Systweak Spyware Library
Systweak Spyware Library text
More than 21875 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Adtool.MyWebSearch Analysis Report
Threat Submitted On: 10 Nov 2008
Threat Analysed On: 11 Nov 2008
Threat Updated On: 11 Sept 2009
Type : Adtool
Symptoms of xone
  • Runs in a stealthy mode.
  • Poses as a channel for Worms and Trojans.
  • Redirects the users to other websites either for increasing the hitcount or for advertising.
  • Can even execute a DoS or DDoS attack.
  • It may even modify the registries and make the system vulnerable for attacks.
Information
Alias : [Not Available]
Md5 Hash : [4aad618c0399169324511b02d7d34218]
File Size : (28674 bytes)

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: bandwidth monitor.lnk
Path : %homepath%\desktop

Md5Hash :7438bfca732230f74093694772b28be2 ( 784 bytes)
File: mp3 to swf converter.lnk
Path : %homepath%\desktop

Md5Hash :7da550e3b4aec3bf1a58b6f1dfeed28c ( 807 bytes)
File: net meter.lnk
Path : %homepath%\desktop

Md5Hash :9ed53640853095e8a0d0602e354d614f ( 838 bytes)
File: bandwidth monitor.url
Path : %programfiles%\bandwidthmonitor

Md5Hash :c3ffe3c559c2f4aa5a2a05875c9f5346 ( 51 bytes)
File: bwmonitor.chm
Path : %programfiles%\bandwidthmonitor

Md5Hash :b9357cc96ba4858f32bc17be26ca0f4b ( 456236 bytes)
File: bwmonitor.exe
Path : %programfiles%\bandwidthmonitor

Md5Hash :b4a4001d6ece6ce5d9fe6d47a63f8749 ( 466944 bytes)
File: uninst.exe
Path : %programfiles%\bandwidthmonitor

Md5Hash :e15018d1b79c4899da7cd1d6c7436c11 ( 34972 bytes)
File: chatango.exe
Path : %programfiles%\chatango

Md5Hash :a919861aa6f07198e70a865a65721f28 ( 356352 bytes)
File: uninstall.exe
Path : %programfiles%\chatango

Md5Hash :583880e02883cef3365c9d9ff1dcf427 ( 31925 bytes)
File: updater.exe
Path : %programfiles%\chatango

Md5Hash :c0f262fa8da6347357c643900aac2cd6 ( 81920 bytes)
File: circle_gradient_1.swf
Path : %programfiles%\hootech\mp32swf\controlswf

Md5Hash :ace49abe16d0a998c4b519dea71a1286 ( 1191 bytes)
File: circle_gradient_2.swf
Path : %programfiles%\hootech\mp32swf\controlswf

Md5Hash :41f1b3457e2eb104a3923d9d41a82bce ( 2060 bytes)
File: circle_gradient_3.swf
Path : %programfiles%\hootech\mp32swf\controlswf

Md5Hash :a21d9eca40b96590083081bc1e4c2228 ( 1889 bytes)
File: circle_plain_1.swf
Path : %programfiles%\hootech\mp32swf\controlswf

Md5Hash :7da20212f6f9e2818209ae9fbbc17302 ( 1237 bytes)
File: circle_plain_2.swf
Path : %programfiles%\hootech\mp32swf\controlswf

Md5Hash :eb16b5548be707857bbe25a2df95ea98 ( 2267 bytes)
File: circle_plain_3.swf
Path : %programfiles%\hootech\mp32swf\controlswf

Md5Hash :d95eddf888033de0deaa3f8203d9d51b ( 2097 bytes)
File: circle_gradient_1.swf
Path : %programfiles%\hootech\mp32swf\controlswf\shellplayer

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
1bdc307b78c4b9921b288ff7dccc5e17 ( 1094 bytes)
ba444533960ac1f1ef83ad9623ec4bd5 ( 999 bytes)
File: circle_gradient_2.swf
Path : %programfiles%\hootech\mp32swf\controlswf\shellplayer

