Systweak Spyware Library
Systweak Spyware Library text
More than 21875 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Adtool.MyWebSearch Analysis Report
Threat Submitted On: 10 Nov 2008
Threat Analysed On: 11 Nov 2008
Threat Updated On: 11 Sept 2009
Type : Adtool
Symptoms of sadenav
  • Performs illicit activities under the disguise of a useful program.
  • Download malicious code and programs such as keyloggers.
  • It is capable of fetching user’s personal and confidential information.
Information
Alias : [Not Available]
Md5 Hash : [e0e88b08595af9e2e971d45ed6e32787]
File Size : (2326528 bytes)

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: [RandomName].dat
Path : %workingdir%

Md5Hash :cd091c672a179ee4e63d8735d4086769 ( 52736 bytes)
File: [RandomName].dat
Path : %workingdir%

Md5Hash :3ba01535ffe8998d3e92170f2928d6f5 ( 51712 bytes)
File: [RandomName].dat
Path : %workingdir%

Md5Hash :9ba5c1158a54f128ed4120ee53ffde59 ( 52224 bytes)
File: [RandomName].dat
Path : %workingdir%

Md5Hash :c1343b7dfe219f78e33a3fedf80f5d27 ( 51712 bytes)
File: [RandomName].dat
Path : %workingdir%

Md5Hash :b6ecb1c2a0cf7e47231422afbde03358 ( 52224 bytes)
File: [RandomName].dat
Path : %workingdir%

Md5Hash :7b6a58a7b02f0134d1e640456c978d24 ( 52224 bytes)
File: [RandomName].dat
Path : %workingdir%

Md5Hash :c3d26ae971c0f1bda03d6afe33973b23 ( 51712 bytes)
File: [RandomName].dat
Path : %workingdir%

Md5Hash :b6ef169957ff35ff4884ff5f26018ca9 ( 51712 bytes)
File: [RandomName].plx1
Path : %workingdir%

Md5Hash :4e8e174f7bfcb2084b26d0c6ab94911f ( 52224 bytes)
File: [RandomName].dat
Path : %workingdir%

Md5Hash :4e82d2d719d22a649fd5a6e08fcdfd75 ( 52224 bytes)
File: [RandomName].dat
Path : %workingdir%

Md5Hash :3cdbbb9b7d71235477518dbaa41d681d ( 51712 bytes)
File: [RandomName].dat
Path : %workingdir%

Md5Hash :974433196c3b2ced452a2be7178b08c2 ( 52224 bytes)
File: [RandomName].dat
Path : %workingdir%

Md5Hash :cbb25fadd3b0cf7e7302ebcf3e1e348b ( 51712 bytes)
File: [RandomName].exi1
Path : %workingdir%

Md5Hash :bd9b40005e31c7647aebe0a19f13c84e ( 51712 bytes)
File: [RandomName].dat
Path : %workingdir%

Md5Hash :bfb80dcfe1b197f2e7f241c86dbe000c ( 51712 bytes)
File: [RandomName].dat
Path : %workingdir%

Md5Hash :6d622a6ea6041453a0d3efab0e72e344 ( 52224 bytes)
File: [RandomName].dat
Path : %workingdir%

Md5Hash :dd9bba3bcb1add0d3b60b9e20a7c93e1 ( 52224 bytes)
File: [RandomName].dat
Path : %workingdir%

Md5Hash :29bb71279a9cd355737649d726a29f05 ( 52224 bytes)
File: [RandomName].dat
Path : %workingdir%

Md5Hash :0f14cf4134f56fcfe6af7ce034f46932 ( 52224 bytes)
File: [RandomName].dat
Path : %workingdir%

Md5Hash :9e23a51bbeee518bfc5f02d3a00bbfb2 ( 52224 bytes)
File: [RandomName].dat
Path : %workingdir%

Md5Hash :bc4b41e7f8c6df45b6a9216dfad0a933 ( 51200 bytes)
File: [RandomName].dat
Path : %workingdir%

Md5Hash :81b79fd6b168cfdc9375f58b98dbeb32 ( 52736 bytes)
File: [RandomName].dat
Path : %workingdir%

Md5Hash :de08c2247f5929699bc02fbc3d8fc0cd ( 51712 bytes)
File: [RandomName].ex81
Path : %workingdir%

Md5Hash :640893329170e6061d13896f2cd88f31 ( 51712 bytes)
File: [RandomName].dat
Path : %workingdir%

Md5Hash :ff1bf1ca6e5b41822299bc8554fa968c ( 51712 bytes)
File: [RandomName].dat
Path : %workingdir%

Md5Hash :68704fe6a12e8d91eb270589492f7273 ( 52224 bytes)
File: [RandomName].dat
Path : %workingdir%

Md5Hash :b78682277c9d40846c8d46b260253ca1 ( 51712 bytes)
File: [RandomName].dat
Path : %workingdir%

Md5Hash :bc8728616010ebcf69d5b9d7a944f048 ( 51712 bytes)
File: [RandomName].dat
Path : %workingdir%

