ThreatExpert Report

Submission Summary:

Submission details:

Submission received: 18 July 2012, 04:29:22
Processing time: 14 min 12 sec
Submitted sample:

File MD5: 0x6DE2C0A880373BC6D550A44459ABE1AF
File SHA-1: 0x6ABDB3304819EBD00084FC07FC8576CFBF5F59D4
Filesize: 1,129,592 bytes

Summary of the findings:

What's been found	Severity Level
Downloads/requests other files from Internet.

Technical Details:

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash
1	%Temp%\ICReinstall_[filename of the sample #1]	0 bytes	MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
2	%Temp%\is2133128211\101233_Setup.DAT %Temp%\is2133128211\101266_Setup.CIS	125 bytes	MD5: 0x7C5F5A68051F6B0C0E9A2AD33C40D415 SHA-1: 0x120865765927A61AF83F02B83DC297EEDE61EC41
3	%Temp%\is2133128211\1111598581.cfg	236 bytes	MD5: 0xE9B03673FC0066B8E79CF52382BF05BC SHA-1: 0x127AADB9B0ACE6E602984BFBBA89F4A4BFE57BAD
4	%Temp%\is2133128211\405784869.cfg	236 bytes	MD5: 0xFC79D5FFCF0FA910066E309678CFB0A7 SHA-1: 0x5F3A4CD64DE990257BD4FD62728DEE3FDE48A136
5	%Temp%\ish98343\css\ie6_main.css	1,020 bytes	MD5: 0xA5470C2DD64C796E5497BB31DC480182 SHA-1: 0x6BF4ADCFB59241340ABB662F6B7B2B4DAE8980C5
6	%Temp%\ish98343\css\main.css	5,132 bytes	MD5: 0xA35CA94BB840249C0F3FCC711B6F0CB2 SHA-1: 0xCECA18DDDDEE33E1975F9F04B71B6FC4CC31F6B2
7	%Temp%\ish98343\css\sdk-ui\browse.css	337 bytes	MD5: 0x6009D6E864F60AEA980A9DF94C1F7E1C SHA-1: 0x233D056E36C35E752E8F7A4F5492E012AC7F5D58
8	%Temp%\ish98343\css\sdk-ui\button.css	417 bytes	MD5: 0x37E1FF96E084EC201F0D95FEEF4D5E94 SHA-1: 0x4EC405F2668D5D93260525AD916ABAFA2414CB72
9	%Temp%\ish98343\css\sdk-ui\checkbox.css	190 bytes	MD5: 0x64773C6B0E3413C81AEBC46CCE8C9318 SHA-1: 0x50F84EF8331341B48981AF82313B146863EBA526
10	%Temp%\ish98343\css\sdk-ui\images\button-bg.png	131 bytes	MD5: 0x98B1DE48DFA64DC2AA1E52FACFBEE3B0 SHA-1: 0xA1615C118FBFA49253D98185EAE283F26EA392D7
11	%Temp%\ish98343\css\sdk-ui\images\progress-bg-corner.png	1,636 bytes	MD5: 0x608F1F20CD6CA9936EAA7E8C14F366BE SHA-1: 0x3BF74D0AC61083E97CF3EBD07D86A8F4FED1885B
12	%Temp%\ish98343\css\sdk-ui\images\progress-bg.png	1,105 bytes	MD5: 0xE9F12F92A9EEB8EBE911080721446687 SHA-1: 0x1FB34409373B6CE2ABEE20D60947F1357F30E248
13	%Temp%\ish98343\css\sdk-ui\images\progress-bg2.png	978 bytes	MD5: 0xB582D9A67BFE77D523BA825FD0B9DAE3 SHA-1: 0x347F69357E225AB59D41A8DAFE0732663A7E8C7E
14	%Temp%\ish98343\css\sdk-ui\progress-bar.css	506 bytes	MD5: 0x5335F1C12201B5F7CF5F8B4F5692E3D1 SHA-1: 0x13807A10369F7FF9AB3F9ABA18135BCCB98BEC2D
15	%Temp%\ish98343\csshover3.htc	2,893 bytes	MD5: 0x52FA0DA50BF4B27EE625C80D36C67941 SHA-1: 0x0B2769433E73E3C6C677A5C7294A9A2F45CB8A64
16	%Temp%\ish98343\defaultOffer\images\toolbar.png	3,911 bytes	MD5: 0x8BBEBF07EF6C78DEAB8F91850100A816 SHA-1: 0x47B3978DFFEB1FAC84F6E7BEE3DFA249C0C31E2F
17	%Temp%\ish98343\defaultOffer\offer_code.txt	2,004 bytes	MD5: 0x843F63D417D2E762E87B53E2D1344709 SHA-1: 0x832E9FDC7DB8A68F67BCF6392D9AB5F19758774D
18	%Temp%\ish98343\defaultOffer\offer_html.txt	2,120 bytes	MD5: 0x80EC43365B007C445A29219F31DED549 SHA-1: 0x68B289B31A18D04C9355B957F77C4B0441B414DF