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
1b06b984a1db9f1cf143dc78c98031d6 ( 1740 bytes)
235779cf8db18443f04188c59f670e7c ( 1835 bytes)
File: circle_gradient_3.swf
Path : %programfiles%\hootech\mp32swf\controlswf\shellplayer

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
10be795f31b198e66b4e9ffc09bada3b ( 2059 bytes)
97e45b69adeb2c3e08a011e1500bbbd3 ( 2059 bytes)
File: circle_plain_1.swf
Path : %programfiles%\hootech\mp32swf\controlswf\shellplayer

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
0ca39ed40b4f9ac887d3dac47e2ecd30 ( 1045 bytes)
13c92c1a40047fcd4f0e66bc1a8f1448 ( 964 bytes)
File: circle_plain_2.swf
Path : %programfiles%\hootech\mp32swf\controlswf\shellplayer

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
158f34f0360b2c19774bb562e7819c23 ( 1947 bytes)
3d1252775c0d03b75d812585e8b7d67b ( 1854 bytes)
File: circle_plain_3.swf
Path : %programfiles%\hootech\mp32swf\controlswf\shellplayer

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
4f81b51b31b9cdf05ac68fd651461232 ( 2267 bytes)
87d27f94775b85798d72224f190dca8b ( 2266 bytes)
File: square_gradient_1.swf
Path : %programfiles%\hootech\mp32swf\controlswf\shellplayer

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
90627fc00b15809906f6431319e36c26 ( 1075 bytes)
c7ede2261b327ffa97903e4e32b2b7f8 ( 1074 bytes)
File: square_gradient_2.swf
Path : %programfiles%\hootech\mp32swf\controlswf\shellplayer

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
4e88ea8bb67e11147051d2ca19b3533c ( 2075 bytes)
635fdddd1c024a688e25cc47bed674d3 ( 2074 bytes)
File: square_gradient_3.swf
Path : %programfiles%\hootech\mp32swf\controlswf\shellplayer

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
60b4bf7fad89d154fa1284d12e088fb8 ( 2374 bytes)
d2ecb68abf7800110e6afbd58d10e12e ( 2373 bytes)
File: track_bar.swf
Path : %programfiles%\hootech\mp32swf\controlswf\shellplayer

Md5Hash :20580f0075afa9e1c8e8cf0870d84e66 ( 4565 bytes)
File: track_volume.swf
Path : %programfiles%\hootech\mp32swf\controlswf\shellplayer

Md5Hash :1ea97bd5775905b98dcabb1fbdd03c0b ( 5769 bytes)
File: track_volume_time.swf
Path : %programfiles%\hootech\mp32swf\controlswf\shellplayer

Md5Hash :161122d86d23132f12105146054a46db ( 6581 bytes)
File: trumpet.swf
Path : %programfiles%\hootech\mp32swf\controlswf\shellplayer

Md5Hash :a26dc0cee07618dd2eeed0cc093bf6db ( 1625 bytes)
File: square_gradient_1.swf
Path : %programfiles%\hootech\mp32swf\controlswf

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
caeee377d050cd638395c217788cbbc7 ( 1267 bytes)
e3a266627a938ee1ebbcb674363e9a35 ( 1266 bytes)
File: square_gradient_2.swf
Path : %programfiles%\hootech\mp32swf\controlswf

Md5Hash :64d792d7a48b472adbe98c3c7b73ab94 ( 2395 bytes)
File: square_gradient_3.swf
Path : %programfiles%\hootech\mp32swf\controlswf

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
9726df9927f4f3bdb5cb6f5b173d685e ( 2204 bytes)
c47a104a3954b303700c4029acf6aa99 ( 2203 bytes)
File: track_bar.swf
Path : %programfiles%\hootech\mp32swf\controlswf

Md5Hash :e1599aed06fac0d295caa61f1e25bcf9 ( 4251 bytes)
File: track_volume.swf
Path : %programfiles%\hootech\mp32swf\controlswf

Md5Hash :795dc5925b587004e9707ecf29350415 ( 5364 bytes)
File: track_volume_time.swf
Path : %programfiles%\hootech\mp32swf\controlswf