Md5Hash :08b5dce1d595c7fd05051f62e9a22c96 ( 51712 bytes)
File: [RandomName].dat
Path : %workingdir%

Md5Hash :0c3d6163df16f64dbfa43f40e6a5071a ( 52224 bytes)
File: img1.flv
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
2b8dec9629d07256f47c39ec39a2f045 ( 48640 bytes)
39dfdc9eb87c39528fc93c1b526448c5 ( 48640 bytes)
583dde27c435e71dd17b6888eeca3ce1 ( 48128 bytes)
61ee23f6414d6c305815d32dd7e84582 ( 48640 bytes)
6b1ffbcf22084cba4e4ea024e2e972e4 ( 48640 bytes)
76dae88865b8ed14f2d161a9b43c56bc ( 49152 bytes)
8378e48447d36d5781e8c23c88240e56 ( 48128 bytes)
9efc198850010ed4103893ed0921fc33 ( 48128 bytes)
abe11d14cdc8b3ea08cf72ad954ac896 ( 48128 bytes)
bf6b8b37b652b1c27f85712b6c521530 ( 48128 bytes)
c21fa4f8ace0241bdaa1ed873c269554 ( 48640 bytes)
e1386d0c9ae4a6c76a3c185b578dcacf ( 48640 bytes)
File: img2.flv
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
306058a9fb3a063a16fc076a53820816 ( 93696 bytes)
34fb38e813e26203ba8f2aabf66a0e50 ( 92672 bytes)
442dd5bf792432202f604b991c4a802d ( 92672 bytes)
626915992b757ba0bb842bd9a8ad3a48 ( 92672 bytes)
6d2e1611375ec636720fd6f174ef68b7 ( 93696 bytes)
6f2b10bfea65c77525dc1d61b6363e32 ( 93696 bytes)
75a45cf73ba3f2457823ecd121cb360d ( 93184 bytes)
81ad33a8edb671ac8ed2e3a485bc363e ( 93184 bytes)
9048f9244e53171b259d76a3350f5d0d ( 92672 bytes)
caf0688185673d9abed13ff6be9b8a1d ( 92672 bytes)
e4df0bc96e6169a51a202578fcc48541 ( 93184 bytes)
fcb854f9ab5173951b4a4d0ee93b3171 ( 92672 bytes)
File: tmp_1023921881.exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
093d9753c99ee7559dc933b76f3eae1b ( 154112 bytes)
4ae410bae660632cc08e5e2a049e8981 ( 373760 bytes)
850f8fb5c813fddd0b34e0d5de597d8a ( 373760 bytes)
9b10fc94c1ca4a99ac151deb79e0adbe ( 374272 bytes)
a7a2df9c064553d425cd0df9cc2274d9 ( 374272 bytes)
d720e1f8c7817e28a53801ba625614f4 ( 374272 bytes)
File: za0abd02825ae62c1aefcb97eb5fff626e.exe
Path : %workingdir%

Md5Hash :59b616b6f1b23782b26b76c80d66cb3f ( 763392 bytes)
File: za3f9c23f9435359b101cc82399adf3472.exe
Path : %workingdir%

Md5Hash :8349ab74413b9be506fd77ac208ca964 ( 712192 bytes)
File: za467b60e6a12383b93a7100b1703599c4.exe
Path : %workingdir%

Md5Hash :557e5ccffca3e0c6e7dafe7140058ffb ( 768000 bytes)
File: za529bc0ba1987355951a5b346bfa81eef.exe
Path : %workingdir%

Md5Hash :1a2d4a89b7e32e3f84b6f243f11a2129 ( 765440 bytes)
File: za98c8d4474f7e6cb215892520be3ac3d6.exe
Path : %workingdir%

Md5Hash :79777078efbbd29f99f6cbd82a000389 ( 712192 bytes)
File: za99c1c21cab7207c1343cdfd8ad1ab82d.exe
Path : %workingdir%

Md5Hash :81fbf198a5e88a525d5bf7c431e372cd ( 711168 bytes)
File: zab601949c5194879b888cee61b34ebcaf.exe
Path : %workingdir%

Md5Hash :e927e37ea57531d2848b190e77f9f88b ( 712192 bytes)
File: zab939ea5623f5e59460aaa7d3e971b15b.exe
Path : %workingdir%

Md5Hash :5d8bb69b2347b8e8d123a6c4e8df6e2d ( 767488 bytes)
File: zaced119c63115b4b2f3086e3436fc730c.exe
Path : %workingdir%

Md5Hash :fff0ea58f19c3c8d1c4cc4d962cde274 ( 768512 bytes)
File: zad3cc82f0fb91cee144774476237a6137.exe
Path : %workingdir%

Md5Hash :405bb1165508abdaab070a53de234b42 ( 768000 bytes)
File: zad763289721c2a72a8aec4fd07360de77.exe
Path : %workingdir%

Md5Hash :91c841faf42c1ab7fc68d613400a1e21 ( 711680 bytes)
File: zaff31dabc3e79127396e50e7a1edb5c70.exe
Path : %workingdir%

