Systweak Spyware Library
Systweak Spyware Library text
More than 21875 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Adtool.MyWebSearch Analysis Report
Threat Submitted On: 10 Nov 2008
Threat Analysed On: 11 Nov 2008
Threat Updated On: 11 Sept 2009
Type : Adtool
Symptoms of littlewitch.61
  • Performs malicious activities.
  • Fetches the user’s sensitive information.
  • Enables the attacker to control the system remotely.
Information
Alias : [Not Available]
Md5 Hash : [27e96679d6cd7a21722403aaaddd0335]
File Size : [Not Available]

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: rundll.exe
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
0a194abfbb9e31acf60155ee07b8f4ab ( 94298 bytes)
0b4d9eace3f3ebf97583818770f03598 ( 39514 bytes)
14bc133a934a5237323806be19c75000 ( 41180 bytes)
18807497d46b7994734a4f411d99cd07 ( 90712 bytes)
1955752ca2c2eddeeda0327337f410a0 ( 1996343 bytes)
433aabab598e529dfd1665aafd903bca ( 126515 bytes)
45325c3f6922b90d727a0b1a5578215e ( 91736 bytes)
6ac64eb3ad4d4abc5d81d3627340e498 ( 39512 bytes)
756513aa4e090e6a750da70b5a71cc6a ( 95320 bytes)
93d2d407283e560e3f9494768c07cfc0 ( 39512 bytes)
a8b0d2370f463845c8e59a71efeec468 ( 39512 bytes)
b42bc4cddd9735c9a87ac47a11457627 ( 1996343 bytes)
cf13158f82d18a9662982a814d7d0172 ( 41182 bytes)
File: usr.dat
Path : %windir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
0ada5682d2e6d2f98912eb3e2ecd79a5 ( 89 bytes)
2ab0669d3f5f277e0567258809e61fb2 ( 89 bytes)
45ec5b163fcf8251b407e94d172d91be ( 89 bytes)
9c73baaaf9a25f7ecfe735589490f839 ( 89 bytes)
a06a113bfed69d5e27bbdc0eba2d453c ( 420 bytes)
a93251a879b5f5a63fc9e3ba8a38f0da ( 54 bytes)
d407c3ab6699bee1d9b09ebc3e39392d ( 420 bytes)
File: [randomname].exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
0a194abfbb9e31acf60155ee07b8f4ab ( bytes)
0b4d9eace3f3ebf97583818770f03598 ( bytes)
0ceb6139bfce8fc49730857ae834c86e ( 1951744 bytes)
0db0336a5e82570e7ad444954774a3b8 ( 1943554 bytes)
130728edda4591abf69aa57778a925c1 ( 1748994 bytes)
1446a4fe19ae76f8e2a3cdff08838091 ( 2009943 bytes)
14bc133a934a5237323806be19c75000 ( bytes)
18807497d46b7994734a4f411d99cd07 ( bytes)
1955752ca2c2eddeeda0327337f410a0 ( bytes)
1c2214d00843e272d363815e553969cc ( bytes)
2172b4763d6a6911543572704237d66d ( bytes)
21ec32415638fca869aa679ee7bcc55d ( 1923072 bytes)
27e96679d6cd7a21722403aaaddd0335 ( bytes)
2a7117151faa45fa5038489211bc7867 ( bytes)
2b2f904f1362a9042fa1691560a1a5ab ( bytes)
38e708fb892ab02559bd51b565c50b09 ( bytes)
40b792e8b6ff7c138247d0bb6a8f98d3 ( 1748992 bytes)
415c2159495c311eda3e358a67176728 ( 1748992 bytes)
433aabab598e529dfd1665aafd903bca ( bytes)
4416a30b6d82f1ede0b0e8e6ed583e6e ( 1748954 bytes)
45325c3f6922b90d727a0b1a5578215e ( bytes)
60ddd68fb1e604b2dd474d8a76c89cb7 ( 102883 bytes)
6ac64eb3ad4d4abc5d81d3627340e498 ( bytes)
756513aa4e090e6a750da70b5a71cc6a ( bytes)
