Systweak Spyware Library
Systweak Spyware Library text
More than 1309737 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
PSW-Stealer.agent.lta Analysis Report
Threat Submitted On: 2/6/2009 10:59:20 PM
Threat Analysed On: 2/7/2009 3:59:20 AM
Threat Updated On: 11/8/2009 8:12:42 AM
Type : PSW-Stealer
Symptoms of agent.lta
  • Runs in stealth mode and records passwords as and when entered on a system
  • May also imitate the login prompt, asking the user to provide their password
Information
Alias : trojan-psw.win32.agent.lta
Md5 Hash : [Not Available]
File Size : [ Not Available ]

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: caps.db-journal
Path : %programfiles%\common files\adobe\caps
Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
9496e9b3b0b70c3ff566144d3604f769 ( bytes)
daedd172056a48d870398bb5542e8534 ( bytes)
File: 3ivx.cm.flask
Path : %programfiles%\nimocodec pack\3ivx codec
Md5Hash :20258ee9b4d9a59d7979c5f479f73e01 ( 57344 bytes)
File: 3ivx.cm.flask readme.txt
Path : %programfiles%\nimocodec pack\3ivx codec
Md5Hash :bf9122112bd3089e3fe925331287794c ( 1429 bytes)
File: about the uninstall ac3 filters.txt
Path : %programfiles%\nimocodec pack\ac3 filters un-install
Md5Hash :2e9a205077ed00833de41277d62fb23a ( 370 bytes)
File: uninstall ac3 filters.bat
Path : %programfiles%\nimocodec pack\ac3 filters un-install
Md5Hash :ba5358e232e7c4dda33b074d06b356f5 ( 1550 bytes)
File: avisynth.dll
Path : %programfiles%\nimocodec pack\avisynth
Md5Hash :e1db42ba7f841799898c29e4f7160bdf ( 339968 bytes)
File: install.reg
Path : %programfiles%\nimocodec pack\avisynth
Md5Hash :6becdb22dbbe33a5bb6255afb2109e5f ( 421 bytes)
File: ipcserver.avs
Path : %programfiles%\nimocodec pack\avisynth
Md5Hash :6ba324900775a811bed195afdc88659e ( 51 bytes)
File: uninstall.reg
Path : %programfiles%\nimocodec pack\avisynth
Md5Hash :2263b9c57ddc7318056491d77f5c4010 ( 177 bytes)
File: developer.txt
Path : %programfiles%\nimocodec pack
Md5Hash :d69e5a1975bb7cf093d89b0fe5ac7b6c ( 3804 bytes)
File: ass-quickref.txt
Path : %programfiles%\nimocodec pack\directvobsub\help and faqs
Md5Hash :6ec0f885a2c14572d2225ae8a81b3250 ( 2216 bytes)
File: ass-specs.doc
Path : %programfiles%\nimocodec pack\directvobsub\help and faqs
Md5Hash :e39770d54669a3f2433a470b265154ed ( 112128 bytes)
File: dvobsub.txt
Path : %programfiles%\nimocodec pack\directvobsub\help and faqs
Md5Hash :1bc9f40b1e231c6dbd10dd6be68feeda ( 6415 bytes)
File: license.txt
Path : %programfiles%\nimocodec pack\directvobsub\help and faqs
Md5Hash :319d0f6ecd191909ab884923b3736021 ( 192 bytes)
File: readme1st.txt
Path : %programfiles%\nimocodec pack\directvobsub\help and faqs
Md5Hash :83ac574c010c93432581d24585cb4549 ( 52 bytes)
File: submux.txt
Path : %programfiles%\nimocodec pack\directvobsub\help and faqs
Md5Hash :3e748b958eb08ebb41da7251ba3f836d ( 2275 bytes)
File: subresync.txt
Path : %programfiles%\nimocodec pack\directvobsub\help and faqs
Md5Hash :e6f57bf72806a692d081e54c0f0c893f ( 2857 bytes)
File: supported formats.txt
Path : %programfiles%\nimocodec pack\directvobsub\help and faqs
Md5Hash :896f74ff602bcb79cb0a483f77e5ccd1 ( 2504 bytes)
File: textsub.txt
Path : %programfiles%\nimocodec pack\directvobsub\help and faqs
Md5Hash :64e77ba5af961fe7f35d76c3510dd7d7 ( 340 bytes)
File: unicode.txt
Path : %programfiles%\nimocodec pack\directvobsub\help and faqs
Md5Hash :0413ff521139d050efef55bef0cbdfee ( 1304 bytes)
File: vobsub.txt
Path : %programfiles%\nimocodec pack\directvobsub\help and faqs
Md5Hash :4c1b3902735cf6cf8490f994c43c3521 ( 2904 bytes)
File: vobsub-auto.txt
Path : %programfiles%\nimocodec pack\directvobsub\help and faqs
Md5Hash :607380bf8d0906cd1205b6e454337db0 ( 1196 bytes)
File: readme-srt.txt
Path : %programfiles%\nimocodec pack\directvobsub