19	%Temp%\ish98343\images\ares-iphone-150x146.png	48,912 bytes	MD5: 0x9067C01A3B9ECA7079DEECC71497F584 SHA-1: 0x37E4959E3507A35FF19DA4D4F559C76934A92658
20	%Temp%\ish98343\images\ares-iphone-80x78.png	16,054 bytes	MD5: 0xE61D49443FDC705636FAFB7834A0CC84 SHA-1: 0x250D8AA3763177828C0481AC59B48973B09C7BCB
21	%Temp%\ish98343\images\badge.png	4,554 bytes	MD5: 0xDA4C4D7E2D0BF0BF47263FE34B5BA7A4 SHA-1: 0xD70269A4F56878F00A9646514F688967E62765F6
22	%Temp%\ish98343\images\close.png	365 bytes	MD5: 0x69749961B3A71A1D4DEA77263085D89F SHA-1: 0xF6772A2DEEDF13860A0E2455C79EA8EA7659AF41
23	%Temp%\ish98343\images\close_hover.png	420 bytes	MD5: 0x4A4F78D5D1E8EFB08221165085B796BF SHA-1: 0x24DA20247249C44CDD6F2C0A58C383B829B98211
24	%Temp%\ish98343\images\color_btn.png	1,204 bytes	MD5: 0x7478CBA40C5F79BC79D640C53ECF4124 SHA-1: 0x6401BA8B5CBF463175E06C5CB89DF1AF67235CD7
25	%Temp%\ish98343\images\color_btn_hover.png	1,940 bytes	MD5: 0xAF769D97BBFF480F5C1741505DBADAA3 SHA-1: 0x8479BB6DA81865931B5AD971D88EBA121F39A6E2
26	%Temp%\ish98343\images\content_bg.png	1,666 bytes	MD5: 0x3559C0336AC74800BA9EA60EA0ED3A02 SHA-1: 0xF9CF2B6619AFA4EBCA369471682DADA91A7B002C
27	%Temp%\ish98343\images\grey_btn.png	1,484 bytes	MD5: 0xB85A1E648CC958F295BFD30157BFA118 SHA-1: 0x5E9A707D4B71422FACF2051CD1B44B301FC0B33B
28	%Temp%\ish98343\images\grey_btn_hover.png	190 bytes	MD5: 0x6D4F6B7282AFA96085995F3DA22794EF SHA-1: 0x5B39A1A3EA50C26A70CCA93627D41028E338C394
29	%Temp%\ish98343\images\icon_generic.png	1,648 bytes	MD5: 0xC811A960C6F688C03FE5778A989ECC4A SHA-1: 0x5C1584C508FD8B400A54576C5DF3913D12B2D368
30	%Temp%\ish98343\images\loader.gif	22,379 bytes	MD5: 0x360281E85620142C3329848262DA263D SHA-1: 0x032AE1E422AF859D78D172E918573FB0F55318DE
31	%Temp%\ish98343\images\main_bg.png	4,231 bytes	MD5: 0x9BAA43914A9F8D0D1DD572D7D09A5ED4 SHA-1: 0xED963BEF6EE88003FD063CB2F6B6913089433927
32	%Temp%\ish98343\images\package_logo.png	13,486 bytes	MD5: 0x1A9DD8815E2F44F473BEE1BC66970909 SHA-1: 0xE475768270CAB7071688A27CFBA2532219D9221F
33	%Temp%\ish98343\images\pause_btn.png	698 bytes	MD5: 0xB77376256225B3B02D75CE96027AB194 SHA-1: 0x741E7C205A299314186B6C19882BD5293752A539
34	%Temp%\ish98343\images\progress.png	141 bytes	MD5: 0x3705855E9F0CD48134A437C7221B6D1A SHA-1: 0xC6A08BAEB495A2F8B86B9708DBE7EA72C2B29EA3
35	%Temp%\ish98343\images\progress_bar.png	351 bytes	MD5: 0x832200FC2E709D0FE5878DEF9CE5D01E SHA-1: 0x51F4F15984E29731DA19B81C0739CAD66FE5836F
36	%Temp%\ish98343\images\resume_btn.png	765 bytes	MD5: 0xA21F27EC7E9BDBF7F19505F37E71F2BE SHA-1: 0xB41569D096B14258D5DCA2F8BA5215D286B01BBA
37	%Temp%\ish98343\images\Top_Bar.png	4,652 bytes	MD5: 0x61A709F859302FC1BAD99CF76FAA0E1C SHA-1: 0xF4943F2058997275A2DC0CB1BCADC59302F52EF5
38	%Temp%\ish98343\locale\EN.locale	1,495 bytes	MD5: 0xA93D2303198608A8CDD9F9C3D49550AD SHA-1: 0xEE1C9BA6824E90969990433DBE5C4D99B8BCAAD0
39	%Temp%\ish98343\locale\SP.locale	1,821 bytes	MD5: 0x5ABCB2CB3D1FF7DA9E05E55BE6238090 SHA-1: 0x7DC2AD1E434DC1DC319DF965CC224C13FFA49F12
40	[file and pathname of the sample #1]	1,129,592 bytes	MD5: 0x6DE2C0A880373BC6D550A44459ABE1AF SHA-1: 0x6ABDB3304819EBD00084FC07FC8576CFBF5F59D4