765f79f9b0e47cc4be5c113702a8df14 ( 1943552 bytes)
8d3e042f8471ae1a2f0c9a004f1f9b78 ( 2423320 bytes)
93d2d407283e560e3f9494768c07cfc0 ( bytes)
9483f11f74d6f0db6c50d089b66ef04f ( bytes)
a01e2256b5ec102a55b1545f397cd0b4 ( 4172695 bytes)
a427eaa6b828fe0ee6cc4febf2dd2f0c ( bytes)
a47719771159c10873e997ee1d876e91 ( bytes)
a8b0d2370f463845c8e59a71efeec468 ( bytes)
b42bc4cddd9735c9a87ac47a11457627 ( bytes)
b7e7b592bbd8c667477101cf06f15297 ( 1953280 bytes)
bd2831db53d78edb1ca9496341e54098 ( 99726 bytes)
cbbaf6e92e3157f3aa0cfa1fa569fab1 ( bytes)
cd5728c8e4b189820376b19c46800d57 ( bytes)
ce6e98e6a147c88f7f6290800a9f0f67 ( 87552 bytes)
cf13158f82d18a9662982a814d7d0172 ( bytes)
db051760f9c5516d14bee7fcd946a16a ( 101237 bytes)
db6fcaacd6e6cf2f81e218cb2ba84d4a ( 1951232 bytes)
e17b055362a399e5b6416f5506763b00 ( bytes)
e413cda61241957b96cb39cb71186e9e ( 1942016 bytes)
f1f5da41d9685747d74259052a85c968 ( 1953282 bytes)
f269ed82bc5abe2b192f359235e675b4 ( 445440 bytes)
f3269b81d4aeeb43697c893121bcfb6b ( bytes)
f5ff13524b89c38d68d77b17c349118f ( bytes)
Also creates the following files on user's System which are also created by Genuine Software :-
Note:
These file(s) can be kept as they are also created by genuine Software.
File : rundll.exe
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
0ba0fb4f65cb7df045ca94e8a4a8113e ( 43740 bytes)
1c2214d00843e272d363815e553969cc ( 96013 bytes)
2172b4763d6a6911543572704237d66d ( 41560 bytes)
27e96679d6cd7a21722403aaaddd0335 ( 673316 bytes)
2a7117151faa45fa5038489211bc7867 ( 43740 bytes)
2b2f904f1362a9042fa1691560a1a5ab ( 43742 bytes)
38e708fb892ab02559bd51b565c50b09 ( 40024 bytes)
9483f11f74d6f0db6c50d089b66ef04f ( 39512 bytes)
a427eaa6b828fe0ee6cc4febf2dd2f0c ( 38488 bytes)
a47719771159c10873e997ee1d876e91 ( 37976 bytes)
cbbaf6e92e3157f3aa0cfa1fa569fab1 ( 91224 bytes)
cd5728c8e4b189820376b19c46800d57 ( 38488 bytes)
dc280447398cd5cc945b9b284381ce4a ( 38488 bytes)
e17b055362a399e5b6416f5506763b00 ( 41560 bytes)
f5ff13524b89c38d68d77b17c349118f ( 37976 bytes)
The following Registry Values are added to the provided Registry Keys :-
Note:
Delete the added Values from the Key to remove Infection
|__ Value Added :
rundll = "rundll"
|__ Value Added :
rundll = "rundll.exe"
Creates the following child process(s) on execution:

%windir%\system32\rundll.exe %workingdir%\[random name].exe

services.exe

Tries To Connect to The Following Urls:-
Http_Version :http/1.1
200.42.0.130/argentina/capital_federal/yosoyelmencho/irc
Copies the Following Files to Given Location :-

Copies :%workingdir%\[random name].exe

To : %windir%\system32\rundll.exe

NOTE:

1. %windir% Refers to the windows root folder. By default it is 'C:\Windows'
2. %workingdir% Refers to the current directory in which user is working.

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.


Microsoft Gold Certified Partner

© Systweak Inc., 1999-2011 All rights reserved.