Md5Hash :7cf80f381713107fd1737fd4d2dba6bf ( 102 bytes)
File: regsrt.reg
Path : %programfiles%\nimocodec pack\directvobsub
Md5Hash :d265a4fb2fbe0db8d2813edbd7f33ada ( 298 bytes)
File: submux.exe
Path : %programfiles%\nimocodec pack\directvobsub
Md5Hash :c45509da3a26f376d1c241fa38e41309 ( 61440 bytes)
File: subresync.exe
Path : %programfiles%\nimocodec pack\directvobsub
Md5Hash :0888393a16b91af0572bf144e9da82da ( 98304 bytes)
File: unregsrt.reg
Path : %programfiles%\nimocodec pack\directvobsub
Md5Hash :1208a819f6d119af0d0576c207b29a39 ( 318 bytes)
File: lameacm.txt
Path : %programfiles%\nimocodec pack
Md5Hash :613ecbcb122e6b9c44791ddf5c2c2569 ( 426 bytes)
File: mpeg2dec.dll
Path : %programfiles%\nimocodec pack\mpeg2dec
Md5Hash :28f80ffa37b00c2dc6441ab6cf8e245d ( 167936 bytes)
File: simpleresize.dll
Path : %programfiles%\nimocodec pack\mpeg2dec
Md5Hash :2ee793b523cf9cceab0cca86fc9a0e95 ( 61440 bytes)
File: readme.txt
Path : %programfiles%\nimocodec pack\nimo codec pack help
Md5Hash :87c142c63b66fb8ff676d65d6f7b4c70 ( 4289 bytes)
File: nimo.jpg
Path : %programfiles%\nimocodec pack
Md5Hash :228d17df40641a758046eb856bbbcba7 ( 2622 bytes)
File: readme2.txt
Path : %programfiles%\nimocodec pack
Md5Hash :63da4c5a2d4a103e401d9752096a71d9 ( 1466 bytes)
File: uninstall.exe
Path : %programfiles%\nimocodec pack
Md5Hash :36fd488fb13e7b80fe701242c5750b9e ( 40992 bytes)
File: [RandomName]
Path : %workingdir%
Md5Hash :( bytes)
File: ahmbed
Path : %workingdir%
Md5Hash :( bytes)
File: ahmbed.gz
Path : %workingdir%
Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
64378812ef417b5cbc01bb8c02162e4e ( 221 bytes)
7eaf480eec4fa829d68551315bb08b9d ( 226 bytes)
File: scs3.tmp
Path : %systemdrive%\temp
Md5Hash :( bytes)
File: scs5.tmp
Path : %systemdrive%\temp
Md5Hash :( bytes)
File:
Path : %temp%
Md5Hash :( bytes)
File: ~basic hook~.exe
Path : %temp%
Md5Hash :8e70fc5c19ebaf2ab77089bf036f9871 ( 80384 bytes)
File: 1.3.exe
Path : %temp%
Md5Hash :61564f28c15e30c2db97529400c85d3a ( 458752 bytes)
File: 105d7.dmp
Path : %temp%
Md5Hash :8edbc059b83e95e72d5b6e0457659dc5 ( bytes)
File: 14fd0.dmp
Path : %temp%
Md5Hash :bbef6250cef88a3f4c3653b7d60f32c2 ( bytes)
File: 176_appcompat.txt
Path : %temp%
Md5Hash :1acef422155d1b29e6fcd0a9253712ef ( bytes)
File: 36003.dmp
Path : %temp%
Md5Hash :548d1bb05a0db48be788f342ac3c2a4c ( bytes)
File: 3danalyzer v3.680.exe
Path : %temp%
Md5Hash :e5882c9f7ac03f184d28d447b8e8cfca ( 956967 bytes)
File: 403a_appcompat.txt
Path : %temp%
Md5Hash :eceaa89bc0cc633403db1069b916d598 ( bytes)
File: 4changet.exe
Path : %temp%
Md5Hash :84ec74b8af7d780d3bc922d2be8ed2cb ( 95232 bytes)
File: 6f138.dmp
Path : %temp%
Md5Hash :6c2d159d0033aa85395cc04a4fb51d54 ( bytes)
File: advertisement.bmp
Path : %temp%
Md5Hash :215df7a1b769f3a29a39dadf5423112e ( 85374 bytes)
File: apid hacker final build 3.0.exe
Path : %temp%
Md5Hash :f5bc1a80a2663d40476e7ab81fae78e1 ( 151552 bytes)
File: bassmod.dll
Path : %temp%
Md5Hash :e4ec57e8508c5c4040383ebe6d367928 ( 34308 bytes)
File: bcf_appcompat.txt
Path : %temp%
Md5Hash :56fd5b9afdd1b7c81d8bca63314457e3 ( 2480 bytes)
File: black xp.exe
Path : %temp%
Md5Hash :9e8e53ea1c73999f0a9e3ebfca8a67a9 ( 10752 bytes)
File: boostr.v3.0.build.491-patch.exe
Path : %temp%
Md5Hash :b70163b280a7ddc6cb13b050f69ad572 ( 207636 bytes)
File: charconversion.exe
Path : %temp%
Md5Hash :52efbaa370ae96400fb30e567361696f ( 32768 bytes)
File: crack.exe
Path : %temp%
Md5Hash :70a1a827467f2277c82f3288dd1ef9c8 ( 33280 bytes)
File: cxtv2gha1yayk8yfyelk.jpg
Path : %temp%
Md5Hash :5dd04ba8d12cfa58b648762176a31365 ( 23573 bytes)
File: d8e7_appcompat.txt
Path : %temp%
Md5Hash :961785dd2449b9586ab70cec04251462 ( bytes)
File: divx5.reg
Path : %temp%
Md5Hash :0b5bcc79e72aba3cc4e8b68f9a8f82f2 ( bytes)