Md5Hash :d225dc727aaedff0230aa32bdc4b97c0 ( 711168 bytes)
File: elcsbwllq.exe
Path : %windir%\system32

Md5Hash :ee1bdf5acd0ab3525a946a147203f38b ( 1491456 bytes)
File: img1.flv
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
6b1ffbcf22084cba4e4ea024e2e972e4 ( 48640 bytes)
7368cddaead4bdcf580584458c400b1c ( 48640 bytes)
77e36c700d656216950bda18ce6f3084 ( 48128 bytes)
e23f6d70d024cbda3ab8b937f715928c ( 47616 bytes)
File: img2.flv
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
0d5808bcf68be9bc3f4f3a06401d657e ( 93696 bytes)
11db90bb86632a46848771b84f509996 ( 92672 bytes)
81ad33a8edb671ac8ed2e3a485bc363e ( 93184 bytes)
cc99550910c6e10ef284baf1e5d92ba4 ( 93184 bytes)
File: kvrllwxxx.exe
Path : %windir%\system32

Md5Hash :730b702e50fd0ca007e33dbf9b4b7f9e ( 766976 bytes)
File: ldeqawskx.exe
Path : %windir%\system32

Md5Hash :b601949c5194879b888cee61b34ebcaf ( 1479168 bytes)
File: srlsxwvsv.exe
Path : %windir%\system32

Md5Hash :e3631442f26e22c4025dc24eb30c5893 ( 1490944 bytes)
File: tmp1.dat
Path : %windir%\system32

Md5Hash :4d97b8b2cf41cdc2e572d4e041cf6091 ( 49152 bytes)
File: tmp2.dat
Path : %windir%\system32

Md5Hash :abd29e993e92e3a6d898470ca220286c ( 93696 bytes)
File: vakxdwsrx.exe
Path : %windir%\system32

Md5Hash :b7dcda6322ca4f68e6ce7c5e20b5be22 ( 1489920 bytes)
File: wkpcxwkkl.exe
Path : %windir%\system32

Md5Hash :01008bc2d1352f375d32c4dca6cea5e1 ( 766464 bytes)
File: xdlalwrlk.exe
Path : %windir%\system32

Md5Hash :cdbd616bcbd561d1648a6070ee0b2459 ( 1479168 bytes)
File: zaelcsbwllq.exe
Path : %windir%\system32

Md5Hash :908cf32925f9eda8f5e94fb6701d53c5 ( 718848 bytes)
File: zaldeqawskx.exe
Path : %windir%\system32

Md5Hash :e927e37ea57531d2848b190e77f9f88b ( 712192 bytes)
File: zasrlsxwvsv.exe
Path : %windir%\system32

Md5Hash :62b44d216b3c063ea5cd260bc2302e61 ( 718336 bytes)
File: zavakxdwsrx.exe
Path : %windir%\system32

Md5Hash :aaf6da318cb9d73f7c058a3803506fe9 ( 717824 bytes)
File: zaxdlalwrlk.exe
Path : %windir%\system32

