ThreatExpert Report

Submission Summary:

Submission details:

Submission received: 11 August 2012, 12:50:20
Processing time: 14 min 49 sec
Submitted sample:

File MD5: 0xFC11138C793A036B6A9628688ED85D64
File SHA-1: 0x692793A88954C4CFF33080169B497681E09FB7D0
Filesize: 4,900,376 bytes

Summary of the findings:

What's been found	Severity Level
Downloads/requests other files from Internet.

Technical Details:

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash
1	%DesktopDir%\LimeWire 4.18.8.lnk	1,580 bytes	MD5: 0x908C775FFD5F356E3C1F4FB43722CB6C SHA-1: 0xE8F299862E2AAFC9DE4B2017C67C9A3899F99C77
2	%Temp%\jinstall.cfg	125 bytes	MD5: 0x7C5F5A68051F6B0C0E9A2AD33C40D415 SHA-1: 0x120865765927A61AF83F02B83DC297EEDE61EC41
3	%Temp%\jre.tmp	0 bytes	MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
4	%Programs%\LimeWire\Buy LimeWire PRO.lnk	1,600 bytes	MD5: 0x02126E1BF3BC252F430F690DCE60B00C SHA-1: 0xEB4937B320ADC835851ED5267B74F55F36544CD7
5	%Programs%\LimeWire\LimeWire 4.18.8.lnk	1,592 bytes	MD5: 0x19975ECB2BE2CD34085ABDA8E3290B0E SHA-1: 0x14B2DAC09BDE183B120692D062B8A4DA1985418C
6	%Programs%\LimeWire\Uninstall.lnk	1,389 bytes	MD5: 0xA0DA25A5C705428100A691BA7B097631 SHA-1: 0x49502E82FBB03C335990A2994A0812FA7B68A1BD
7	%ProgramFiles%\LimeWire\.NetworkShare\LimeWireWin4.18.8.exe [file and pathname of the sample #1]	4,900,376 bytes	MD5: 0xFC11138C793A036B6A9628688ED85D64 SHA-1: 0x692793A88954C4CFF33080169B497681E09FB7D0
8	%ProgramFiles%\LimeWire\Buy LimeWire PRO.url	133 bytes	MD5: 0x5BB900298FC45638363FE8855BF2F7B8 SHA-1: 0x56D30A4A0C45717013DEB044157000285E5D1171
9	%ProgramFiles%\LimeWire\COPYING	18,349 bytes	MD5: 0xFDAFC691AA5FB7F8E2A9E9521FEF771B SHA-1: 0x1E492D0D7C3EA5C426D38EF46715FB6E30F9988E
10	%ProgramFiles%\LimeWire\data.ser	358 bytes	MD5: 0x8C639BD0358FA45D3D1286F2FBFCD622 SHA-1: 0x95B7E48FE9B9FF6F1A36C76DF1F81D72D24AD54C
11	%ProgramFiles%\LimeWire\inspection.props	13,566 bytes	MD5: 0xA4680B457A609FF4187BD31A358AE196 SHA-1: 0x9BFA3809D8DED22C9AEE9218604914BA79BD95A3
12	%ProgramFiles%\LimeWire\install.log	3,053 bytes	MD5: 0x8927271729DE88F4C70140A76F842ABB SHA-1: 0x9840007E81F3986FDE538034602720A7905CEEAB
13	%ProgramFiles%\LimeWire\language.prop	4 bytes	MD5: 0xE17184BCB70DCF3942C54E0B537FFC6D SHA-1: 0xE0F05ED4FD4FFB1AF17B55948173BFE2900CEFB4
14	%ProgramFiles%\LimeWire\lib\aopalliance.jar	5,130 bytes	MD5: 0x293F1576FDE812D51589B44FD9865FA5 SHA-1: 0x0E59FD2BCB7ED86EC179D296001FEBB8AC09FB3F
15	%ProgramFiles%\LimeWire\lib\clink.jar	622,008 bytes	MD5: 0xF69D9489706119C90672F5AE5D04D54A SHA-1: 0xE449CBAAA4B669AF81DCC116B0E2B36F1D608771