File: dvdfab5232.exe
Path : %temp%
Md5Hash :0a1df69e55269a4d8271dc7eb4216a2a ( 8004480 bytes)
File: eboostr.exe
Path : %temp%
Md5Hash :5430d078ae559e411066eec4e9f3aa1f ( 184832 bytes)
File: f926_appcompat.txt
Path : %temp%
Md5Hash :caed5fd187ac00e37aee1029d30a6459 ( bytes)
File: fileinfo.who
Path : %temp%
Md5Hash :94600358e026b754fa1f8ff6fb7ecacc ( 94 bytes)
File: fpsbr4!n_vdrölf.exe
Path : %temp%
Md5Hash :91db7d5856ec46c996cb320afee01199 ( 236032 bytes)
File: ghajini.exe
Path : %temp%
Md5Hash :1d643b49184b7c30384aae8c94bbdac4 ( 32256 bytes)
File: i-love-it css recode 1.0.exe
Path : %temp%
Md5Hash :7649c89077baf6da4265d7a4860618cf ( 159744 bytes)
File: immunity light hl1.exe
Path : %temp%
Md5Hash :0e8f405b49b2c3a6447d9d669a5de02e ( 472576 bytes)
File: install.exe
Path : %temp%
Md5Hash :5171b5d77917ab4ad4042e9dff6ade9d ( 492433 bytes)
File: install_icq7german.exe
Path : %temp%
Md5Hash :86ec5f9077f65b6dcc64a9c528055558 ( 7589396 bytes)
File: installoptions.dll
Path : %temp%
Md5Hash :c30a14fd7754429819b25352b0a4de40 ( bytes)
File: 1549bdb.tmp
Path : %temp%\iolowupd
Md5Hash :646cc81fad761526519f4a8dd47ec4b9 ( bytes)
File: systemmechanic.exe
Path : %temp%\iolowupd
Md5Hash :d4eedb027e542f18318fcb92849709c0 ( 17238008 bytes)
File: systemmechanic.tmp
Path : %temp%\iolowupd
Md5Hash :d4eedb027e542f18318fcb92849709c0 ( bytes)
File: istealer 3.0.exe
Path : %temp%
Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
7ecc593962ca003af0ae0ce6a56c55e0 ( 44544 bytes)
94de5009305f635b1c59e4e05a6a1e3e ( 362791 bytes)
File: keygen.exe
Path : %temp%
Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
2523d167e5a64df62e8505d73288d215 ( 87458 bytes)
3561490baacc4e093a9bd12e21156bf4 ( 178893 bytes)
7573cd8c22cf4fd16dd6fba2dbd96faa ( 68608 bytes)
File: kh2_5.exe
Path : %temp%
Md5Hash :98976ee2eb5d3d7903db084e32993284 ( 904192 bytes)
File: loader.exe
Path : %temp%
Md5Hash :33b5ea993eb711821d76b2c621ef70ad ( 20992 bytes)
File: lulexx vip.bat
Path : %temp%
Md5Hash :22be7faa6c1de99e0b34658578f77286 ( 12061 bytes)
File: marsu-fix2.5_x32.exe
Path : %temp%
Md5Hash :f1968d66d6fb3363733a7cb2c26e185d ( 533529 bytes)
File: netstumblerinstaller_0_4_0.exe
Path : %temp%
Md5Hash :132746f56a7c050611db8cfd58e1b3e5 ( 40448 bytes)
File: nimo.ini
Path : %temp%
Md5Hash :707a71228a4d6799ee19802a90f2ea33 ( bytes)
File: nimo50build8.exe
Path : %temp%
Md5Hash :f33015b110cf4d783895c204cd7e2561 ( 7123600 bytes)
File: nl_2010_pro.exe
Path : %temp%
Md5Hash :64305e7a810bc4483af9dfd10562cfec ( 2713616 bytes)
File: norton2009_trialreset.exe
Path : %temp%
Md5Hash :54f7e3c33bb751a942ff5e38f17a9fc7 ( 861588 bytes)
File: notepad.exe
Path : %temp%
Md5Hash :97f37a86e334145b90ba790d04c1385e ( 70656 bytes)
File: nsisos.dll
Path : %temp%
Md5Hash :c2870ca957065ea22f73ae94ff3eaf18 ( bytes)
File: nsm5.tmp
Path : %temp%
Md5Hash :44824cfcbe66cef029e9baa6fcdafbbf ( 300894 bytes)
File: anydvdtray.exe
Path : %temp%\nst3.tmp
Md5Hash :bd47d2677c2d7ef5f5af240ce6fca436 ( 2522048 bytes)
File: installhelp.dll
Path : %temp%\nst3.tmp
Md5Hash :81a8d8ca2be223ac180138b79fa4cd71 ( 86016 bytes)
File: installoptions.dll
Path : %temp%\nst3.tmp
Md5Hash :5ec2356b7ad6993d3d4bf31a8dd45473 ( 12800 bytes)
File: iospecial.ini
Path : %temp%\nst3.tmp
Md5Hash :899a592aae08d4fb39500f74d6ed27e0 ( 659 bytes)
File: modern-header.bmp
Path : %temp%\nst3.tmp
Md5Hash :8a3597b2b382d366f280c069578903d4 ( 25818 bytes)
File: modern-wizard.bmp
Path : %temp%\nst3.tmp
Md5Hash :ffa561a3a2ed5a369b7cc6d541a08282 ( 154542 bytes)
File: popular.txt
Path : %temp%
Md5Hash :( bytes)
File: project1.exe
Path : %temp%
Md5Hash :106d1de9aafdd6c244a3770b0f57342c ( 1711104 bytes)
File: project1.rar
Path : %temp%
Md5Hash :3a8dfb23e3adf91107507d02ac7d43c6 ( 585541 bytes)
File: rapidshare accounts.txt
Path : %temp%
