Surface64 Installer

Catégorie: Adwares et PUA Protection disponible depuis:14 mai 2013 02:25:14 (GMT)
Type: Unspecified PUA Dernière mise à jour :14 mai 2013 02:25:14 (GMT)

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

Surface64 is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user.

Such third party applications are typically installed onto users' computers by default, but may include an option to "opt-out" during or after the installation process.

Examples of Surface64 Installer include:

Example 1

File Information

Size
395K
SHA-1
888c9034db958989e6941ea709518fa3fdcf72df
MD5
f82366b304138dd0d3f194d41cb36eb4
CRC-32
5802a86c
File type
Windows executable
First seen
2013-05-13

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsw4.tmp\bg.bmp
    Size
    43K
    SHA-1
    32d928b30559c1826b735ffc74a95417662b7b12
    MD5
    53cc3330eb637286a71ecd6a0ab1f264
    CRC-32
    e2abd83b
    File type
    Device-independent bitmap (DIB) file
    First seen
    2013-05-13
  • c:\Documents and Settings\test user\Local Settings\Temp\nsw4.tmp\modern-wizard.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsw4.tmp\modern-header.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsw4.tmp\nsDialogs.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsw4.tmp\System.dll

Example 2

File Information

Size
395K
SHA-1
e5c117beeb37cb136838a68b68798c1b9bdb6070
MD5
e8af06a5d9937ddc2421ca15db934473
CRC-32
aeb0316e
File type
Windows executable
First seen
2013-05-13

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsw4.tmp\modern-wizard.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsw4.tmp\nsDialogs.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsw4.tmp\SUR.exe
    Size
    743K
    SHA-1
    9901e0771220e225f82683a346ca9241fe06d1fb
    MD5
    a6e9fd96ccc236fb7a50803d218ba216
    CRC-32
    39463817
    File type
    Windows executable
    First seen
    2012-06-29
  • c:\Documents and Settings\test user\Local Settings\Temp\nsw4.tmp\inetc.dll
    Size
    21K
    SHA-1
    4da9dd5427c0fdfa2cce3ee29ac5147b74ff3834
    MD5
    9a7d35d1e9e5dfb6a7872d49cf64db83
    CRC-32
    8ca124e7
    File type
    Windows executable
    First seen
    2011-05-22
  • c:\Documents and Settings\test user\Local Settings\Temp\nsw4.tmp\bg.bmp
    Size
    43K
    SHA-1
    32d928b30559c1826b735ffc74a95417662b7b12
    MD5
    53cc3330eb637286a71ecd6a0ab1f264
    CRC-32
    e2abd83b
    File type
    Device-independent bitmap (DIB) file
    First seen
    2013-05-13
  • c:\Documents and Settings\test user\Local Settings\Temp\nsw4.tmp\modern-header.bmp
  • C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\S-1-5-21-1202660629-1454471165-1275210071-1003
    Size
    32
    SHA-1
    37c19e25c97836979626eaa6f34527b20f0ed523
    MD5
    b42fc4f65cea50c77e24e5a547598644
    CRC-32
    95db3e7c
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-05-13
  • C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\S-1-5-18
    Size
    32
    SHA-1
    2831f783af7dd3b29b037e7006fdf587377c781c
    MD5
    8d27b8fa05b8c093569e3b9251a8d4ff
    CRC-32
    492b2240
    File type
    Base64 encoded
    First seen
    2013-05-13
  • c:\Documents and Settings\test user\Local Settings\Temp\nsw4.tmp\System.dll
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013051320130514
    CacheRepair
    0x00000000
Processes Created
  • c:\docume~1\support\locals~1\temp\nsw4.tmp\sur.exe
  • c:\docume~1\support\locals~1\temp\rnsetup0.exe
HTTP Requests
  • http://firstrun.real.com/geoloc/extended
  • http://log.realone.com/rpinst/log.txt
  • http://www.surface64.com/create/
DNS Requests
  • firstrun.real.com
  • log.realone.com
  • www.surface64.com

download Essayez les produits Sophos gratuitement
Téléchargez maintenant