16	%ProgramFiles%\LimeWire\lib\commons-codec-1.3.jar	88,947 bytes	MD5: 0xF9695FA46573D44174FF8404AB716B59 SHA-1: 0x02EDD32571F3F1B6FA1F31384D984DC849683688
17	%ProgramFiles%\LimeWire\lib\commons-logging.jar	59,154 bytes	MD5: 0x81BBF218ABB75B0DE0ABB21F0F0BAF7A SHA-1: 0x2BCFD2AC81D54341AF53E58607225FC1E0CA5009
18	%ProgramFiles%\LimeWire\lib\commons-net.jar	355,370 bytes	MD5: 0x297C0CEAD8609096DFD990AE1B33E1FD SHA-1: 0x39D4A53F18142ADCAA6E986171C865A3785EA239
19	%ProgramFiles%\LimeWire\lib\daap.jar	379,371 bytes	MD5: 0x9999F548674EBEB75C2CE9D5AD3F3FC1 SHA-1: 0x95DCBF0EECDC831BD0DB6B1671DB95A0A6A6CE0B
20	%ProgramFiles%\LimeWire\lib\dnsjava.jar	508,673 bytes	MD5: 0x2AC8BE32D9FC61A1B9AA7E59334A4326 SHA-1: 0xC8448592BBF724FFE65B991A460B6347F2D710B4
21	%ProgramFiles%\LimeWire\lib\forms.jar	188,644 bytes	MD5: 0xB6E8672EB494926EF2A7A17B4CBD6A43 SHA-1: 0x137D5E7A6FC64F932721F657BC3CEF9B8336CE45
22	%ProgramFiles%\LimeWire\lib\foxtrot.jar	44,273 bytes	MD5: 0x5F1FE67E2ECAAAA8C5023A0712B6528A SHA-1: 0x8B4ED93898D8E8B04B4868F98F179083D3801870
23	%ProgramFiles%\LimeWire\lib\gettext-commons.jar	57,004 bytes	MD5: 0xCF45E255C81A897B20F1AA0AB5EA1452 SHA-1: 0xB0D9AA4483106A5082CC1CB135C9BC02BE1DA58A
24	%ProgramFiles%\LimeWire\lib\guice-1.0.jar	1,187,992 bytes	MD5: 0x32C5E2D8D628B65AFFC91543C352314A SHA-1: 0x300BAC0690A3B36F9BBBC6CAFC2563443E524B52
25	%ProgramFiles%\LimeWire\lib\hashes	156 bytes	MD5: 0x1E6194E583D2BE4C3C3E329B98A58498 SHA-1: 0x454EAA832D8D9582423F8CC01281162228A44E87
26	%ProgramFiles%\LimeWire\lib\hsqldb.jar	1,517,914 bytes	MD5: 0xC910F0F9C6F5336B3C96DA004E9CABA1 SHA-1: 0x9C5CAF175E370043BE42276F1F2B4618151DF164
27	%ProgramFiles%\LimeWire\lib\httpclient-4.0-alpha5-20080522.192134-5.jar	525,713 bytes	MD5: 0xE61C87FC77CCA820236D129E0F9ED952 SHA-1: 0x89B4CC26A27C1F43722941D2BDC01819F58EE169
28	%ProgramFiles%\LimeWire\lib\httpcore-4.0-beta2-20080510.140437-10.jar	331,124 bytes	MD5: 0xB67130B08780AE461981A8A86BBE7841 SHA-1: 0x077CF833D67A010F0B0777CD0AA205506C4D0511
29	%ProgramFiles%\LimeWire\lib\httpcore-nio-4.0-beta2-20080510.140437-10.jar	368,841 bytes	MD5: 0xA81ABC466E23884D54CF85408BBBF34F SHA-1: 0xAA6A5F1EEC982CED6A67F2C5B13EBACD440FEFEC
30	%ProgramFiles%\LimeWire\lib\icu4j.jar	741,440 bytes	MD5: 0x2EA7BE7FE723AE4A7BB99850238CE7DE SHA-1: 0x71F65238D702AFC3CF6373DD09A62A759C48A1CC
31	%ProgramFiles%\LimeWire\lib\jaudiotagger.jar	1,165,096 bytes	MD5: 0x440D4E23BD0CA7BB3B68564CB1796A69 SHA-1: 0xF6F4F25A33803FF2531F13EFA308C672F7DBF930
32	%ProgramFiles%\LimeWire\lib\jcraft.jar	136,693 bytes	MD5: 0xA8084001398952FA0842FB49B391244C SHA-1: 0x3D5651CA6B50397B8A2180036A058DADDA6DED83