Md5Hash :5a142f9c0e507fa8b8a3629ad6c2b851 ( 657 bytes)
File: rar-password-recovery.exe
Path : %temp%
Md5Hash :efc7e49bc4dc260fa427902eec505bc4 ( 735481 bytes)
File: rigger2.exe
Path : %temp%
Md5Hash :7fab5b677637eb70df465252a71a7b39 ( 32768 bytes)
File: run.bat
Path : %temp%
Md5Hash :2efc6f4880dad978dfdb1f6e38f4f6d4 ( bytes)
File: runescapebr00t.exe
Path : %temp%
Md5Hash :947868bfed34d56fc21089d4c9d8fa86 ( 65536 bytes)
File: setupanydvd6511.exe
Path : %temp%
Md5Hash :47aedc4059fc644cc189581a61c1ee62 ( 4106968 bytes)
File: sm_dm.exe
Path : %temp%
Md5Hash :2335b4e762a3fb280d3ad29f1d949416 ( 424816 bytes)
File: smsbomber.exe
Path : %temp%
Md5Hash :e54602d8a47864b64ee639ad001441de ( 256000 bytes)
File: steamcleaner2009.exe
Path : %temp%
Md5Hash :1d1c9ee00048e48085f5ea24e1e6b4e8 ( 338432 bytes)
File: superscan4.exe
Path : %temp%
Md5Hash :78f76428ede30e555044b83c47bc86f0 ( 207360 bytes)
File: test1.exe
Path : %temp%
Md5Hash :112eab1ecda49ee36e5919103b3c3360 ( 17920 bytes)
File: timwin.exe
Path : %temp%
Md5Hash :7cc395f58d5bd078a96f93ba2f005348 ( 454656 bytes)
File: u16event.html
Path : %temp%
Md5Hash :565c96a24bea8b909e5d21cd30e851c8 ( bytes)
File: urpwdr11rc16.exe
Path : %temp%
Md5Hash :b4489ce40da3db1e20bf5cb4873481e3 ( 1409024 bytes)
File: versary edition] - by xyr0x.exe
Path : %temp%
Md5Hash :f6674a39d5d2e481ae7e8dcc4c220ad1 ( 548864 bytes)
File: wallhacker_combat_arms.rar
Path : %temp%
Md5Hash :fd5d84f952a1e813bd9e81dccfe25f95 ( 323244 bytes)
File: wallhacker_crypted.rar
Path : %temp%
Md5Hash :fd5d84f952a1e813bd9e81dccfe25f95 ( 323244 bytes)
File: winrar380pro.exe
Path : %temp%
Md5Hash :16806309676ccf03d2f17123a120beb7 ( 1251761 bytes)
File: wow-account-generator.rar
Path : %temp%
Md5Hash :880a16beb5f54252431a1c07135a1625 ( 2127218 bytes)
File: wrackbpc.exe
Path : %temp%
Md5Hash :216625e8d7d1d8fd0b4cdbab7081cbfe ( 19968 bytes)
File: wrar38b4.exe
Path : %temp%
Md5Hash :e74dbc1c4551ea01c22afabbf1cdd980 ( 1234660 bytes)
File: xpuserhide.exe
Path : %temp%
Md5Hash :f66da20e7c36508f3bdea059c9b3abc6 ( 795136 bytes)
File: xpuserhide.exe.nb5.tmp
Path : %temp%
Md5Hash :5dc671cd06845ac480fd6afd8fab2d71 ( bytes)
File: ac3audio.ax
Path : %windir%\system32
Md5Hash :4b87d889edf278e5fa223734a9bbe79a ( 294912 bytes)
File: decaudio.ax
Path : %windir%\system32
Md5Hash :5901fe3dd2113b21a823c1ddc71c3549 ( 34816 bytes)
File: divxaf.ax
Path : %windir%\system32
Md5Hash :6c558380596acfa2cdcb3ee10a2fc922 ( 53248 bytes)
File: dvobsub.ax
Path : %windir%\system32
Md5Hash :3615d30866523d6854a88905e9ec8bb4 ( 249856 bytes)
File: libpostproc.dll
Path : %windir%\system32
Md5Hash :9ce1988020ec975f65a2412152d27275 ( 106137 bytes)
File: mmswitch.ax
Path : %windir%\system32
Md5Hash :ba8507122d05b14b90fd966e63db0c91 ( 56832 bytes)
File: mpeg2dec.dll
Path : %windir%\system32
Md5Hash :28f80ffa37b00c2dc6441ab6cf8e245d ( 167936 bytes)
File: 3ivx delta 3.5.qtx
Path : %windir%\system32\quicktime
Md5Hash :2bfc30e5d56905de57c1824652a3bd0b ( 316416 bytes)
File: 3ivx delta 3.5.qtx readme.txt
Path : %windir%\system32\quicktime
Md5Hash :4f32308af7e2ecabc9141e72e624b1a3 ( 3886 bytes)
File: ramp3cfg.exe
Path : %windir%\system32
Md5Hash :fd5c502cfba508e802957061814817a1 ( 19968 bytes)
File: simpleresize.dll
Path : %windir%\system32
Md5Hash :2ee793b523cf9cceab0cca86fc9a0e95 ( 61440 bytes)
File: [randomname].exe
Path : %workingdir%
Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
00c4bb39d557d1f0943d57ffb59d27b6 ( 20480 bytes)
01953af6502c83d3b58299e5e8f24c7e ( 31744 bytes)
04aa995274b336c19fed4898d62d7396 ( 40960 bytes)
0660209c11a2fbaccde1dcdfdb9a997c ( 36864 bytes)
07d5b2dd997bfce3aa6b683e319cbc56 ( 495616 bytes)
07e0f5d5a0d0aabfed6d3d90175c6af8 ( 17920 bytes)
081d0524ab8dd5c7437495bf252150ba ( 76800 bytes)
087e01541f4798e65290b947ed2692f5 ( 157696 bytes)
