8b01c6542b6372cb7e1
    MD5
    ac70f12c9d1b66ba1a647a15f68b969e
    CRC-32
    64aff1d6
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-02-05
  • c:\Documents and Settings\test user\Local Settings\Application Data\temp\4aecInstaller.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\pricemeter_image.bmp
    Size
    303K
    SHA-1
    fa61636765719f3b576e66c3978f0ccb88541191
    MD5
    fc4f1a36459d576430e9c51045e4e9c9
    CRC-32
    b78165ed
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-04-09
  • c:\Documents and Settings\test user\Local Settings\Temp\snapdov2_terms.rtf
    Size
    12K
    SHA-1
    e70acf0d9ae2bcc5b85ff6f9ad16b7c1c5016ec6
    MD5
    396fc4e87732d27f95739c6554ce533d
    CRC-32
    78a4e356
    File type
    Rich Text Format (RTF)
    First seen
    2014-06-02
  • c:\Documents and Settings\test user\Local Settings\Temp\square_irobinhood.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\logo-kingbrowse.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\tkDecript.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\3dboxes_pcspeedup.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_en.bmp
    Size
    253K
    SHA-1
    9e455de6d2485a4491e49f67c03d128cd828e828
    MD5
    3826834eea5e80a7c79f61bb8b4a827d
    CRC-32
    483d67f0
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-05-13
  • c:\Documents and Settings\test user\Local Settings\Temp\mypcbackup_image1.bmp
    Size
    36K
    SHA-1
    0154d5cfa8c7d68982755e210c5ce99dd54c9347
    MD5
    6e67fa77a96ce2c2fc1a1e9fed6f69e9
    CRC-32
    1d0837eb
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-06-05
  • c:\Documents and Settings\test user\Local Settings\Temp\moreinfo_driverscanner.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mysearchdial_chrome_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mypcbackup_softpublisher_image1.bmp
    Size
    36K
    SHA-1
    0154d5cfa8c7d68982755e210c5ce99dd54c9347
    MD5
    6e67fa77a96ce2c2fc1a1e9fed6f69e9
    CRC-32
    1d0837eb
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-06-05
  • c:\Documents and Settings\test user\Local Settings\Temp\optimizerpro_title.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_falcon.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_tr.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_driverscanner.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_weatherapp.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\tubedimmer_sample.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_es.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_lollipop.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_mobogenie_softpublisher.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_interstat.bmp
    Size
    1.8K
    SHA-1
    18e407443d30583213124b90324a3ab993afa16f
    MD5
    1cca2f22d72e35e84b8db4add4130d75
    CRC-32
    89ece744
    File type
    image/x-bmp
    First seen
    2014-06-13
  • c:\Documents and Settings\test user\Local Settings\Temp\searchprotect_conduit_text.rtf
  • c:\Documents and Settings\test user\Local Settings\Temp\square_sharpsavings.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mysearchdial_msie_firefox_image.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\modern-wizard.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\nsURL.dll
    Size
    278K
    SHA-1
    7da71a17d2011c08b9c8330b0092a41ff3b73eee
    MD5
    8a4cf95fd1eb60ebf730d66446397f16
    CRC-32
    3b57ca3a
    File type
    Windows executable
    First seen
    2014-05-05
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\lollipop_moreinfo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsg3.tmp\nsMath.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\irobinhood_image1.bmp
Registry Keys Created
  • HKLM\SOFTWARE\Vittalia\AxtanInstaller
    enduser_id
    73404562
  • HKLM\SOFTWARE\Vittalia\AxtanInstaller\versions\671469
    LogoUrl
    http://media.sftvit.com/icoinstall/programs/AutoCAD-2014.png
Processes Created
  • c:\Documents and Settings\test user\local settings\application data\temp\4aecinstaller.exe
HTTP Requests
  • http://xmlinstcp.ddbbvt.eu/cmd/precompiled.html
  • http://xmlinstcp.ffbbvt.eu/cmd/api.php
  • http://xmlinstcp.ffbbvt.eu/cmd/geo.php
  • http://xmlinstcp.ffbbvt.eu/cmd/log.php
  • http://xmlinstcp.ffbbvt.eu/cmd/report.php
DNS Requests
  • xmlinstcp.ddbbvt.eu
  • xmlinstcp.ffbbvt.eu

scarica Prova gratuita dei prodotti Sophos
Scarica subito