33	%ProgramFiles%\LimeWire\lib\jdic.dll	110,592 bytes	MD5: 0xA1E460904C64A49CD4D30274C717C646 SHA-1: 0xFD94F32ED15D8CABD59EFACDC2579BD46B3D61DC
34	%ProgramFiles%\LimeWire\lib\jdic.jar	96,604 bytes	MD5: 0x7EC4DCDE24979510DB429D01C17EB2DE SHA-1: 0xED39E1E928D11CE8F48F3F8E9964BEBE2974BACE
35	%ProgramFiles%\LimeWire\lib\jdic_stub.jar	64,134 bytes	MD5: 0xB36A0D603D24E162654073CC90F32B72 SHA-1: 0x9EDCB947972A29BDE31E2CE8345E156CB18A6746
36	%ProgramFiles%\LimeWire\lib\jflac.jar	189,380 bytes	MD5: 0xD47B3340005ECDBD807AD4D2AF93A4CE SHA-1: 0x45A9D78CCCFCFC1FD89B2B109040F0D62A0E5FA5
37	%ProgramFiles%\LimeWire\lib\jl.jar	254,994 bytes	MD5: 0xB592FB0C7097E6AE090596CADF18923E SHA-1: 0x63175EB763ECEF5F8A1ADA0C6DA87F74E5FC3174
38	%ProgramFiles%\LimeWire\lib\jmdns.jar	69,306 bytes	MD5: 0xF61E94168AE87EC532C8D0EAC646C602 SHA-1: 0x3FD987CE6E7AFF7921C14B4B6A092C3A1F6CD9A5
39	%ProgramFiles%\LimeWire\lib\jogg.jar	12,032 bytes	MD5: 0xD7158C6BE281C7CFB0CD465D3E38B578 SHA-1: 0x22133C73343D558F91CD5607EB101B9EAA5744AF
40	%ProgramFiles%\LimeWire\lib\jorbis.jar	101,641 bytes	MD5: 0x209490C77A48996D484BA28367EA922B SHA-1: 0x88F23CB3FFDD00AE756D7553581A89FAAF25E83D
41	%ProgramFiles%\LimeWire\lib\LimeWire.ico %ProgramFiles%\LimeWire\LimeWire.ico	25,214 bytes	MD5: 0x933FA742EF155BBE47C5B603EB390694 SHA-1: 0x5440590C53CBA80D24FF282D1F1051C881A2530A
42	%ProgramFiles%\LimeWire\lib\LimeWire.jar	0 bytes	MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
43	%ProgramFiles%\LimeWire\lib\log4j.jar	677,952 bytes	MD5: 0x12283F0C1FD91B2DAEF7CDA213F562EF SHA-1: 0x484BD9B1CA648AA1E73806A7288B7396340D2898
44	%ProgramFiles%\LimeWire\lib\log4j.properties	7,171 bytes	MD5: 0xF4F476B06CA7D07E1043BA75D0D8FF99 SHA-1: 0x4709E5F032010FA3206496BF8892FEF2CE9F2C13
45	%ProgramFiles%\LimeWire\lib\looks.jar	630,634 bytes	MD5: 0xAFF21B7E92C5C85BE4234E967FE23D3A SHA-1: 0xA9B2C78F178D1E7BB643E1E3D20D16BDCFFB26E2
46	%ProgramFiles%\LimeWire\lib\messages.jar	3,897,094 bytes	MD5: 0x0C6F31FD321751E4BAB415BB2988AEA1 SHA-1: 0xB3D1A155B6B992952F90983693B90C6ACDA6168C
47	%ProgramFiles%\LimeWire\lib\mp3spi.jar	42,765 bytes	MD5: 0x3EEDE9F242CB5E41309F06E26D5C10AB SHA-1: 0x36E7F94136C44AECD5FE0606CEAEEE3429E7B8E1
48	%ProgramFiles%\LimeWire\lib\onion-common.jar	115,824 bytes	MD5: 0x3C9FF6452507BE25546235656D631C9A SHA-1: 0x636CBA4C244418BCF43A66965F59B0420CDC0177
49	%ProgramFiles%\LimeWire\lib\onion-fec.jar	67,130 bytes	MD5: 0xB6910CB4E13F7F9F2F9833EB5172C1C9 SHA-1: 0x0337F2742CB747DCE846DDD6B8C6872379FBE357
50	%ProgramFiles%\LimeWire\lib\ProgressTabs.jar	5,786 bytes	MD5: 0x833BE77D204C829CA4E4BD81C20892B9 SHA-1: 0x2F3E4FA448BF5E258524D97D3C6DD4F1B4A97C89