0974733ddce0b1cdbfa59f324ef2c033 ( 1456128 bytes)
0a8bc438f9ff47c2211be25050c306a8 ( 8027648 bytes)
0ad93c9156d06da5e9f1d6b25a9622df ( 37888 bytes)
0ae8f29738b09c1a25f67ee6aebb3a87 ( 30720 bytes)
0dba1048709ddf13764d738cd0ac0d9b ( 40960 bytes)
0e26c70494774b61aa0a396b2f574b4e ( 334848 bytes)
112eab1ecda49ee36e5919103b3c3360 ( 17920 bytes)
1219f1cc0fd0e64c52a3907a53158439 ( 58368 bytes)
138ec05554e5e19d915186dcce2b9fcf ( bytes)
17c2f4def7fb37cab52020f012b8ba13 ( 42496 bytes)
182c1839d4b72d039d2216884ad1e1cd ( bytes)
18998a492be3ad871fc0c2b5b7f501cc ( 60928 bytes)
1a3c7c68b430588ad44a1ae6dd899488 ( 686080 bytes)
1ad231be99c4c2c91c02cd5d259fdb8c ( 500736 bytes)
1b2e7dc0e1199ab8f5c6e024d0ae8cf8 ( 570880 bytes)
1e41c185ea1cba72b230c07d6bc1b57d ( 17920 bytes)
1e5c3ee3b7b157e629f23d7a31d489cd ( 926208 bytes)
1eedc03db972799cb3b9d4dea1b3baf4 ( 906752 bytes)
1fa400a07fa3511704b59d28c52dd532 ( 7627776 bytes)
210dded7725847f7cdb36f9a68f411b5 ( 906752 bytes)
226778a5c44b238418b282ebfeefa703 ( 233984 bytes)
23197f78063bbcbbe96b66b0bbb20910 ( 2167808 bytes)
24562bb14682ce2dda4325d545830fdd ( 1865728 bytes)
25435b2f4384a9ed463b96c02fa31526 ( 248320 bytes)
26d781fa14dcb62439423868f39d1322 ( 106496 bytes)
26e43aa2906665a7c4691cbb60257e8b ( bytes)
274a6e23134118abbc044d6641a92a93 ( 30720 bytes)
275bec8ed363551b94a2954dc60e1e3c ( 37888 bytes)
282b4e6127a9ef78c2e4576a691e07f1 ( bytes)
289e974df96a43d64366724176350a83 ( 17920 bytes)
2a65f77d717ff4acc3a4ce9536ba79b1 ( 10752 bytes)
2a7df283a363ca81c05b4ff56d041c59 ( 17920 bytes)
2e09e43746dd59072a9d2cf3086d2c92 ( 709120 bytes)
305215791c50deba0236ed0274cec2cc ( 33280 bytes)
310b2ae2f1e78271c422f4f61c112e17 ( 33792 bytes)
3350d1cb2e1cb825c01bed9da9edb585 ( bytes)
3384b76954739495901ed2b612b30881 ( 17920 bytes)
33b5ea993eb711821d76b2c621ef70ad ( 20992 bytes)
3412998381fce5b2ae45b577c150b9e9 ( 17920 bytes)
3571a7c06cb36e59e8203f869080d434 ( 4327936 bytes)
35887c215af610c1eca69c868cf24654 ( 17920 bytes)
386c78322e45db9e72f6cd86028ed01d ( 192000 bytes)
3b01d64c4b2bf85c03796ec8ffc45328 ( 17920 bytes)
3b10d1a36230a1da20bf29394a8cd3c9 ( 23520 bytes)
3b2d3daf49cfd9a1e48d2613952ebeeb ( 42312 bytes)
3b338d52c1d205789e029c6266ec6128 ( 3982544 bytes)
3b538ba752af793cfc595adff444b247 ( 403456 bytes)
3c8a3849ce35afb59e2e14be20fe98a2 ( 50176 bytes)
3ce451e589b5e8437ba38d27f61927b2 ( 17920 bytes)
3ed948d45639e3f4ff06061b35b4cb49 ( 104448 bytes)
3fa31b05b82a12ac5a4fb91dce4c163a ( 65650 bytes)
42fb74b6991b3dfe1bf6bae06715a097 ( 1021440 bytes)
44b97d5cd8bb1c33a61de9b18a6d4cb7 ( bytes)
45d173d17
File: [randomname].exe_
Path : %workingdir%
Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
3fa31b05b82a12ac5a4fb91dce4c163a ( bytes)
45d173d17211babfea867b87c52471fc ( 65650 bytes)
906f4257aabe397276fdf84627d09aae ( bytes)
File: 7z.fmt
Path : %workingdir%\[randomname].exe_ext\formats
Md5Hash :dfe17e61543ee2d59898f25d13c4c651 ( bytes)
File: ace.fmt
Path : %workingdir%\[randomname].exe_ext\formats
Md5Hash :0853f6f14b4ab8f13dbf32e1c0d315d8 ( bytes)
File: arj.fmt
Path : %workingdir%\[randomname].exe_ext\formats
Md5Hash :7503c3af91f718e4fd077c4370345ac4 ( bytes)
File: bz2.fmt
Path : %workingdir%\[randomname].exe_ext\formats
Md5Hash :5a0b68e657cbc8ec4514b9d6458a0a7f ( bytes)
File: cab.fmt
Path : %workingdir%\[randomname].exe_ext\formats
Md5Hash :ded4ea5ee9e312c40bf31a3185e24687 ( bytes)
File: gz.fmt
Path : %workingdir%\[randomname].exe_ext\formats
Md5Hash :9df11d5845da53cfd0c69b9a41ce235b ( bytes)
File: iso.fmt
Path : %workingdir%\[randomname].exe_ext\formats
Md5Hash :aa0d11730f415b2c1f8c907a3295eab3 ( bytes)
File: lzh.fmt
Path : %workingdir%\[randomname].exe_ext\formats
Md5Hash :2ea55383dd6ce490a13adcabcd3ce4fb ( bytes)
File: tar.fmt
Path : %workingdir%\[randomname].exe_ext\formats