Note:

%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

The following directories were created:

%Temp%\is2133128211
%Temp%\ish98343
%Temp%\ish98343\css
%Temp%\ish98343\css\sdk-ui
%Temp%\ish98343\css\sdk-ui\images
%Temp%\ish98343\defaultOffer
%Temp%\ish98343\defaultOffer\images
%Temp%\ish98343\images
%Temp%\ish98343\locale

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
[filename of the sample #1]	[file and pathname of the sample #1]	1,163,264 bytes
icreinstall_[filename of the sample #1]	%Temp%\icreinstall_[filename of the sample #1]	1,163,264 bytes

Registry Modifications

The following Registry Key was created:

HKEY_CURRENT_USER\Software\PortalProgramas

The newly created Registry Value is:

[HKEY_CURRENT_USER\Software\PortalProgramas]

5881-cubedesktop.exe = "1342611100837"

Other details

To mark the presence in the system, the following Mutex objects were created:

DDrawWindowListMutex
DDrawDriverObjectListMutex
__DDrawExclMode__

The following ports were open in the system:

Port	Protocol	Process
1040	TCP	[file and pathname of the sample #1]
1041	TCP	[file and pathname of the sample #1]

The following Internet Connections were established:

Server Name	Server Port	Connect as User	Connection Password
os.portalprogramascdn.com	80	(null)	(null)
www.thinkinbytes.com	80	(null)	(null)
cdnus.downloadcdn.com	80	(null)	(null)
cdneu.downloadcdn.com	80	(null)	(null)
rp.portalprogramascdn.com	80	(null)	(null)

The following HTTP URLs were started reading:

http://www.thinkinbytes.com/downloads/setup_cubedesktop.exe
http://cdneu.downloadcdn.com/ofr/BabylonToolbarV7.cis
http://cdnus.downloadcdn.com/ofr/BabylonToolbarV7.cis

Downloaded File Summary:

Download details:

Download retrieved: 18 July 2012 04:43:34
Processing time: 14 min 2 sec
Downloaded sample:

File MD5: 0x7C3D87833871DFCBE96661DCD2E4EB3F
File SHA-1: 0x4C55032044CCA9B2AC2F4671E76DFA30256E8D3F
Filesize: 6,948,681 bytes

Summary of the findings:

What's been found	Severity Level
Downloads/requests other files from Internet.

