ThreatExpert Report

Submission Summary:

Submission details:

Submission received: 18 July 2012, 04:24:44
Processing time: 10 min 53 sec
Submitted sample:

File MD5: 0x7BD1F39CCC21F87CC394BD64EB1B1A2E
File SHA-1: 0x55C1D1D646EB4ACCD255C2F5CB64D71479483300
Filesize: 1,074,448 bytes

Summary of the findings:

What's been found	Severity Level
Downloads/requests other files from Internet.

Technical Details:

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash
1	%DesktopDir%\Continue Video Converter Installation.lnk	913 bytes	MD5: 0xB238335B8F98E1E94C8F87D60DF795C8 SHA-1: 0x353D90F20847537BDD335C6731B882A556AA73DF
2	%Temp%\ICReinstall_[filename of the sample #1] [file and pathname of the sample #1]	1,074,448 bytes	MD5: 0x7BD1F39CCC21F87CC394BD64EB1B1A2E SHA-1: 0x55C1D1D646EB4ACCD255C2F5CB64D71479483300
3	%Temp%\is357113909\100728_Setup.CIS %Temp%\is357113909\100790_Setup.CIS	0 bytes	MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
4	%Temp%\is357113909\1632846757.cfg	262 bytes	MD5: 0x34DCFEF8DD5355F7926C2F81CEBDDC2D SHA-1: 0xCCCC2742BF62A9A2481A6FBAAEACE2EBA70D5AEB
5	%Temp%\is357113909\1636566009.cfg	252 bytes	MD5: 0x8A55C884442A6AB781B3FFA9389533E5 SHA-1: 0x580FB27DDF69683EDE8FEB668D9FBF5A5634A8A3
6	%Temp%\is357113909\2112949078.cfg	262 bytes	MD5: 0x0B6205BF5A736CF28E3305507273394C SHA-1: 0xFB79463E65F4EBFC7810C85902A3632D51ACF6B5
7	%Temp%\is357113909\451149765.cfg	252 bytes	MD5: 0xE0ABA40C1E56850EE2AB5550F13332AB SHA-1: 0x8414F8464EA5D7FE00BFC9939739603A99337FF8
8	%Temp%\ish100343\blank.gif	49 bytes	MD5: 0x56398E76BE6355AD5999B262208A17C9 SHA-1: 0xA1FDEE122B95748D81CEE426D717C05B5174FE96
9	%Temp%\ish100343\css\buttons.css	1,153 bytes	MD5: 0xA84FEE16240DE0D25F1B3EC8DF25A11C SHA-1: 0xFF395834BB8FF730B31C1DAEFC8FF197CE280AD0
10	%Temp%\ish100343\css\ie6_main.css	1,129 bytes	MD5: 0x69B3F7194795871E6EAC286439118DDD SHA-1: 0xE7488B4B7363B011AA82ABBCE84F914E3329750A
11	%Temp%\ish100343\css\main.css	4,346 bytes	MD5: 0xAFF1B740C3A48C23E529E439A46F445A SHA-1: 0xDF7A706D577E51BD54D115620CA5497EB77EDC2E
12	%Temp%\ish100343\css\sdk-ui\browse.css	318 bytes	MD5: 0x10C359BC980927BB66B215407ECE3E66 SHA-1: 0x4A2FC034BF7B4E84D832B6BBD9413D2055B9EC62
13	%Temp%\ish100343\css\sdk-ui\button.css	417 bytes	MD5: 0x37E1FF96E084EC201F0D95FEEF4D5E94 SHA-1: 0x4EC405F2668D5D93260525AD916ABAFA2414CB72
14	%Temp%\ish100343\css\sdk-ui\checkbox.css	190 bytes	MD5: 0x64773C6B0E3413C81AEBC46CCE8C9318 SHA-1: 0x50F84EF8331341B48981AF82313B146863EBA526
15	%Temp%\ish100343\css\sdk-ui\images\button-bg.png	131 bytes	MD5: 0x98B1DE48DFA64DC2AA1E52FACFBEE3B0 SHA-1: 0xA1615C118FBFA49253D98185EAE283F26EA392D7
16	%Temp%\ish100343\css\sdk-ui\images\progress-bg.png	2,845 bytes	MD5: 0x32A6846FE53388EB03BE3ADA2221297F SHA-1: 0x1C1BAEC7B7FE7A420CCF68D3112384B44F8BA89E
17	%Temp%\ish100343\css\sdk-ui\progress-bar.css	632 bytes	MD5: 0x8F6A2E09ACE79158461B82D74FF6C7FD SHA-1: 0x88F079FD001FEB2CB302565B87FDB81C8995DD93
18	%Temp%\ish100343\images\Bg.gif	20,535 bytes	MD5: 0x94D82A50272A4423DCA66AE32E0602CA SHA-1: 0x18A1300C684442BFFB41DCBA54D30C72888F48EC
19	%Temp%\ish100343\images\close_button.png	1,341 bytes	MD5: 0x83487401DAF307D6C726A479DE1EE6F9 SHA-1: 0xC173BE4937A63672570078B325864C76B28040B8
20	%Temp%\ish100343\images\finish-button.png	2,311 bytes	MD5: 0xE37EC66B72996FC3AD929CD068570D4D SHA-1: 0xE21BE5EA412B4DC02B7D3A61AB3A798946224CAE
21	%Temp%\ish100343\images\icon.png	3,999 bytes	MD5: 0xB460D82EAB7AF8BA6E338E351DD0ECDC SHA-1: 0x265B9A3F3C80F40F8534DDCFBF9C1ED61E3B1B20
22	%Temp%\ish100343\images\loader.gif	6,292 bytes	MD5: 0x85954EA60A946E9C41E33260CEE2BBC4 SHA-1: 0xA2B8147953636DE537C66AFB06105A3889A55915
23	%Temp%\ish100343\images\next-button-over.png	2,378 bytes	MD5: 0x23802443DCDD0CB5DCC00F1D3BD9CFE6 SHA-1: 0x513234AEC8111706E7031090BD85F26E524821D8
24	%Temp%\ish100343\images\next-button.png	2,430 bytes	MD5: 0x274548CB843BB96FCB50A79A2340B22D SHA-1: 0xBB5253C868861FF10FD48DCCE1309D847F087E80
25	%Temp%\ish100343\images\progress-bg.png	176 bytes	MD5: 0x192B249D9413082D676F85D1509FE258 SHA-1: 0x4130BA10D3BB2267F19FA07DC0672E6BA23A8C4E
26	%Temp%\ish100343\images\Progress.png	333 bytes	MD5: 0x2306755853711F1CB2F97CFC90440FB8 SHA-1: 0x57D2E50C9F6345D6A81B2D766D31D92ED741F822
27	%Temp%\ish100343\images\ProgressBar.png	266 bytes	MD5: 0x0E0AEAD9873F985325C78C564830B2DA SHA-1: 0x339D70C35D53F322908BE28DD80002379B739921
28	%Temp%\ish100343\license\DE.license.txt	22,437 bytes	MD5: 0x94C7BDCA5F950C087EBF2DCBA0550AC4 SHA-1: 0x504F74335AEECC9DB7984CA1CFA1B694B0A1CE24
29	%Temp%\ish100343\license\EN.license.txt	18,507 bytes	MD5: 0x75A5340D5A321F4F889E7891336A3478 SHA-1: 0x546E8DB4ECBBA7A701D36A3B1B263C9D9B60D384
30	%Temp%\ish100343\locale\EN.locale	2,385 bytes	MD5: 0xD0FAB55E7BD3510D51DF2414213257AB SHA-1: 0xC8BF277751D527A01F0D207E77AF33D904D8E6BC