Md5Hash :85b7ed88b6fbf614e6248b3b445c99ee ( bytes)
File: uue.fmt
Path : %workingdir%\[randomname].exe_ext\formats
Md5Hash :00975d46d68a9c06ddef822bca727cac ( bytes)
File: z.fmt
Path : %workingdir%\[randomname].exe_ext\formats
Md5Hash :6942e977ebb57c8493b9b918f6c1954f ( bytes)
File: rar.exe
Path : %workingdir%\[randomname].exe_ext
Md5Hash :2b1dd0b5af1e8cc8d9a22e3cda78a6dc ( bytes)
File: timwin.ini
Path :
Md5Hash :( bytes)
File: 7z.fmt
Path : formats
Md5Hash :( bytes)
File: 7zxa.dll
Path : formats
Md5Hash :( bytes)
File: ace.fmt
Path : formats
Md5Hash :( bytes)
File: arj.fmt
Path : formats
Md5Hash :( bytes)
File: bz2.fmt
Path : formats
Md5Hash :( bytes)
File: cab.fmt
Path : formats
Md5Hash :( bytes)
File: gz.fmt
Path : formats
Md5Hash :( bytes)
File: iso.fmt
Path : formats
Md5Hash :( bytes)
File: lzh.fmt
Path : formats
Md5Hash :( bytes)
File: tar.fmt
Path : formats
Md5Hash :( bytes)
File: unacev2.dll
Path : formats
Md5Hash :( bytes)
File: uue.fmt
Path : formats
Md5Hash :( bytes)
File: z.fmt
Path : formats
Md5Hash :( bytes)
Also creates the following files on user's System which are also created by Genuine Software :-
Note:
These file(s) can be kept as they are also created by genuine Software.
File : console rar manual.lnk
Path : %allusersprofile%\start menu\programs\winrar
Md5Hash :f493de4718a57968dc21d1536bb70d6e ( 726 bytes)
File : winrar help.lnk
Path : %allusersprofile%\start menu\programs\winrar
Md5Hash :486816ebe5f4c9e5041c0123c1a7a565 ( 745 bytes)
File : winrar.lnk
Path : %allusersprofile%\start menu\programs\winrar
Md5Hash :489de5a10c3b12ecd4e8177c2ecf6027 ( 745 bytes)
File : desktop.ini
Path : %homepath%\my documents\my pictures
Md5Hash :f958dc73dc27ae8589bc1b1dfbd18e4a ( 190 bytes)
File : caps.db
Path : %programfiles%\common files\adobe\backup
Md5Hash :86ed2df96dcfb1488db4d98c46ce210c ( 25600 bytes)
File : caps.db
Path : %programfiles%\common files\adobe\caps
Md5Hash :86ed2df96dcfb1488db4d98c46ce210c ( 25600 bytes)
File : divx help guide.url
Path : %programfiles%\divx\divx codec
Md5Hash :e9bc82f45d86838dacc4b3ecc7a569fb ( 97 bytes)
File : divx.com.url
Path : %programfiles%\divx\divx codec
Md5Hash :d8a8d168f39dde3a06cb71e538320ec4 ( 45 bytes)
File : license.txt
Path : %programfiles%\divx\divx codec
Md5Hash :4fa70a5e0904d3a01f7ebd9081dcf43a ( 7223 bytes)
File : readme.txt
Path : %programfiles%\divx\divx codec
Md5Hash :f755516187a73f8fbb86b762b7ce0094 ( 5779 bytes)
File : avisynthex.dll
Path : %programfiles%\nimocodec pack\avisynth
Md5Hash :cea9d8614edf2c05c6794646360bc837 ( 49152 bytes)
File : copying.txt
Path : %programfiles%\nimocodec pack
Md5Hash :a6a0ca1f7464252cc983d4305377ce62 ( 1447 bytes)
File : default.sfx
Path : %programfiles%\winrar
Md5Hash :375bd29168e9a29ab906a0744e754166 ( bytes)
File : descript.ion
Path : %programfiles%\winrar
Md5Hash :b63259e35240a56947ac7d8b9e720ea0 ( bytes)
File : file_id.diz
Path : %programfiles%\winrar
Md5Hash :ccbc36eea25ea92c72b897bfb32e8b26 ( bytes)
File : license.txt
Path : %programfiles%\winrar
Md5Hash :62037ef975f0100ac52c9922bca52934 ( bytes)
File : order.htm
Path : %programfiles%\winrar
Md5Hash :3458285036e0f1b8b5a66c4957028640 ( bytes)
File : rar.txt
Path : %programfiles%\winrar
Md5Hash :c899f5d4a8bb692e18e0bd0e5663e398 ( bytes)
File : rarext.dll
Path : %programfiles%\winrar
Md5Hash :04cc55f69698cb3793ae8ddc09123412 ( bytes)
File : rarext64.dll
Path : %programfiles%\winrar
Md5Hash :0392c4fce14e23040b5ace69672a03bd ( bytes)
File : rarextloader.exe
Path : %programfiles%\winrar
Md5Hash :30108227f4b8533fa3955306747f93f4 ( bytes)
File : rarfiles.lst
Path : %programfiles%\winrar
Md5Hash :af5604ff198e4b40af78f9b71b649af7 ( bytes)
File : rarnew.dat
Path : %programfiles%\winrar
Md5Hash :ad08fe53a5e484ea568d60544ef3f05c ( 20 bytes)
