MultiPlug

Category: Adware and PUAs Protection available since:28 Feb 2014 23:59:11 (GMT)
Type: Adware Last Updated:29 Mar 2018 17:03:10 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of MultiPlug include:

Example 1

File Information

Size
1.2M
SHA-1
00098a426c2391446e7fb8872424727cde58e7f2
MD5
f86eebce613b19e063161b26e6fbf59b
CRC-32
d9f4f108
File type
Windows executable
First seen
2015-01-02

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\E4E3e\temp\test_item.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\E4E3e\images\loader.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\E4E3e\images\progressbar.gif
  • c:\Documents and Settings\test user\Desktop\sample.lnk
  • c:\Documents and Settings\test user\Local Settings\Temp\E4E3e\temp\bg.ca
  • c:\Documents and Settings\test user\Local Settings\Temp\E4E3e\steps\1.ini
Registry Keys Created
  • HKCU_Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\0\win32
    (Default)
    c:\test_item.exe
  • HKCU\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\0\win32
    (Default)
    c:\test_item.exe
  • HKCU\Software\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\TypeLib
    Version
    1.0
  • HKCU\Software\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
    (Default)
    ITinyJSObject
  • HKCU_Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\FLAGS
    (Default)
  • HKCU_Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
    (Default)
    ITinyJSObject
  • HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
    (Default)
    TinyJSObject Class
  • HKCU_Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\TypeLib
    (Default)
    {7E77E9F2-D76B-4D54-B515-9A7F93DF03DF}
  • HKCU_Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCU\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\FLAGS
    (Default)
  • HKCU\Software\WebApp\Styles
    MaxScriptStatements
    0xffffffff
  • HKCU_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\LocalServer32
    ServerExecutable
    c:\test_item.exe
  • HKCU_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
    (Default)
    TinyJSObject Class
  • HKCU_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\Version
    (Default)
    1.0
  • HKCU_Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\TypeLib
    Version
    1.0
  • HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\Version
    (Default)
    1.0
  • HKCU_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\TypeLib
    (Default)
    {7E77E9F2-D76B-4D54-B515-9A7F93DF03DF}
  • HKCU\Software\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCU\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0
    (Default)
    JSIELib
  • HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    GlobalMaxTcpWindowSize
    0x00ffffff
  • HKCU_Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\HELPDIR
    (Default)
    c:
  • HKCU_Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0
    (Default)
    JSIELib
  • HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\LocalServer32
    ServerExecutable
    c:\test_item.exe
  • HKCU\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\HELPDIR
    (Default)
    c:
  • HKCU\Software\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
HTTP Requests
  • http://c1.starvel.org/
  • http://i1.unitspybookuk.info/images/1160/background.png
  • http://i1.unitspybookuk.info/images/1160/browse.png
  • http://i1.unitspybookuk.info/images/1160/next.png
DNS Requests
  • c1.starvel.org
  • i1.unitspybookuk.info
  • r1.profficing.org

Example 2

File Information

Size
188K
SHA-1
000ff76fdfaab5a623a72101541ec1ad235df930
MD5
921412106b129f6e23983bfc970673a2
CRC-32
f0a9e728
File type
Windows executable
First seen
2015-07-13

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\{fd95f3cb-d6f1-777d-fd95-5f3cbd6fcf2f}\test_item.exe
Dropped Files
  • C:\Documents and Settings\All Users\Application Data\{fd95f3cb-d6f1-777d-fd95-5f3cbd6fcf2f}\sample.dat
  • C:\WINDOWS\Tasks\YourTea.job
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\1f9295938aba0e79
    (Default)
    0OvqmZDIlVPkT/LFHwisT63j3rnzwJ3yY6pgmaUGS5hY2VXqJH6p572EXJDy+Aw4IcN0GUv8/Wsltk80uqwy
HTTP Requests
  • http://get-bluesee.com/
  • http://get-multiple.link/
  • http://ringmynorth.biz/
DNS Requests
  • get-bluesee.com
  • get-multiple.link
  • ringmynorth.biz

Example 3

File Information

Size
1.1M
SHA-1
00146f14ca401d0e70ba77c119c92a5e50560921
MD5
d50ceb266f0328e942323cc650ab61e5
CRC-32
a77ed273
File type
Windows executable
First seen
2015-08-06

download Try Sophos products for free
Download now