Notes:

%DesktopDir% is a variable that refers to the file system directory used to physically store file objects on the desktop. A typical path is C:\Documents and Settings\[UserName]\Desktop.
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

The following directories were created:

%Temp%\is357113909
%Temp%\ish100343
%Temp%\ish100343\css
%Temp%\ish100343\css\sdk-ui
%Temp%\ish100343\css\sdk-ui\images
%Temp%\ish100343\images
%Temp%\ish100343\license
%Temp%\ish100343\locale

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
[filename of the sample #1]	[file and pathname of the sample #1]	1,105,920 bytes
icreinstall_[filename of the sample #1]	%Temp%\icreinstall_[filename of the sample #1]	1,105,920 bytes

Other details

To mark the presence in the system, the following Mutex objects were created:

DDrawWindowListMutex
DDrawDriverObjectListMutex
__DDrawExclMode__

The following port was open in the system:

Port	Protocol	Process
1041	TCP	[file and pathname of the sample #1]

The following Internet Connections were established:

Server Name	Server Port	Connect as User	Connection Password
os.superbvideoconverter.com	80	(null)	(null)
rp.superbvideoconverter.com	80	(null)	(null)
cdnus.superbvideoconverter.com	80	(null)	(null)
cdneu.superbvideoconverter.com	80	(null)	(null)

The following HTTP URLs were started reading:

http://cdnus.superbvideoconverter.com/app/Cmp/VideoConverter-v2.cis
http://cdneu.superbvideoconverter.com/app/Cmp/VideoConverter-v2.cis
http://cdnus.superbvideoconverter.com/ofr/BabylonToolbarV7.cis
http://cdneu.superbvideoconverter.com/ofr/BabylonToolbarV7.cis

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.