File : readme.txt
Path : %programfiles%\winrar
Md5Hash :383cb29e528feaeac24d9cfa539d1a18 ( bytes)
File : technote.txt
Path : %programfiles%\winrar
Md5Hash :fc44fd46bd957036b8500a528c32e21e ( bytes)
File : uninstall.exe
Path : %programfiles%\winrar
Md5Hash :9ef74f6035e34fbf1f6526fcc6970f41 ( bytes)
File : uninstall.lst
Path : %programfiles%\winrar
Md5Hash :a85e009b4bb2982912d5e589938f6cd6 ( bytes)
File : unrar.exe
Path : %programfiles%\winrar
Md5Hash :1576ff8223ee6e80ac3d7afa3cf50c8e ( bytes)
File : unrarsrc.txt
Path : %programfiles%\winrar
Md5Hash :c16bb921c05af38382f946386224b1ec ( bytes)
File : whatsnew.txt
Path : %programfiles%\winrar
Md5Hash :7d096446cf734f4f2ba9b9ccace88cee ( bytes)
File : wincon.sfx
Path : %programfiles%\winrar
Md5Hash :fd04f744d4a1157475a6752d1f1e7378 ( bytes)
File : winrar.chm
Path : %programfiles%\winrar
Md5Hash :dad50cbc6ef8f8eeaf1523988cfe4036 ( bytes)
File : winrar.exe
Path : %programfiles%\winrar
Md5Hash :6d2dcf64b787aafde7c26322f2b00409 ( bytes)
File : zip.sfx
Path : %programfiles%\winrar
Md5Hash :2fb0950da1d6e284a94f405a45cfad0a ( bytes)
File : zipnew.dat
Path : %programfiles%\winrar
Md5Hash :76cdb2bad9582d23c1f6f4d868218d6c ( 22 bytes)
File : 7zxa.dll
Path : %workingdir%\sample_extracted\894d7baa8b5a066b0084de7086f9b5bf.exe_ext\formats
Md5Hash :71fd74df7bf558f85462c60a40b4ac92 ( bytes)
File : unacev2.dll
Path : %workingdir%\sample_extracted\894d7baa8b5a066b0084de7086f9b5bf.exe_ext\formats
Md5Hash :de02c4d04088b69e64ecc30a3d9e22e5 ( bytes)
File : brc.exe
Path : %temp%
Md5Hash :5e9b9e784d976ae5608ae39f1b325313 ( 33168 bytes)
File : dvdfab5232.tmp
Path : %temp%\is-fe5gh.tmp
Md5Hash :52950ac9e2b481453082f096120e355a ( bytes)
File : langdll.dll
Path : %temp%\nsh7.tmp
Md5Hash :6e78b62a574b8ef6fe3ad1ccbd46e327 ( 5120 bytes)
File : nsi3.tmp
Path : %temp%
Md5Hash :61d9f9470bae37ce5243cf0806f257c0 ( bytes)
File : executewithuac.exe
Path : %temp%\nst3.tmp
Md5Hash :57cfd2e9cc23e1c6b0584b7afcab2eba ( 77824 bytes)
File : setup.exe
Path : %temp%
Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
57fe5ca31c417cac33d3a785f67ebe18 ( 2682880 bytes)
efc7e49bc4dc260fa427902eec505bc4 ( 735481 bytes)
File : uncensorerx.exe
Path : %temp%
Md5Hash :2a7d409fa0bf324590d49edddd299468 ( 4308992 bytes)
File : desktop.ini
Path : %userprofile%\application data
Md5Hash :88cf0ff92a4a9fa7bd9b7513b2e9e22b ( 62 bytes)
File : gdipfontcachev1.dat
Path : %userprofile%\local settings\application data
Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
7724c8e21612e7f8343b146c15bd7aa9 ( 12328 bytes)
9a238aa69f289f748fa9e7be69bf6503 ( 12328 bytes)
b86f3e552acf2817731ff5d2b9bd9801 ( 12328 bytes)
ec232509e959ffdda14166cef619b03e ( 12328 bytes)
File : msimgsiz.dat
Path : %userprofile%\local settings\application data\microsoft\internet explorer
Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
1adfeeae72de4bbc284981932db5d5e9 ( 16384 bytes)
60272cba5ad84466b761ccb17bc51037 ( 16384 bytes)
File : desktop.ini
Path : %userprofile%\local settings\history
Md5Hash :d332ce83b166d5c244d22587ad75aac4 ( 113 bytes)
File : desktop.ini
Path : %userprofile%\start menu
Md5Hash :87f8888e1d77d9cef69e901a97d40d73 ( 62 bytes)
File : desktop.ini
Path : %userprofile%\start menu\programs
Md5Hash :e694dc03fb0f8b5b3f3a38ccefec8b3c ( 234 bytes)
File : console rar manual.lnk
Path : %userprofile%\start menu\programs\winrar
Md5Hash :f493de4718a57968dc21d1536bb70d6e ( 726 bytes)
File : winrar help.lnk
Path : %userprofile%\start menu\programs\winrar
Md5Hash :486816ebe5f4c9e5041c0123c1a7a565 ( 745 bytes)
File : winrar.lnk
Path : %userprofile%\start menu\programs\winrar
Md5Hash :37a94c8772e003aef53b5c9ff3e60be4 ( 745 bytes)
File : avisynth.dll
Path : %windir%\system32
Md5Hash :e1db42ba7f841799898c29e4f7160bdf ( 339968 bytes)