Technical Details:

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash
1	%DesktopDir%\CubeDesktop.lnk	718 bytes	MD5: 0xCC47E783CA298464990FD978C010E5E0 SHA-1: 0x403914AC61733B183160FF0A984D1A4FF1E02E6B
2	%Programs%\CubeDesktop\CubeDesktop (Reset).lnk	744 bytes	MD5: 0xB2591F8621FEB053885182FA942ADE09 SHA-1: 0x243113E9F54B99D5390E5732A5666E5C54B1F08D
3	%Programs%\CubeDesktop\CubeDesktop.lnk	730 bytes	MD5: 0xE947F8108BA8C505506FA6880FB39E9E SHA-1: 0x3997905247288106A6144993FC53CAA01E164342
4	%Programs%\CubeDesktop\Online help.lnk	755 bytes	MD5: 0xE75922130F8FD8DC8FB630E6B076D748 SHA-1: 0x3E7D95C86C629982A0C3816C6F9D297E5E5EB6B2
5	%Programs%\CubeDesktop\Uninstall.lnk	527 bytes	MD5: 0x0073C834ED9EDF157766AF61C2EAC1E2 SHA-1: 0x523FFEDA0F9369C4970B03EBD2822FACC2E3504E
6	%Programs%\CubeDesktop\Website.lnk	730 bytes	MD5: 0xBF0D4644654FEC2D2BC5C654A366A5E8 SHA-1: 0xDC8B0FEBC0FB4E16ABD726992C1137D7EE112C8C
7	%ProgramFiles%\CubeDesktop\CubeDesktop Help.url	64 bytes	MD5: 0xBA3719CB34678B5E65FF978080752FBF SHA-1: 0xE8E9D813A544417FF697DF66DF0F0C4C360F87E5
8	%ProgramFiles%\CubeDesktop\cubedesktop.exe	4,811,776 bytes	MD5: 0x18A963B9CBD8968CFDCF32EE156CCAD1 SHA-1: 0x81F85A8E199E521E023A67DBE4BCEE95609BD006
9	%ProgramFiles%\CubeDesktop\CubeDesktop.url	52 bytes	MD5: 0x027B229F13677918D195543EDBB88125 SHA-1: 0x597205CF177E6C43FB7D612BC0A1804E302AF9B0
10	%ProgramFiles%\CubeDesktop\CubeDesktopHooks.dll	83,968 bytes	MD5: 0xB95431BDBA4E22B24146BAC2E198220C SHA-1: 0xAB21C4A22DD2C0FEB450035BB16B531EF2F7C6BA
11	%ProgramFiles%\CubeDesktop\d3dx9_33.dll	3,495,784 bytes	MD5: 0xCDB1CD22BAFF21F48606B3C1A18B000B SHA-1: 0x9315B5DB975A34DBEBDB4DCAE652BA1DB01C482C
12	%ProgramFiles%\CubeDesktop\Languages\english.lng	15,067 bytes	MD5: 0xE9210B253308923590A1C0081098161C SHA-1: 0x7573B9A12FB09D5A0A91F424B413F420E4D1CE37
13	%ProgramFiles%\CubeDesktop\Languages\french.lng	17,785 bytes	MD5: 0x796106BD29991F33C905DFE2B6F8EAA7 SHA-1: 0x3E095715C57BED76B393FE991A524EE860115B94
14	%ProgramFiles%\CubeDesktop\Languages\german.lng	17,461 bytes	MD5: 0x7646DE2A7AF218C850037EA1E8C685F5 SHA-1: 0x22D9E08CC266619DA8E3D53454E3BC8011CC9A82
15	%ProgramFiles%\CubeDesktop\Languages\italian.lng	17,423 bytes	MD5: 0x13225A24D196A52FFA405C68E7553E76 SHA-1: 0x6B03D1D0D9F986C8493A53CFF99AF6FEDD92CA0F
16	%ProgramFiles%\CubeDesktop\Languages\portugues.lng	16,582 bytes	MD5: 0xEA8DD24059DD167609A9F6A5CBAB242D SHA-1: 0xDEB175DCC648C75A915248397017002E15A86721
17	%ProgramFiles%\CubeDesktop\Languages\spanish.lng	16,263 bytes	MD5: 0xAAD3097E08C741B1C446FB40F62EF48D SHA-1: 0xDD02E065EE9A2293CA239B9432B681F747F7EF39
18	%ProgramFiles%\CubeDesktop\SkyBoxes\bleached\bleached_back.jpg	32,632 bytes	MD5: 0x41F86B2B2BED929B18AF70E5380D2E62 SHA-1: 0xC808215D6A01D294939C5FDD978DEDEADA3C44BD
19	%ProgramFiles%\CubeDesktop\SkyBoxes\bleached\bleached_front.jpg	29,827 bytes	MD5: 0xE9DABC60E90D8F58A144B5C8D008027C SHA-1: 0x88EBF554686CFA55B362E0B1DB65778E774E7E02
20	%ProgramFiles%\CubeDesktop\SkyBoxes\bleached\bleached_left.jpg	36,182 bytes	MD5: 0x807DFBA162FBD41E0E8F2F891A13D2C5 SHA-1: 0x349A907B876E697F4485D9CA355621F6EB553ED0
21	%ProgramFiles%\CubeDesktop\SkyBoxes\bleached\bleached_right.jpg	33,133 bytes	MD5: 0x45F615CE69094FFD7D97CF13B0616674 SHA-1: 0x530E1647D696EB68FC688A6DB12ECF2F0226455E