Md5Hash :f495cc5f4e85f4081eb425ad71c31f3a ( 6850 bytes)
File: trumpet.swf
Path : %programfiles%\hootech\mp32swf\controlswf

Md5Hash :a60b7ccd4cecc489329da2826bc361a4 ( 1581 bytes)
File: empty.swf
Path : %programfiles%\hootech\mp32swf

Md5Hash :551ab8e2dc601b00b711b039eac978e9 ( 85 bytes)
File: mp3 to swf converter.url
Path : %programfiles%\hootech\mp32swf

Md5Hash :3be9e0f6bda206009eeaf8fd6dbb667f ( 49 bytes)
File: mp32swf.chm
Path : %programfiles%\hootech\mp32swf

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
7aff52110461f5c00be1a8798ff6f6d4 ( 542143 bytes)
7ddf50bbe65959ac828ec475d0773ddd ( 542043 bytes)
File: mp32swf.exe
Path : %programfiles%\hootech\mp32swf

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
1213ef79f40a5ef8aa0852f03261a821 ( 1118208 bytes)
d5d8a37e5feee1b383dbb67f259f23ab ( 1101824 bytes)
File: uninst.exe
Path : %programfiles%\hootech\mp32swf

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
1040a63731ba7558dffc706eaddb77ef ( 35006 bytes)
988d893330e7c4bb8b836a0b99b217ca ( 35006 bytes)
File: hoonetmeter.exe
Path : %programfiles%\hootech\netmeter

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
3ed40a3cb87de2b26d435e748cc00521 ( 458752 bytes)
a4f14a34fc280060dd447ebe905203e1 ( 491520 bytes)
File: net meter.url
Path : %programfiles%\hootech\netmeter

Md5Hash :3be9e0f6bda206009eeaf8fd6dbb667f ( 49 bytes)
File: netmeter.chm
Path : %programfiles%\hootech\netmeter

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
6e6007690cba9c47093abf017d05352d ( 611973 bytes)
aac66bdc3358bee8e2bab35dd461e862 ( 457315 bytes)
File: uninst.exe
Path : %programfiles%\hootech\netmeter

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
99b63ee97598f6af3b9a500190de0c6f ( 34981 bytes)
f8c3e403cd6a115c060e4f2104c77e7a ( 34980 bytes)
File: uninst.exe
Path : %programfiles%\hootech\wav_mp3

Md5Hash :54a4cd3b4e0effcbd02c7cc752d0bae1 ( 34958 bytes)
File: wav mp3 converter.url
Path : %programfiles%\hootech\wav_mp3

Md5Hash :72bbe06ab445edba6ec1b55c57e31234 ( 49 bytes)
File: wav_mp3.chm
Path : %programfiles%\hootech\wav_mp3

Md5Hash :72052f3630ec5ce095d5eedc1c3b9dbd ( 389883 bytes)
File: wav_mp3.exe
Path : %programfiles%\hootech\wav_mp3

Md5Hash :93914bbfa51d1766d8de59000fcf8a2c ( 978944 bytes)
File: demo.pak
Path : %programfiles%\sky force demo

Md5Hash :aab3f98c06f7a1fa314ce8131fbf1b06 ( 668920 bytes)
File: skyforcedemopc.exe
Path : %programfiles%\sky force demo

Md5Hash :065de90f4b0badee9c61e549efe5e19f ( 1597440 bytes)
File: uninstall.exe
Path : %programfiles%\sky force demo

Md5Hash :a716ff908a96065f6f6d484a62f8b4bf ( 35039 bytes)
File: bandwidth monitor.lnk
Path : %userprofile%\start menu\programs\bandwidth monitor

Md5Hash :125288d7b03045e0bf81c42e0e17f28d ( 796 bytes)
File: help.lnk
Path : %userprofile%\start menu\programs\bandwidth monitor

Md5Hash :9af0ef2156e7929ec30268351cf72581 ( 796 bytes)
File: license agreement.lnk
Path : %userprofile%\start menu\programs\bandwidth monitor