File : avisynthex.dll
Path : %windir%\system32
Md5Hash :cea9d8614edf2c05c6794646360bc837 ( 49152 bytes)
File : divx.dll
Path : %windir%\system32
Md5Hash :849d448c2861c99ba7ad19198634251b ( 594432 bytes)
File : divxa32.acm
Path : %windir%\system32
Md5Hash :8b32d7f2c98e4ce24ca678551ee3f780 ( 287744 bytes)
File : divxdec.ax
Path : %windir%\system32
Md5Hash :149787bf5dbe4cf6eb470fde940ae42f ( 258048 bytes)
File : ffdshow.ax
Path : %windir%\system32
Md5Hash :728212c6be22633ab95ce624c9c32486 ( 106496 bytes)
File : l3codecp.acm
Path : %windir%\system32
Md5Hash :5b26f20e42dd44b03386401dc1265958 ( 301568 bytes)
File : libavcodec.dll
Path : %windir%\system32
Md5Hash :1e06a2f51f760d0cbb57a27c5b348cff ( 211760 bytes)
File : mp4fil32.dll
Path : %windir%\system32
Md5Hash :d9ca6f24e7fc2c4aa90f0ec824f2fa71 ( 91136 bytes)
File : mpg4c32.dll
Path : %windir%\system32
Md5Hash :1c3d8c9131ecdfe72c53a9d74cbd07ea ( 416304 bytes)
File : mpg4ds32.ax
Path : %windir%\system32
Md5Hash :99f8bd46f424a2086a0821fde445902e ( 239888 bytes)
File : msvcr70.dll
Path : %windir%\system32
Md5Hash :9972a6ed4f2388dbfa8e0a96f6f3fdf1 ( 344064 bytes)
File : ogg.dll
Path : %windir%\system32
Md5Hash :9eaa720170853f7f96a73e6de16bdcf8 ( 11264 bytes)
File : oggds.dll
Path : %windir%\system32
Md5Hash :6a80e132f51bff9cd02cd56175d64a1a ( 151552 bytes)
File : unrar.dll
Path : %windir%\system32
Md5Hash :ff6b06dcf6fc0b100353a990e58dd601 ( 157184 bytes)
File : vobsub.dll
Path : %windir%\system32
Md5Hash :b902288619c39cd15adb895e743fd989 ( 339968 bytes)
File : vorbis.dll
Path : %windir%\system32
Md5Hash :21153f454c8dee53ff4b31ce91726c1d ( 118784 bytes)
File : vorbisenc.dll
Path : %windir%\system32
Md5Hash :0c4423705d631dd87892eeff74aa1b8e ( 454656 bytes)
File : wmiprov.log
Path : %windir%\system32\wbem\logs
Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
3f8799b011cfb59cc84ed71400b4fd4d ( 3392 bytes)
d3777f1b1668828c0fb27f83a2997d34 ( 3392 bytes)
Creates the following infected Registry Keys on user's System
Note:
Delete these Registries to remove Infection
The following Registry Values are added to the provided Registry Keys :-
Note:
Delete the added Values from the Key to remove Infection
|__ Value Added :
alwaysloadfortextstreams = "[reg_dword, value: 00000001]"
|__ Value Added :
enablezpicon = "[reg_dword, value: 00000000]"
|__ Value Added :
loadlevel = "[reg_dword, value: 00000000]"
|__ Value Added :
vmrzoomenabled = "[reg_dword, value: 00000000]"
|__ Value Added :
displayname = "nimo codecs pack v5.0 (remove only)"
|__ Value Added :
uninstallstring = ""%programfiles%\nimocodec pack\uninstall.exe""
|__ Value Added :
3ivx = "[reg_dword, value: 00000001]"
|__ Value Added :
ac3audio = "[reg_dword, value: 00000001]"
|__ Value Added :
avisynth = "[reg_dword, value: 00000001]"
|__ Value Added :
company = "2000-2002, nimo_corp"
|__ Value Added :
divx5 = "[reg_dword, value: 00000001]"
|__ Value Added :
divx5show = "[reg_dword, value: 00000001]"
|__ Value Added :
divxaf = "[reg_dword, value: 00000001]"
|__ Value Added :
divxaudio = "[reg_dword, value: 00000001]"
|__ Value Added :
dvobsub = "[reg_dword, value: 00000001]"
|__ Value Added :
ffdshow = "[reg_dword, value: 00000001]"
|__ Value Added :
fmp3 = "[reg_dword, value: 00000001]"
|__ Value Added :
installdir = "%programfiles%\nimocodec pack"
|__ Value Added :
mmswitch = "[reg_dword, value: 00000001]"
|__ Value Added :
msmp4 = "[reg_dword, value: 00000001]"
|__ Value Added :
name = "nimo codecs pack 5.0"
|__ Value Added :
oggds = "[reg_dword, value: 00000001]"
|__ Value Added :
version = "5.0"
Also creates the following legitmate Registries on user's Systems which are also created by Genuine Software :-
Note:
These Keys can be kept as they are also created by genuine Software