22	%ProgramFiles%\CubeDesktop\SkyBoxes\bleached\bleached_top.jpg	47,280 bytes	MD5: 0x96CD0C6DF8AA0B9B05FC4F34B7B5474F SHA-1: 0x4F438CEB61FF5D849890211C77832554D727BCE9
23	%ProgramFiles%\CubeDesktop\SkyBoxes\comawhite\comawhite_back.jpg	17,749 bytes	MD5: 0x68220321DAC7A7FEA0455501A46BE1E3 SHA-1: 0x927D771D625A066103F8D72788588E41EADBD54C
24	%ProgramFiles%\CubeDesktop\SkyBoxes\comawhite\comawhite_front.jpg	18,685 bytes	MD5: 0xE3F2F47EE9E1FA31FA3BBFAC41D81858 SHA-1: 0x5D610ED4F8940CAE09F26859FA2ACAF5E0EA284B
25	%ProgramFiles%\CubeDesktop\SkyBoxes\comawhite\comawhite_left.jpg	17,781 bytes	MD5: 0xF91AFAEB9B287C8667E0D55F376D249C SHA-1: 0xB35C11762AD2C61A0777BC57750DFED60738BEC0
26	%ProgramFiles%\CubeDesktop\SkyBoxes\comawhite\comawhite_right.jpg	18,535 bytes	MD5: 0x9D4AA5645D18D22345198635E9C8B367 SHA-1: 0xA8489B50AA6DB5D4D36A65E8A81F6AE847A33851
27	%ProgramFiles%\CubeDesktop\SkyBoxes\comawhite\comawhite_top.jpg	9,543 bytes	MD5: 0x485A4750ACC701C7709D43A17E766433 SHA-1: 0xA275733D24B24BF55B00A42C90146CA7DE14A8BD
28	%ProgramFiles%\CubeDesktop\SkyBoxes\jajlake2\jajlake2_back.jpg	78,228 bytes	MD5: 0x590576F69985C1B0B200641360C9C23F SHA-1: 0x6F40AAEF59F0EF9834C72A61BE0855BD162E9B99
29	%ProgramFiles%\CubeDesktop\SkyBoxes\jajlake2\jajlake2_bottom.jpg	10,938 bytes	MD5: 0x9946D327EF1CC9B38881A329879E26C2 SHA-1: 0x466EA3D0C7289EA99ACF0933CFB68A9FF6F1BDD6
30	%ProgramFiles%\CubeDesktop\SkyBoxes\jajlake2\jajlake2_front.jpg	90,717 bytes	MD5: 0x40023B8A075F969CA7447C2957A0B584 SHA-1: 0xCC2AB12FB94A0CAC7464CE012FAF9D51A871584E
31	%ProgramFiles%\CubeDesktop\SkyBoxes\jajlake2\jajlake2_left.jpg	87,022 bytes	MD5: 0xA07FE0DF4EB0D11E06923BA268A49850 SHA-1: 0xB84BD2FE35500B31BE77F85B32E85467BB38F1D6
32	%ProgramFiles%\CubeDesktop\SkyBoxes\jajlake2\jajlake2_right.jpg	43,656 bytes	MD5: 0x7C766EFC5E70627FD38CFD9BD19B07B8 SHA-1: 0xAF378A39D0301335FB0AA33832081E2B95B1EFE7
33	%ProgramFiles%\CubeDesktop\SkyBoxes\jajlake2\jajlake2_top.jpg	69,512 bytes	MD5: 0x3F0399D73AA6455F0D2E35CE45F0D904 SHA-1: 0x040B652FCD86E1E96A812D1C86CFB591D201386D
34	%ProgramFiles%\CubeDesktop\SkyBoxes\jajspace2\jajspace2_back.jpg	11,879 bytes	MD5: 0xF4B485C6C953912BAA005256B6AF349A SHA-1: 0x62999B83EE0708DB112EF5855C3A59580F18E799
35	%ProgramFiles%\CubeDesktop\SkyBoxes\jajspace2\jajspace2_bottom.jpg	12,753 bytes	MD5: 0xB9EB69FA01F9D270A148D9DC8312DBFF SHA-1: 0x83FC9373A48CF2C62F672D07BCC9426D2A915534
36	%ProgramFiles%\CubeDesktop\SkyBoxes\jajspace2\jajspace2_front.jpg	11,425 bytes	MD5: 0x52D5F0AF5F67184BA14BA0E1DD68710F SHA-1: 0xF4D6528B168D598A833FD79311DCD8588DC82BB5
37	%ProgramFiles%\CubeDesktop\SkyBoxes\jajspace2\jajspace2_left.jpg	32,038 bytes	MD5: 0x9457CB9613119E2665E0F80646DF08CD SHA-1: 0x1E6530D61166176FFB2B7841E1B2F902ECD4A753
38	%ProgramFiles%\CubeDesktop\SkyBoxes\jajspace2\jajspace2_right.jpg	18,624 bytes	MD5: 0xFC0B46A0E93CDC33DD6573BC22A96860 SHA-1: 0xF31AEF83463704DF07FEB635137BF5CF353CE055
39	%ProgramFiles%\CubeDesktop\SkyBoxes\jajspace2\jajspace2_top.jpg	11,710 bytes	MD5: 0x4300565DC2A3A35111DD7A6546567A09 SHA-1: 0x831ED6C0D1FE3D0AE7AC62D10BDB327E983FDC8B
40	%ProgramFiles%\CubeDesktop\uninst.exe	197,620 bytes	MD5: 0xF2B8FE294BE6520D4CA81F0DCC98BA4B SHA-1: 0xFB12663ACCA8CE1928591418A8EFAA6E0E039A5F
41	[file and pathname of the sample #1]	6,948,681 bytes	MD5: 0x7C3D87833871DFCBE96661DCD2E4EB3F SHA-1: 0x4C55032044CCA9B2AC2F4671E76DFA30256E8D3F