Md5Hash :bc853bdafe8518af5e66a4b5dbfb1f2d ( 712192 bytes)
File: [randomname].exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
02d09b7684a6e5fd11e67dfdf18b834c ( 52224 bytes)
031f90287734382691cccf5c531a3530 ( 51712 bytes)
05104dad3ba6ed42b003b425764451d4 ( 720384 bytes)
054a9fdffca34b2b353e7630f909823a ( 1466880 bytes)
066cb1386d58084887ac8d8f49967e03 ( 1465856 bytes)
0786fd5e5002553afd7b8153dd5d9d69 ( bytes)
08e3cd10365eb89af59acefe563fa6e3 ( 48128 bytes)
0abd02825ae62c1aefcb97eb5fff626e ( 1462784 bytes)
0ad51ce2876863c8b3c446c7a5005b4f ( 1462784 bytes)
0b29ee3ed1cecc995319a8a1a027e28a ( 766976 bytes)
0f93a8fe8056da2e4b36b0b5e4a812a3 ( 51712 bytes)
0f979daffa5562c7272671b07cf3ee05 ( 52224 bytes)
113aea78dc19636a66c9560e9bf4a97a ( 1464320 bytes)
11de24bd03b08af73d3ca15bf10b8616 ( 52224 bytes)
13019174c98145e62269eb2df7fe46b6 ( 50688 bytes)
134aa2eab4837f4f92ca6df587348934 ( 2326016 bytes)
14bed9b2d5d7732fd30e212d42da9d48 ( 1465344 bytes)
15113955021cd619b664395bdbfd29af ( 52224 bytes)
152c80c516d0d381267f908888ce6f7b ( 51712 bytes)
16b2c71dbccb9b430f52288a0a8abb41 ( 1479680 bytes)
17cdafaec6c882c46727385572600fce ( 52224 bytes)
18808f9bc88cfa39c17b7e5434d0045f ( 52224 bytes)
1a6e25ade699c34f3e166912de4db9c6 ( 1466880 bytes)
1bf5f2082a4a787e49b80dacd903d7de ( 52224 bytes)
1d4550974972a4451d2bc79e272646c6 ( 1463808 bytes)
1ede7ec4d0646435b88e2ec1a345eedc ( 51200 bytes)
2044714e641615c27152f912df5e45f1 ( 647680 bytes)
2062cd15a1bc8b8cf9d5444f3c6b7570 ( 1466368 bytes)
2063ed6abd602ecbc05ba127454cb618 ( 51200 bytes)
2153f3e881c12f37d185e3dda1e1ce22 ( 2355200 bytes)
24430aa173cfb48940af24b0cd8589af ( 1478656 bytes)
2513a22ed71b61d36855a2b2df88ce97 ( 1490944 bytes)
25a1b88de886ae7c4760ad1aa26957de ( 51712 bytes)
260c0470be3f7bac9b710fc634ef68a7 ( 1466880 bytes)
2803f3927b6c9a852ba4a277103523c1 ( 1466368 bytes)
283589ad69dd441af8d84aac9b67d436 ( 1464320 bytes)
2855f3dfa6d81ac925d6b3458e9780fb ( 52224 bytes)
28f37d2a79ca28e003e467ccb0df6d34 ( 51712 bytes)
29085ba99d13a2d802b5ebeed1c24e27 ( 1464832 bytes)
294d8bb5687facd0a320c6d5c27268a3 ( 646656 bytes)
299870ad7c196add99323101d89f444c ( bytes)
29a7082a077ecb030812c035fbf89b75 ( 51712 bytes)
2aca34cfc385f5b2bd667b0b91e461e5 ( 51712 bytes)
2be7472e06b8bb4b7b297eb5541d7263 ( 1465856 bytes)
2cffe01aa09412bd534c8001629f02ff ( 51200 bytes)
2dc9ec78dc9a62ab913b77d87188c6e6 ( 718336 bytes)
2df7c75c11b5d5e7e5d5848bbe279670 ( 51712 bytes)
3126d476dc592ea826234eb2a5a9929e ( 52224 bytes)
327a98a4a06d1e6757cd20ad8b2a4f81 ( 1465856 bytes)
32c8468d79f6803112f911b402925533 ( 1478656 bytes)
330363f7c86cd0f444895d3a5a528387 ( 51712 bytes)
3378853cfd616f20caee0d21b68161c8 ( 1479680 bytes)
37c06fc8bb2c7169bb17799df55ede88 ( 1478144 bytes)
3895565e126eae1450d13820c479d5e4 ( 1463808 bytes)
39f4e3d5c25812904ea9ae14e803c2f0 ( 51712 bytes)
3adad8814ce641c771b3229e4d959177 ( 1462784 bytes)
3b022a490582e822084d96a0c49a8b1d ( 1463296 bytes)
3be68134b24ccb1c1b35a4056f0e0e63 ( 51712 bytes)
3c68a6dba491de954bf250b94624d288 ( 1465344 bytes)
3c73e8dfd04806b975f04112084777eb ( 711680 bytes)
3d7ba26d15
The following Registry Values are added to the provided Registry Keys :-
Note:
Delete the added Values from the Key to remove Infection
|__ Value Added :
embeddedwb 14.52 from: http://www.bsalsa.com/ embeddedwb 14.52 = ""
