MultiPlug

Categoria: Adware e PUA Opzioni di protezione ora disponibili:28 feb 2014 23:59:11 (GMT)
Tipo: Adware Ultimo aggiornamento:25 ago 2015 22:28:26 (GMT)

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Examples of MultiPlug include:

Example 1

File Information

Size
4.7M
SHA-1
0000003aaad5f02b59ea5b245b46c9d72c4e33ff
MD5
a9c4df0d36ea5d1ee08797f7a41bc147
CRC-32
0e4a7a67
File type
Windows executable
First seen
2007-10-30

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\5d8b1ff4\O1@nZ.com\chrome.manifest
    Size
    34
    SHA-1
    878c2a97bd164702b42cd077eae98952b6f7c138
    MD5
    df1480da0d115b6afa76327f1a2efba5
    CRC-32
    367a2d72
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2015-08-18
  • c:\Documents and Settings\test user\Local Settings\Temp\5d8b1ff4\kkllemollpbgggcefihhppdcdappefbg\background.html
    Size
    147
    SHA-1
    9fd334303fb60f75e265afdb17482b69b36e08e6
    MD5
    543bd73137f1052f7783f03f6c4cc6cd
    CRC-32
    8f2de958
    File type
    Hypertext Markup Language
    First seen
    2015-08-18
  • c:\Documents and Settings\test user\Local Settings\Temp\5d8b1ff4\Vg47Dbx61d2bfG0.dat
    Size
    9.5K
    SHA-1
    140cae4e7bd71b0bc91887935d3b9cb769c11387
    MD5
    077cb651fae3d6ac37a3c05dfd9b491d
    CRC-32
    7f29e168
    File type
    Base64 encoded
    First seen
    2015-08-18
  • c:\Documents and Settings\test user\Local Settings\Temp\5d8b1ff4\kkllemollpbgggcefihhppdcdappefbg\content.js
    Size
    694
    SHA-1
    11a8426fb4cc325e3393f03cc715dd31a6d5c571
    MD5
    f2d137416bf065bcf40ab334467e6382
    CRC-32
    7453cb33
    File type
    JavaScript
    First seen
    2015-08-15
  • c:\Documents and Settings\test user\Local Settings\Temp\5d8b1ff4\kkllemollpbgggcefihhppdcdappefbg\CzrlmPjW19.js
    Size
    19K
    SHA-1
    6bfb14c7aee16b6d1c12742c266ff19010ca146a
    MD5
    dc5d3ab4d1e506d48686af2fbad90c9d
    CRC-32
    d979df7e
    File type
    JavaScript
    First seen
    2015-08-18
  • c:\Documents and Settings\test user\Local Settings\Temp\5d8b1ff4\O1@nZ.com\bootstrap.js
  • c:\Documents and Settings\test user\Local Settings\Temp\5d8b1ff4\UuIGgXs5Sl1IsG.dll
    Size
    1.1M
    SHA-1
    ee63d5682d06e083b199c3788b8ef3118f1a1caa
    MD5
    fcb853a927a171ddc4485890325a1970
    CRC-32
    842d6dca
    File type
    Windows executable
    First seen
    2007-10-30
  • c:\Documents and Settings\test user\Local Settings\Temp\5d8b1ff4\kkllemollpbgggcefihhppdcdappefbg\lsdb.js
    Size
    2.2K
    SHA-1
    e34bccfc0ec119b12d06ad737b0c6589fae240a7
    MD5
    3e49548c58dd0a12aff01389dd210935
    CRC-32
    67daff6f
    File type
    JavaScript
    First seen
    2015-08-15
  • c:\Documents and Settings\test user\Local Settings\Temp\5d8b1ff4\UuIGgXs5Sl1IsG.x64.dll
    Size
    1.2M
    SHA-1
    e927cf4573dc551d32c3804eac79df4cb40af8d5
    MD5
    4dff94b491ba470749e757ecbb86b259
    CRC-32
    a3df6f3f
    File type
    Windows executable
    First seen
    2015-08-18
  • c:\Documents and Settings\test user\Local Settings\Temp\5d8b1ff4\kkllemollpbgggcefihhppdcdappefbg\manifest.json
    Size
    474
    SHA-1
    b13e2270a4f676c46ab2303ff6832d98ee546a7b
    MD5
    ff7f111f1294603c056983406b5988e7
    CRC-32
    00b9edf6
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2015-03-04
  • c:\Documents and Settings\test user\Local Settings\Temp\5d8b1ff4\O1@nZ.com\install.rdf
    Size
    581
    SHA-1
    070bc46b24b4c49293af60374d4bf862d4e670d3
    MD5
    6f41df9ba740f8471dbf7efe2df3cd46
    CRC-32
    a7f39e3c
    File type
    Extensible Markup Language (XML)
    First seen
    2015-08-18
  • c:\Documents and Settings\test user\Local Settings\Temp\5d8b1ff4\O1@nZ.com\content\bg.js
    Size
    18K
    SHA-1
    0604b1e0c78c2440a0b61d3dcb7aad91d93f3f4c
    MD5
    4e329ac62dc1cfd251196e7026589a9a
    CRC-32
    25909cfb
    File type
    JavaScript
    First seen
    2015-08-18
  • c:\Documents and Settings\test user\Local Settings\Temp\5d8b1ff4\UuIGgXs5Sl1IsG.tlb
    Size
    5.2K
    SHA-1
    4e3b21123b7a24e036e5598831e854af9fd3b9bc
    MD5
    2b2dacd962ba5529f26a8269dab0b81c
    CRC-32
    01c9f5fc
    File type
    Microsoft MSFT Storage
    First seen
    2015-08-15