Md5Hash :5bef8fb7bae2e372498557b5be0f358e ( 784 bytes)
File: readme.lnk
Path : %userprofile%\start menu\programs\bandwidth monitor

Md5Hash :d6f83959e7136aeb9f4042aeb6472986 ( 779 bytes)
File: uninstall.lnk
Path : %userprofile%\start menu\programs\bandwidth monitor

Md5Hash :697f6a08998b547086b06a11f66d98bc ( 563 bytes)
File: website.lnk
Path : %userprofile%\start menu\programs\bandwidth monitor

Md5Hash :2df4702955656d046becac3aaedde9e0 ( 836 bytes)
File: help.lnk
Path : %userprofile%\start menu\programs\mp3 to swf converter

Md5Hash :7b4cbcf5243c4b0715f89add42b9c89d ( 819 bytes)
File: license agreement.lnk
Path : %userprofile%\start menu\programs\mp3 to swf converter

Md5Hash :3a39ef9f50e0ce502930949f5cec79bd ( 819 bytes)
File: mp3 to swf converter.lnk
Path : %userprofile%\start menu\programs\mp3 to swf converter

Md5Hash :cbdf341bbef29ac0b3a25d6e28215cef ( 819 bytes)
File: readme.lnk
Path : %userprofile%\start menu\programs\mp3 to swf converter

Md5Hash :f0f229833790d830e2ac23e499316133 ( 814 bytes)
File: uninstall.lnk
Path : %userprofile%\start menu\programs\mp3 to swf converter

Md5Hash :9d23395bc1e1d48bf7a6c21498d73e31 ( 591 bytes)
File: website.lnk
Path : %userprofile%\start menu\programs\mp3 to swf converter

Md5Hash :ba4ea71a00b559c718f7016721a58015 ( 886 bytes)
File: help.lnk
Path : %userprofile%\start menu\programs\net meter

Md5Hash :ca6715e025a1329cda26f648d4312ff7 ( 835 bytes)
File: license agreement.lnk
Path : %userprofile%\start menu\programs\net meter

Md5Hash :1ad5678ce7f66a07123a9f9066319d10 ( 828 bytes)
File: net meter.lnk
Path : %userprofile%\start menu\programs\net meter

Md5Hash :0a8ef857781a7ab57d7ca2d90a705895 ( 850 bytes)
File: readme.lnk
Path : %userprofile%\start menu\programs\net meter

Md5Hash :2b4f2bbeaa7d686ec2ecb86fe574d3cb ( 823 bytes)
File: uninstall.lnk
Path : %userprofile%\start menu\programs\net meter

Md5Hash :7ecafb50e6a68206045ba4f9763dad0a ( 599 bytes)
File: website.lnk
Path : %userprofile%\start menu\programs\net meter

Md5Hash :e0899d05208649ad2e117750b41e7dd5 ( 840 bytes)
File: launch sky force demo.lnk
Path : %userprofile%\start menu\programs\sky force demo

Md5Hash :55b190fdb0dae16f9c741aa401535caf ( 807 bytes)
File: uninstall sky force demo.lnk
Path : %userprofile%\start menu\programs\sky force demo

Md5Hash :820f8c34c0e77e39a1d4a016f155dbca ( 866 bytes)
File: help.lnk
Path : %userprofile%\start menu\programs\wav mp3 converter

Md5Hash :80ce45d0523a08922e5ab0665e13d00a ( 819 bytes)
File: license agreement.lnk
Path : %userprofile%\start menu\programs\wav mp3 converter

Md5Hash :8b226983d45f33d4c286987d175e6bbd ( 819 bytes)
File: readme.lnk
Path : %userprofile%\start menu\programs\wav mp3 converter

Md5Hash :428f90096023bc9f30d6cf550631b464 ( 814 bytes)
File: uninstall.lnk
Path : %userprofile%\start menu\programs\wav mp3 converter

Md5Hash :0ade88340817a589dac47a0eb8e6aa20 ( 591 bytes)
File: wav mp3 converter.lnk
Path : %userprofile%\start menu\programs\wav mp3 converter