|__ Value Added :
283589ad69dd441af8d84aac9b67d436.exe = "%SYSTEMDRIVE%\data\283589ad69dd441af8d84aac9b67d436.exe"
|__ Value Added :
3895565e126eae1450d13820c479d5e4.exe = "%SYSTEMDRIVE%\data\3895565e126eae1450d13820c479d5e4.exe"
|__ Value Added :
3adad8814ce641c771b3229e4d959177.exe = "%SYSTEMDRIVE%\data\3adad8814ce641c771b3229e4d959177.exe"
|__ Value Added :
70c2101666de91f1e2f8339bce80c818.exe = "%SYSTEMDRIVE%\data\70c2101666de91f1e2f8339bce80c818.exe"
|__ Value Added :
88fa32ab43525a2abff0c42e1a3cfb08.exe = "%SYSTEMDRIVE%\data\88fa32ab43525a2abff0c42e1a3cfb08.exe"
|__ Value Added :
91777df2dec68b31984c81b9d9fbc49e.exe = "%SYSTEMDRIVE%\data\91777df2dec68b31984c81b9d9fbc49e.exe"
|__ Value Added :
a13a3eddeb2cfc61db825a0102d81e32.exe = "%SYSTEMDRIVE%\data\a13a3eddeb2cfc61db825a0102d81e32.exe"
|__ Value Added :
fdbb4e7b256e96746785f77050f02d6a.exe = "%SYSTEMDRIVE%\data\fdbb4e7b256e96746785f77050f02d6a.exe"
|__ Value Added :
054a9fdffca34b2b353e7630f909823a.exe = "%SYSTEMDRIVE%\data\054a9fdffca34b2b353e7630f909823a.exe"
|__ Value Added :
066cb1386d58084887ac8d8f49967e03.exe = "%SYSTEMDRIVE%\data\066cb1386d58084887ac8d8f49967e03.exe"
|__ Value Added :
0abd02825ae62c1aefcb97eb5fff626e.exe = "%SYSTEMDRIVE%\data\0abd02825ae62c1aefcb97eb5fff626e.exe"
|__ Value Added :
0ad51ce2876863c8b3c446c7a5005b4f.exe = "%SYSTEMDRIVE%\data\0ad51ce2876863c8b3c446c7a5005b4f.exe"
|__ Value Added :
0b29ee3ed1cecc995319a8a1a027e28a.exe = "%SYSTEMDRIVE%\data\0b29ee3ed1cecc995319a8a1a027e28a.exe"
|__ Value Added :
113aea78dc19636a66c9560e9bf4a97a.exe = "%SYSTEMDRIVE%\data\113aea78dc19636a66c9560e9bf4a97a.exe"
|__ Value Added :
14bed9b2d5d7732fd30e212d42da9d48.exe = "%SYSTEMDRIVE%\data\14bed9b2d5d7732fd30e212d42da9d48.exe"
|__ Value Added :
16b2c71dbccb9b430f52288a0a8abb41.exe = "%SYSTEMDRIVE%\data\16b2c71dbccb9b430f52288a0a8abb41.exe"
|__ Value Added :
1a6e25ade699c34f3e166912de4db9c6.exe = "%SYSTEMDRIVE%\data\1a6e25ade699c34f3e166912de4db9c6.exe"
|__ Value Added :
1d4550974972a4451d2bc79e272646c6.exe = "%SYSTEMDRIVE%\data\1d4550974972a4451d2bc79e272646c6.exe"
|__ Value Added :
2062cd15a1bc8b8cf9d5444f3c6b7570.exe = "%SYSTEMDRIVE%\data\2062cd15a1bc8b8cf9d5444f3c6b7570.exe"
|__ Value Added :
2513a22ed71b61d36855a2b2df88ce97.exe = "%SYSTEMDRIVE%\data\2513a22ed71b61d36855a2b2df88ce97.exe"
|__ Value Added :
260c0470be3f7bac9b710fc634ef68a7.exe = "%SYSTEMDRIVE%\data\260c0470be3f7bac9b710fc634ef68a7.exe"
|__ Value Added :
2803f3927b6c9a852ba4a277103523c1.exe = "%SYSTEMDRIVE%\data\2803f3927b6c9a852ba4a277103523c1.exe"
|__ Value Added :
29085ba99d13a2d802b5ebeed1c24e27.exe = "%SYSTEMDRIVE%\data\29085ba99d13a2d802b5ebeed1c24e27.exe"
|__ Value Added :
2be7472e06b8bb4b7b297eb5541d7263.exe = "%SYSTEMDRIVE%\data\2be7472e06b8bb4b7b297eb5541d7263.exe"
|__ Value Added :
327a98a4a06d1e6757cd20ad8b2a4f81.exe = "%SYSTEMDRIVE%\data\327a98a4a06d1e6757cd20ad8b2a4f81.exe"
|__ Value Added :
32c8468d79f6803112f911b402925533.exe = "%SYSTEMDRIVE%\data\32c8468d79f6803112f911b402925533.exe"
|__ Value Added :
3378853cfd616f20caee0d21b68161c8.exe = "%SYSTEMDRIVE%\data\3378853cfd616f20caee0d21b68161c8.exe"
|__ Value Added :
37c06fc8bb2c7169bb17799df55ede88.exe = "%SYSTEMDRIVE%\data\37c06fc8bb2c7169bb17799df55ede88.exe"
|__ Value Added :