Example 2

File Information

Size
313K
SHA-1
00000d18ccffc89f8af54e4252b2d484772d752d
MD5
0d38ea1927d1add7a2b4c0b0bad6782b
CRC-32
79a4cb3a
File type
Windows executable
First seen
2015-08-24

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\{fd95f3cb-d6f1-777d-fd95-5f3cbd6fcf2f}\test_item.exe
Dropped Files
  • C:\Documents and Settings\All Users\Application Data\{fd95f3cb-d6f1-777d-fd95-5f3cbd6fcf2f}\sample.dat
    Size
    2.5K
    SHA-1
    12374a97bbbcc3ec16addf4639bcb99e681412c7
    MD5
    c69e0c9a71cd3e2f1fe342c8d1090528
    CRC-32
    996a2aa6
    File type
    UTF-16/UCS-2 16-bit Unicode Transformation Format
    First seen
    2015-08-24
  • C:\WINDOWS\Tasks\DailyDrive.job
    Size
    406
    SHA-1
    3d32df332b4e0c1dda37a53003ed23ff3a4e5da1
    MD5
    457aec155a9e3f2074568647f73f6e27
    CRC-32
    bb18f2b4
    File type
    .JOB File Format
    First seen
    2015-08-24
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\1f9295938aba0e79
    (Default)
    0xhaceXLDPj0EoPRJLrCRrp6mgrJuCyBymwNS4nvhUkLaS9+ZXZ2D3Q31ZHQKp+ye2yjdJpMsbeYEUV4+1J/sDXEYmE/XPlMsZwhQLG+
HTTP Requests
  • http://allallstate.net/
  • http://groupmodel.biz/
  • http://parentmodel.biz/
DNS Requests
  • allallstate.net
  • groupmodel.biz
  • parentmodel.biz

Example 3

File Information

Size
1.2M
SHA-1
000021812b49d69a136fdd93fe215df11cdaa111
MD5
ccabf0e804965d42e20ca2b16c1c2a2d
CRC-32
6dda5a5d
File type
Windows executable
First seen
2014-12-31

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\03ad83ba\temp\test_item.exe
Dropped Files
  • C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
  • c:\Documents and Settings\test user\Desktop\sample.lnk
  • C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
  • c:\Documents and Settings\test user\Application Data\Microsoft\Protect\S-1-5-21-1202660629-1454471165-1275210071-1003\bc2a25fb-c392-478a-af77-d48a7c683e9c
  • c:\Documents and Settings\test user\Local Settings\Temp\03ad83ba\temp\bg.ca
  • c:\Documents and Settings\test user\Local Settings\Temp\03ad83ba\images\progressbar.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\03ad83ba\images\loader.gif
Modified Files
  • %PROFILE%\Application Data\Microsoft\Protect\S-1-5-21-1202660629-1454471165-1275210071-1003\Preferred
Registry Keys Created
  • HKCU\Software\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCU_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\TypeLib
    (Default)
    {7E77E9F2-D76B-4D54-B515-9A7F93DF03DF}
  • HKCU_Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\TypeLib
    Version
    1.0
  • HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\Version
    (Default)
    1.0
  • HKCU_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\Version
    (Default)
    1.0
  • HKCU\Software\WebApp\Styles
    MaxScriptStatements
    0xffffffff
  • HKCU_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\LocalServer32
    ServerExecutable
    c:\test_item.exe
  • HKCU_Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\0\win32
    (Default)
    c:\test_item.exe
  • HKCU\Software\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\TypeLib
    Version
    1.0
  • HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    GlobalMaxTcpWindowSize
    0x00ffffff
  • HKCU_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
    (Default)
    TinyJSObject Class
  • HKCU\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0
    (Default)
    JSIELib
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
    StateIndex
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\BITS
    ControlFlags
    0x00000001
  • HKCU\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\HELPDIR
    (Default)
    c:
  • HKCU\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\0\win32
    (Default)
    c:\test_item.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\BITS\CtlGuid
    BitNames
    LogFlagInfo LogFlagWarning LogFlagError LogFlagFunction LogFlagRefCount LogFlagSerialize LogFlagDownload LogFlagTask LogFlagLock LogFlagService LogFlagDataBytes LogFlagTransferDetails
  • HKCU_Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\FLAGS
    (Default)
  • HKCU_Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
    (Default)
    ITinyJSObject
  • HKCU\Software\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
    (Default)
    ITinyJSObject
  • HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\TypeLib
    (Default)
    {7E77E9F2-D76B-4D54-B515-9A7F93DF03DF}
  • HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
    (Default)
    TinyJSObject Class
  • HKCU_Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCU_Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCU\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\FLAGS
    (Default)
  • HKCU_Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0
    (Default)
    JSIELib
  • HKCU\Software\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKLM\SYSTEM\CurrentControlSet\Services\BITS\Enum
    NextInstance
    0x00000001
  • HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\LocalServer32
    ServerExecutable
    c:\test_item.exe
  • HKCU_Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\HELPDIR
    (Default)
    c:
  • HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToBackup
    BITS_metadata
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\*
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\BITS
    Start
    0x00000002
HTTP Requests
  • http://c1.starvel.org/
  • http://c2.winnered.net/
DNS Requests
  • c1.starvel.org
  • c2.winnered.net
  • r1.profficing.org

scarica Prova gratuita dei prodotti Sophos
Scarica subito