Notes:

%DesktopDir% is a variable that refers to the file system directory used to physically store file objects on the desktop. A typical path is C:\Documents and Settings\[UserName]\Desktop.
%Programs% is a variable that refers to the file system directory that contains the user's program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.

The following directories were created:

%Programs%\CubeDesktop
%ProgramFiles%\CubeDesktop
%ProgramFiles%\CubeDesktop\Languages
%ProgramFiles%\CubeDesktop\SkyBoxes
%ProgramFiles%\CubeDesktop\SkyBoxes\bleached
%ProgramFiles%\CubeDesktop\SkyBoxes\comawhite
%ProgramFiles%\CubeDesktop\SkyBoxes\jajlake2
%ProgramFiles%\CubeDesktop\SkyBoxes\jajspace2

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
[filename of the sample #1]	[file and pathname of the sample #1]	315,392 bytes
cubedesktop.exe	%ProgramFiles%\cubedesktop\cubedesktop.exe	8,192 bytes

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CubeDesktop
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A76F4E7A-ADF1-D9DB-21B0-BE5EFF869941}
HKEY_CURRENT_USER\Software\CubeDesktop

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CubeDesktop]

DisplayName = "CubeDesktop 1.4.0"
UninstallString = "%ProgramFiles%\CubeDesktop\uninst.exe"
DisplayIcon = "%ProgramFiles%\CubeDesktop\CubeDesktop.exe"
DisplayVersion = "1.4.0"
URLInfoAbout = "http://www.cubedesktop.com"
Publisher = "Thinking Minds Building Bytes"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

CubeDesktop = ""

Other details

Analysis of the file resources indicate the following possible countries of origin:

	Russian Federation
	Spain

To mark the presence in the system, the following Mutex object was created:

CubeDesktop

The following Internet Connection was established:

Server Name	Server Port	Connect as User	Connection Password
?	80	?	?

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.