3b022a490582e822084d96a0c49a8b1d.exe = "%SYSTEMDRIVE%\data\3b022a490582e822084d96a0c49a8b1d.exe"
|__ Value Added :
3c68a6dba491de954bf250b94624d288.exe = "%SYSTEMDRIVE%\data\3c68a6dba491de954bf250b94624d288.exe"
|__ Value Added :
3e9ad2ecbfec260c3b1e45d30d932c30.exe = "%SYSTEMDRIVE%\data\3e9ad2ecbfec260c3b1e45d30d932c30.exe"
|__ Value Added :
3f9c23f9435359b101cc82399adf3472.exe = "%SYSTEMDRIVE%\data\3f9c23f9435359b101cc82399adf3472.exe"
|__ Value Added :
426830ba4bcc801771dfdd6ee0f6f0ca.exe = "%SYSTEMDRIVE%\data\426830ba4bcc801771dfdd6ee0f6f0ca.exe"
|__ Value Added :
432554c4ca332f727b97d59636d6b4a5.exe = "%SYSTEMDRIVE%\data\432554c4ca332f727b97d59636d6b4a5.exe"
|__ Value Added :
43919041d6aa30066e8a7492996d6b3f.exe = "%SYSTEMDRIVE%\data\43919041d6aa30066e8a7492996d6b3f.exe"
|__ Value Added :
463ae8c66a27fdb9b10235d904e929ff.exe = "%SYSTEMDRIVE%\data\463ae8c66a27fdb9b10235d904e929ff.exe"
|__ Value Added :
464ca180cac3c28b5921e2b9af35e845.exe = "%SYSTEMDRIVE%\data\464ca180cac3c28b5921e2b9af35e845.exe"
|__ Value Added :
467b60e6a12383b93a7100b1703599c4.exe = "%SYSTEMDRIVE%\data\467b60e6a12383b93a7100b1703599c4.exe"
|__ Value Added :
484529dcb26f6bfae612100e6d086c37.exe = "%SYSTEMDRIVE%\data\484529dcb26f6bfae612100e6d086c37.exe"
|__ Value Added :
48bc4202485f1f276f4c9049b2a0beea.exe = "%SYSTEMDRIVE%\data\48bc4202485f1f276f4c9049b2a0beea.exe"
|__ Value Added :
4b0ea6d4767f6b79b506d2103bc1c8ca.exe = "%SYSTEMDRIVE%\data\4b0ea6d4767f6b79b506d2103bc1c8ca.exe"
|__ Value Added :
4cea1e5df629071c3af906238858c2bf.exe = "%SYSTEMDRIVE%\data\4cea1e5df629071c3af906238858c2bf.exe"
|__ Value Added :
4f23607048d42a947c1d541b740906fc.exe = "%SYSTEMDRIVE%\data\4f23607048d42a947c1d541b740906fc.exe"
|__ Value Added :
50f2abb8e1e344a84f1ab63b42121f2a.exe = "%SYSTEMDRIVE%\data\50f2abb8e1e344a84f1ab63b42121f2a.exe"
|__ Value Added :
529bc0ba1987355951a5b346bfa81eef.exe = "%SYSTEMDRIVE%\data\529bc0ba1987355951a5b346bfa81eef.exe"
|__ Value Added :
56670fa90a9363eff33420811688e31d.exe = "%SYSTEMDRIVE%\data\56670fa90a9363eff33420811688e31d.exe"
|__ Value Added :
57e20a154ef87ebea5234637f041269d.exe = "%SYSTEMDRIVE%\data\57e20a154ef87ebea5234637f041269d.exe"
|__ Value Added :
5a236e180097b0841bd1ac27dfdc55a0.exe = "%SYSTEMDRIVE%\data\5a236e180097b0841bd1ac27dfdc55a0.exe"
|__ Value Added :
5abfdd585960b73f73d1a8997f7d6e69.exe = "%SYSTEMDRIVE%\data\5abfdd585960b73f73d1a8997f7d6e69.exe"
|__ Value Added :
5adc23f9bc2513065381efee0fbcd540.exe = "%SYSTEMDRIVE%\data\5adc23f9bc2513065381efee0fbcd540.exe"
|__ Value Added :
5ce2ef35526f0d9b3bd43ca2696f8b41.exe = "%SYSTEMDRIVE%\data\5ce2ef35526f0d9b3bd43ca2696f8b41.exe"
|__ Value Added :
5e119c2cefd81c46de0dfd5ac15f3b3d.exe = "%SYSTEMDRIVE%\data\5e119c2cefd81c46de0dfd5ac15f3b3d.exe"
|__ Value Added :
607f13d4df48c6871207774ad0343453.exe = "%SYSTEMDRIVE%\data\607f13d4df48c6871207774ad0343453.exe"
|__ Value Added :
64adfac64accf92a3aa747ab5bc3119b.exe = "%SYSTEMDRIVE%\data\64adfac64accf92a3aa747ab5bc3119b.exe"
|__ Value Added :
664d34f14c250ab64a7c53bf070a2b6e.exe = "%SYSTEMDRIVE%\data\664d34f14c250ab64a7c53bf070a2b6e.exe"
|__ Value Added :
6757c96e9e8bf94a7350f1da21f72eae.exe = "%SYSTEMDRIVE%\data\6757c96e9e8bf94a7350f1da21f72eae.exe"
|__ Value Added :
682dfec8c8e646056870be6298dbcb1b.exe = "%SYSTEMDRIVE%\data\682dfec8c8e646056870be6298dbcb1b.exe"