Md5Hash :0b281e7dee77b51a58f433c95422aa59 ( 819 bytes)
File: website.lnk
Path : %userprofile%\start menu\programs\wav mp3 converter

Md5Hash :6e850b891be2b9fd5b27e540167919d4 ( 871 bytes)
File: [randomname].exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
07132429b89531d4c6babbd46e2c4ba8 ( 32768 bytes)
147324ef79635cef0873f2a5a32b5b2a ( 28672 bytes)
2c37160ca3e2a3fe547abf7180439767 ( 877961 bytes)
2f0efba25ece8eb537a276b4350dff98 ( 28672 bytes)
367befee90531b6895f564ff2ac9ad7d ( 28672 bytes)
3cc9be5f706758325ac583a328760814 ( 1050087 bytes)
3cd41dc21186d3711aff43d3269c7bc5 ( 943646 bytes)
3fe657b8ae2409984cc06f9305c65a4e ( 17920 bytes)
4aad618c0399169324511b02d7d34218 ( 28674 bytes)
4ac2b0c0561a0efbcea056cbb780f877 ( 20480 bytes)
50fc87673c4cc699a43bfa161fad2c31 ( 228414 bytes)
62ad7571a3ef826b9c831a175a724ba2 ( 1269645 bytes)
6868af141d310915a75c81e103818463 ( 40960 bytes)
75ecf6a5892567d5499971bc7bd78d1b ( 717004 bytes)
7af69cfcdda2c9da23b061137efedad6 ( 874729 bytes)
b75ed6a29c4240899fa42854c78f229a ( 18432 bytes)
c6b13e06f5be7024939e03624fdb2eb0 ( 32256 bytes)
d1e7c8cdc4610490737bcbabf749c034 ( 33280 bytes)
d426a5cece33e0c10105f62e46f95066 ( 20992 bytes)
e3fd183815134be661a756c1ca9a8f06 ( 965789 bytes)
f1747363e33e38cbf2988c9b9b221e31 ( 20480 bytes)
Also creates the following files on user's System which are also created by Genuine Software :-
Note:
These file(s) can be kept as they are also created by genuine Software.
File : wav mp3 converter.lnk
Path : %homepath%\desktop

Md5Hash :78b1c007d5bd1b89b879c5506b5d867a ( 807 bytes)
The following Registry Values are added to the provided Registry Keys :-
Note:
Delete the added Values from the Key to remove Infection
|__ Value Added :
bandwidthmonitor = "%programfiles%\bandwidthmonitor\bwmonitor.exe"
|__ Value Added :
chatango = "%programfiles%\chatango\chatango.exe"
|__ Value Added :
netmeter = "%programfiles%\hootech\netmeter\hoonetmeter.exe"
Creates the following child process(s) on execution:

services.exe

Creates the Following MUTEX(s) on user's System:-
msratingmutex
raspbfile
ctf.lbes.mutexdefaults-1-5-21-979237178-4195815658-3260926698-1010
ctf.compart.mutexdefaults-1-5-21-979237178-4195815658-3260926698-1010
ctf.asm.mutexdefaults-1-5-21-979237178-4195815658-3260926698-1010
ctf.layouts.mutexdefaults-1-5-21-979237178-4195815658-3260926698-1010
ctf.tmd.mutexdefaults-1-5-21-979237178-4195815658-3260926698-1010
Tries To Connect to The Following Urls:-
Http_Version :http/1.1
63.251.92.197/deliver/cs.php
Tries To Connect's to the following IP Address(s) through UDP(User DataGram Protocal) :-

127.0.0.1

NOTE:

1. %homepath% Refers to the windows current user's profile folder. By default it is 'C:\Documents and Settings\[user]'
2. %programfiles% Refers to the program files folder. By default it is 'C:\Program Files'
3. %userprofile% Refers to the windows current user's profile folder. By default it is 'C:\Documents and Settings\[user]'
4. %workingdir% Refers to the current directory in which user is working.

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.


Microsoft Gold Certified Partner

© Systweak Inc., 1999-2011 All rights reserved.