InstallBrain

Catégorie: Adwares et PUA Protection disponible depuis:19 oct. 2012 23:28:06 (GMT)
Type: Unspecified PUA Dernière mise à jour :26 sept. 2017 22:53:19 (GMT)

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

InstallBrain is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of InstallBrain include:

Example 1

File Information

Size
607K
SHA-1
00973db08688f3a08330c3592f6bccb257ac3798
MD5
b75658f48da08c100060f4f81aee35e2
CRC-32
57ac6fe5
File type
Windows executable
First seen
2012-10-12

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\ZoolaGames Setup313312.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\pb-bg.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\b3.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\btn.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\b4.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\btn2.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\trust.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\arrow.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\corn4.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ajax-loader.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\pb-bg-left.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\pb-bg-right.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\mid.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\red-pb-act-left.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\lbg.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\red-pb-act-right.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\check.jpg
  • c:\Documents and Settings\test user\Desktop\Continue ZoolaGames Setup installation.lnk
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\corn1.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\corn2.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\lbg-bottom.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\corn3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\lbg-top.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\3.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ajax-loader2.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\center2.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\red-pb-act.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\page_1584_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\arrow.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\b-bg.gif
HTTP Requests
  • http://s3.amazonaws.com/installbrain/bootstrap/383/start.cf
  • http://s3.amazonaws.com/installbrain/bootstrap/383/startgui.cf
  • http://stats-182385724-1591972470.us-east-1.elb.amazonaws.com/installer/bootstrap.php
DNS Requests
  • s3.amazonaws.com
  • stats-182385724-1591972470.us-east-1.elb.amazonaws.com

Example 2

File Information

Size
555K
SHA-1
010d6bc58ebcca316d182e69ca6ffcdf8c9cb0cd
MD5
98018fd764256da69236c4f2d5dae892
CRC-32
109ff391
File type
Windows executable
First seen
2012-10-01

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\Audio Performer53484.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\1626.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\2084.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1624_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1629_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\1627.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\b3.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\corn1.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\corn3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\btn2.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\2085.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\1629.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\arrow.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\corn2.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\js\jquery.noselect.min.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\2469.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\arrow.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\mid.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\check.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1627_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\lbg-top.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ajax-loader.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\center2.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\events\events.js
  • c:\Documents and Settings\test user\Desktop\Continue Audio Performer installation.lnk
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\1625.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\b4.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\1624.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\1628.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\corn4.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1625_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\lbg-bottom.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\b-bg.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ajax-loader2.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1628_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\btn.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_2084_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\pb-bg.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1625_feature_.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1627_attr_15.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1628_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\pb-bg-left.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\template_40.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\trust.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\red-pb-act.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\red-pb-act-left.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\js\jquery-1.7.min.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1627_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1625_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\main.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\js\smart.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1626_feature_.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_2469_attr_15.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1629_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_2469_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_2469_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_2085_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1626_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_2084_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\pb-bg-right.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\red-pb-act-right.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_2085_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\lbg.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1626_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\js\config.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1624_attr_46.bmp
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Audio Performer53484.exe
    "C:\DOCUME~1\support\LOCALS~1\Temp\Audio Performer53484.exe" /XML="C:\DOCUME~1\support\LOCALS~1\Temp\2.tmp" /STP=0:2
Processes Created
  • c:\docume~1\support\locals~1\temp\4.tmp
HTTP Requests
  • http://bootstrap1-639932975.us-east-1.elb.amazonaws.com/installer/bootstrap.php
  • http://s3.amazonaws.com/installbrain/bootstrap/390/start.cf
  • http://s3.amazonaws.com/installbrain/bootstrap/390/startgui.cf
  • http://s3.amazonaws.com/installbrain/conditions/bandoocheck.exe
DNS Requests
  • bootstrap1-639932975.us-east-1.elb.amazonaws.com
  • s3.amazonaws.com
  • stats1-1013604270.us-east-1.elb.amazonaws.com

Example 3

File Information

Size
600K
SHA-1
0192a98bbb17aa3f8dca65e741baeb56d78c0eab
MD5
4120f3c3f135545f04fb0529ee3c6cef
CRC-32
0005882f
File type
Windows executable
First seen
2012-10-31

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\Zoola Games Setup313312.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\pb-bg.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\2588.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\corn1.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\lbg-top.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\arrow.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2584_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2586_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2589_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2584_feature_.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\component_532
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\corn4.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\b3.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\btn2.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\component_568
  • c:\Documents and Settings\test user\Desktop\Continue Zoola Games Setup installation.lnk
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\corn3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2588_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\pb-bg-left.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ajax-loader.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\2584.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\corn2.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\2586.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\events\events.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2587_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\arrow.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2588_attr_15.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\2589.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\center2.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\2591.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ajax-loader2.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\2590.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\mid.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\js\jquery.noselect.min.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2587_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\b-bg.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2584_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\lbg-bottom.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2590_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\2587.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\b4.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\check.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\btn.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2589_attr_15.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\js\config.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2588_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\js\jquery-1.7.min.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2589_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\main.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\js\smart.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\red-pb-act-right.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2591_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2590_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\template_40.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\red-pb-act.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2591_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\lbg.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\pb-bg-right.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2586_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\red-pb-act-left.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\trust.gif
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012110120121102
    CacheRepair
    0x00000000
HTTP Requests
  • http://bootstrap1-639932975.us-east-1.elb.amazonaws.com/installer/bootstrap.php
  • http://d2qsma9t6l5kt7.cloudfront.net/components/MyBabylonTBv4.cf
  • http://d2qsma9t6l5kt7.cloudfront.net/components/ProtectorSetup.exe
  • http://s3.amazonaws.com/installbrain/bootstrap/544/start.cf
  • http://s3.amazonaws.com/installbrain/bootstrap/544/startgui.cf
  • http://s3.amazonaws.com/installbrain/components/ZGSetupnoAR.cf
DNS Requests
  • bootstrap1-639932975.us-east-1.elb.amazonaws.com
  • d2qsma9t6l5kt7.cloudfront.net
  • s3.amazonaws.com
  • stats1-1013604270.us-east-1.elb.amazonaws.com

download Essayez les produits Sophos gratuitement
Téléchargez maintenant