|__ Value Added :
6d256b176e68b80e6677c8b569c12f65.exe = "%SYSTEMDRIVE%\data\6d256b176e68b80e6677c8b569c12f65.exe"
|__ Value Added :
71128fc9a0404a0de651de1410aaff9a.exe = "%SYSTEMDRIVE%\data\71128fc9a0404a0de651de1410aaff9a.exe"
|__ Value Added :
72d591f376a87111cccf15fc8c5bf7e7.exe = "%SYSTEMDRIVE%\data\72d591f376a87111cccf15fc8c5bf7e7.exe"
|__ Value Added :
76035951dac42c39222fb33cb2b3630f.exe = "%SYSTEMDRIVE%\data\76035951dac42c39222fb33cb2b3630f.exe"
|__ Value Added :
7853010a67e81d388c9b7838b834d9c3.exe = "%SYSTEMDRIVE%\data\7853010a67e81d388c9b7838b834d9c3.exe"
|__ Value Added :
7af6d4406e8bbff4c48393d4c97b3703.exe = "%SYSTEMDRIVE%\data\7af6d4406e8bbff4c48393d4c97b3703.exe"
|__ Value Added :
7e87c7982f744d0592eebc0d188bbc16.exe = "%SYSTEMDRIVE%\data\7e87c7982f744d0592eebc0d188bbc16.exe"
|__ Value Added :
814b18e7af5d1be57d7d3abe03b3ff52.exe = "%SYSTEMDRIVE%\data\814b18e7af5d1be57d7d3abe03b3ff52.exe"
|__ Value Added :
81ef5024662d7869b3e9bf955c97d3fc.exe = "%SYSTEMDRIVE%\data\81ef5024662d7869b3e9bf955c97d3fc.exe"
|__ Value Added :
826cf7e02bf3e4871c17ac205dcbd85c.exe = "%SYSTEMDRIVE%\data\826cf7e02bf3e4871c17ac205dcbd85c.exe"
|__ Value Added :
832331bfa0cab60070131fcc1f62aa0c.exe = "%SYSTEMDRIVE%\data\832331bfa0cab60070131fcc1f62aa0c.exe"
|__ Value Added :
847379cac9302baefc3565df8938d4df.exe = "%SYSTEMDRIVE%\data\847379cac9302baefc3565df8938d4df.exe"
|__ Value Added :
8faba2af37f3947a4bc786d6052c085f.exe = "%SYSTEMDRIVE%\data\8faba2af37f3947a4bc786d6052c085f.exe"
|__ Value Added :
982aa21dfb96f7552ba8dca3787813d6.exe = "%SYSTEMDRIVE%\data\982aa21dfb96f7552ba8dca3787813d6.exe"
|__ Value Added :
98c8d4474f7e6cb215892520be3ac3d6.exe = "%SYSTEMDRIVE%\data\98c8d4474f7e6cb215892520be3ac3d6.exe"
|__ Value Added :
99c1c21cab7207c1343cdfd8ad1ab82d.exe = "%SYSTEMDRIVE%\data\99c1c21cab7207c1343cdfd8ad1ab82d.exe"
|__ Value Added :
9b2c7d2d9fc1aa73f7c219b7721d1f7a.exe = "%SYSTEMDRIVE%\data\9b2c7d2d9fc1aa73f7c219b7721d1f7a.exe"
|__ Value Added :
9ea883e18349c1ed331678f71317af52.exe = "%SYSTEMDRIVE%\data\9ea883e18349c1ed331678f71317af52.exe"
|__ Value Added :
a2d1b918939eea858979972d92a8939d.exe = "%SYSTEMDRIVE%\data\a2d1b918939eea858979972d92a8939d.exe"
|__ Value Added :
a377be7cd274a4bcb408da3c90bb6ac1.exe = "%SYSTEMDRIVE%\data\a377be7cd274a4bcb408da3c90bb6ac1.exe"
|__ Value Added :
a4ab6f7f7b395b544fdb22240580d805.exe = "%SYSTEMDRIVE%\data\a4ab6f7f7b395b544fdb22240580d805.exe"
|__ Value Added :
a67acef464d2694df43e7c8caee47e3c.exe = "%SYSTEMDRIVE%\data\a67acef464d2694df43e7c8caee47e3c.exe"
|__ Value Added :
a918acc91bf167d3f73130201abdb888.exe = "%SYSTEMDRIVE%\data\a918acc91bf167d3f73130201abdb888.exe"
|__ Value Added :
afec1e8b6ffdd825f01295fab88e7558.exe = "%SYSTEMDRIVE%\data\afec1e8b6ffdd825f01295fab88e7558.exe"
|__ Value Added :
b27f97f0fc191926dce0d08f34b510a4.exe = "%SYSTEMDRIVE%\data\b27f97f0fc191926dce0d08f34b510a4.exe"
|__ Value Added :
b4b4f89f4711182c45f1de415745eec8.exe = "%SYSTEMDRIVE%\data\b4b4f89f4711182c45f1de415745eec8.exe"
|__ Value Added :
b601949c5194879b888cee61b34ebcaf.exe = "%SYSTEMDRIVE%\data\b601949c5194879b888cee61b34ebcaf.exe"
|__ Value Added :
b7dcda6322ca4f68e6ce7c5e20b5be22.exe = "%SYSTEMDRIVE%\data\b7dcda6322ca4f68e6ce7c5e20b5be22.exe"
|__ Value Added :