51	%ProgramFiles%\LimeWire\lib\swt.jar	4,298,757 bytes	MD5: 0x4FFA23A1D6146B82CEE6ED2364543B5C SHA-1: 0x16CCF9DD0FF8687AE9EB32DCCF355C6C49A61BBC
52	%ProgramFiles%\LimeWire\lib\SystemUtilities.dll	90,112 bytes	MD5: 0x826733847F85D08B1CD5D3B63F459B3D SHA-1: 0x52408DBBE1D3CB097D93B84B2EE7AEB0662860E6
53	%ProgramFiles%\LimeWire\lib\SystemUtilitiesA.dll	86,016 bytes	MD5: 0x46F0EBB1A297A6A3EEE33D9099023EC6 SHA-1: 0xA2824FADB1E769732DDFABF9E7A7DAE2D58D1AF7
54	%ProgramFiles%\LimeWire\lib\themes.jar	76,653 bytes	MD5: 0xD18A15BA2B066765BDD4B1E43E7C8975 SHA-1: 0x82B1F6EE64499B3D2B06516F010869C8FFFC3B29
55	%ProgramFiles%\LimeWire\lib\tray.dll	45,056 bytes	MD5: 0xB411CE46DAEE8FFE1ADF145F3CD7FC48 SHA-1: 0x96569FEA501C3EC0A10B8908D11C3C430EB8D63D
56	%ProgramFiles%\LimeWire\lib\tritonus.jar	211,836 bytes	MD5: 0x2A161428AA944A0890DB03EDEFAB1B19 SHA-1: 0x925AB7BD3E2C0A6B23836F6A172BFD0CCA7FCD91
57	%ProgramFiles%\LimeWire\lib\vorbisspi.jar	27,145 bytes	MD5: 0x5243091A899D4FDD3DF4658F1F35EC00 SHA-1: 0xDBD2A37CE1EDF1C365D28A093F39DFF4D3CF187C
58	%ProgramFiles%\LimeWire\LimeWire On Startup.lnk	1,538 bytes	MD5: 0x1E65E1DA48A157014DC1ADBB510A4F07 SHA-1: 0x4DA22CA91C9259AAC8F7D2B3394D8484BB1DE84B
59	%ProgramFiles%\LimeWire\LimeWire.exe	147,456 bytes	MD5: 0x365418B2FEFCA481C6CE388DA076EAC2 SHA-1: 0x484B842B437BB9CD8651BDE9C9F0875826827F22
60	%ProgramFiles%\LimeWire\pmf.ico	3,262 bytes	MD5: 0x8922952DE0E8F8A2E823F81FAC403F70 SHA-1: 0x7033F9477D48C94B2C62C3E22DAA47E72A248308
61	%ProgramFiles%\LimeWire\root\magnet10\badge.img %ProgramFiles%\LimeWire\root\magnet10\canHandle.img	830 bytes	MD5: 0x2737D65467125CC8612B1745197BBE57 SHA-1: 0x3ECB5F0ADCF2827FCFFF95201E964C9E8A6F397D
62	%ProgramFiles%\LimeWire\root\magnet10\limewire.gif	211 bytes	MD5: 0x9BD3D1FE98061F51E5D2EFAE7BC14943 SHA-1: 0x8B718B47E9192DB38669691E721F549F0521C8E3
63	%ProgramFiles%\LimeWire\root\magnet10\options.js	566 bytes	MD5: 0x4F3578FC6F29A2CDFE113A402E5D7F7C SHA-1: 0xF2EBDA37FA55014111D54C936C8DC8BAD5035EDD
64	%ProgramFiles%\LimeWire\root\magnet10\silentdetect.js	162 bytes	MD5: 0x1FA1AED3222E29BDEAD354032D187847 SHA-1: 0x3AE3B36E2FF054446CB2FDA7774F0F1AC9D67073
65	%ProgramFiles%\LimeWire\SOURCE	273 bytes	MD5: 0x67560662AFDBB1119FF6A63F4EA4A10C SHA-1: 0x86A2FE666BB9EFEDC80B3559CB53ACA88CBA9A98
66	%ProgramFiles%\LimeWire\spacer.gif	49 bytes	MD5: 0xED280A0EA3CC38F3CBBC747ACFBEF47D SHA-1: 0x6BDCB32EE75E957A5085C010F4DFD0C716BFDADC
67	%ProgramFiles%\LimeWire\uninstall.exe	124,421 bytes	MD5: 0xC299CFF94110C1A3471B8E45A37864FA SHA-1: 0x5B6A8A7AC219525694730C5249BE27AD124BBD4B
68	%ProgramFiles%\LimeWire\unpack.log	21,651 bytes	MD5: 0xC9C3C47AD5E77E7917E4BA0C459E4C38 SHA-1: 0x5D27EA159057A1436268E1C0D36ACF25D91544A6

Notes:

%DesktopDir% is a variable that refers to the file system directory used to physically store file objects on the desktop. A typical path is C:\Documents and Settings\[UserName]\Desktop.
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%Programs% is a variable that refers to the file system directory that contains the user's program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.

The following directories were created:

%Programs%\LimeWire
%ProgramFiles%\LimeWire
%ProgramFiles%\LimeWire\.NetworkShare
%ProgramFiles%\LimeWire\lib
%ProgramFiles%\LimeWire\root
%ProgramFiles%\LimeWire\root\magnet10

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
execNoWindow.exe	%ProgramFiles%\LimeWire\execNoWindow.exe	32,768 bytes
unpack200.exe	%ProgramFiles%\LimeWire\unpack200.exe	122,880 bytes
[filename of the sample #1]	[file and pathname of the sample #1]	229,376 bytes
jrestub.exe	%Temp%\jrestub.exe	237,568 bytes
limewire.exe	%ProgramFiles%\limewire\limewire.exe	151,552 bytes

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LimeWire
HKEY_LOCAL_MACHINE\SOFTWARE\LimeWire

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LimeWire]

DisplayName = "LimeWire 4.18.8"
UninstallString = ""%ProgramFiles%\LimeWire\uninstall.exe""
NoModify = 0x00000001
NoRepair = 0x00000001
URLInfoAbout = "http://www.limewire.com"
URLUpdateInfo = "http://www.limewire.com/update"
Publisher = "Lime Wire, LLC"
HelpLink = "http://www.limewire.com/support"
DisplayVersion = "4.18.8"

[HKEY_LOCAL_MACHINE\SOFTWARE\LimeWire]

InstallDir = "%ProgramFiles%\LimeWire"

Other details

Analysis of the file resources indicate the following possible country of origin:

China

To mark the presence in the system, the following Mutex object was created:

_!SHMSFTHISTORY!_

The following Host Name was requested from a host database:

install.limewire.com

There was registered attempt to establish connection with the remote host. The connection details are:

Remote Host	Port Number
install.limewire.com	1035

The following Internet Connections were established:

Server Name	Server Port	Connect as User	Connection Password
java.sun.com	80	(null)	(null)
www.java.com	80	(null)	(null)

The following GET requests were made:

update/1.5.0/1.5.0_06-b05.xml
index.html
index.jpg

The following HTTP URL was started reading:

http://install.limewire.com/jre.7z-4.18.8?jv=&wv=5.1&lv=4.18.8&sv=1.25&ss=nocon

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.