b92b190f5adf68fb4db4287d918c1624.exe = "%SYSTEMDRIVE%\data\b92b190f5adf68fb4db4287d918c1624.exe"
|__ Value Added :
b939ea5623f5e59460aaa7d3e971b15b.exe = "%SYSTEMDRIVE%\data\b939ea5623f5e59460aaa7d3e971b15b.exe"
|__ Value Added :
bb4b8881597f4fb8116a0f4c04503ad0.exe = "%SYSTEMDRIVE%\data\bb4b8881597f4fb8116a0f4c04503ad0.exe"
|__ Value Added :
beff9f12484721a0371813dc9038a018.exe = "%SYSTEMDRIVE%\data\beff9f12484721a0371813dc9038a018.exe"
|__ Value Added :
c33332b8ccc70e418820728681abef8c.exe = "%SYSTEMDRIVE%\data\c33332b8ccc70e418820728681abef8c.exe"
|__ Value Added :
c3b1baa368a1bcbe0ae89866ec21de89.exe = "%SYSTEMDRIVE%\data\c3b1baa368a1bcbe0ae89866ec21de89.exe"
|__ Value Added :
c6be8d5e75d84b9de4093ebedda07dc9.exe = "%SYSTEMDRIVE%\data\c6be8d5e75d84b9de4093ebedda07dc9.exe"
|__ Value Added :
c8e31b911a9bc6af806a3a4bcb334bc9.exe = "%SYSTEMDRIVE%\data\c8e31b911a9bc6af806a3a4bcb334bc9.exe"
|__ Value Added :
cb729203dc9855a55ca962a6fb686fa4.exe = "%SYSTEMDRIVE%\data\cb729203dc9855a55ca962a6fb686fa4.exe"
|__ Value Added :
cd2e62e5085689c34489f69e3a1d04e9.exe = "%SYSTEMDRIVE%\data\cd2e62e5085689c34489f69e3a1d04e9.exe"
|__ Value Added :
cdc4348d8fedd052e3015c937883f56f.exe = "%SYSTEMDRIVE%\data\cdc4348d8fedd052e3015c937883f56f.exe"
|__ Value Added :
cec8d17271eec9a1322a791064cd377d.exe = "%SYSTEMDRIVE%\data\cec8d17271eec9a1322a791064cd377d.exe"
|__ Value Added :
ced119c63115b4b2f3086e3436fc730c.exe = "%SYSTEMDRIVE%\data\ced119c63115b4b2f3086e3436fc730c.exe"
|__ Value Added :
cef363b81313884d280aa38185aeb7cf.exe = "%SYSTEMDRIVE%\data\cef363b81313884d280aa38185aeb7cf.exe"
|__ Value Added :
cff0e5ef725a26abc555afa677505a8d.exe = "%SYSTEMDRIVE%\data\cff0e5ef725a26abc555afa677505a8d.exe"
|__ Value Added :
d09e328e520bab1fcbbb61fd91750f4b.exe = "%SYSTEMDRIVE%\data\d09e328e520bab1fcbbb61fd91750f4b.exe"
|__ Value Added :
d3cc82f0fb91cee144774476237a6137.exe = "%SYSTEMDRIVE%\data\d3cc82f0fb91cee144774476237a6137.exe"
|__ Value Added :
d71329e156c11364ab00c3d520c3bac0.exe = "%SYSTEMDRIVE%\data\d71329e156c11364ab00c3d520c3bac0.exe"
|__ Value Added :
d763289721c2a72a8aec4fd07360de77.exe = "%SYSTEMDRIVE%\data\d763289721c2a72a8aec4fd07360de77.exe"
|__ Value Added :
ddbd9c5c216bd4fc9d930fb68e6d6a12.exe = "%SYSTEMDRIVE%\data\ddbd9c5c216bd4fc9d930fb68e6d6a12.exe"
|__ Value Added :
e243b054637da37de3df35e09909bcee.exe = "%SYSTEMDRIVE%\data\e243b054637da37de3df35e09909bcee.exe"
|__ Value Added :
e56abb276f8e42339a0438947b6f0487.exe = "%SYSTEMDRIVE%\data\e56abb276f8e42339a0438947b6f0487.exe"
|__ Value Added :
e5f23f9bcb40d6f8674140d45835b2c7.exe = "%SYSTEMDRIVE%\data\e5f23f9bcb40d6f8674140d45835b2c7.exe"
|__ Value Added :
e8559100d1f977552b13abd36914e2aa.exe = "%SYSTEMDRIVE%\data\e8559100d1f977552b13abd36914e2aa.exe"
|__ Value Added :
e90968c6373211f29c886d9113313cf7.exe = "%SYSTEMDRIVE%\data\e90968c6373211f29c886d9113313cf7.exe"
|__ Value Added :
elcsbwllq.exe = "%windir%\system32\elcsbwllq.exe"
|__ Value Added :
f185d941cc2f1926eba48426596b515e.exe = "%SYSTEMDRIVE%\data\f185d941cc2f1926eba48426596b515e.exe"
|__ Value Added :
f2ae3e620892aff749e9f6b3842a00ec.exe = "%SYSTEMDRIVE%\data\f2ae3e620892aff749e9f6b3842a00ec.exe"
|__ Value Added :
f71363305fa9023107c5847b914ef5a7.exe = "%SYSTEMDRIVE%\data\f71363305fa9023107c5847b914ef5a7.exe"
|__ Value Added :
ff31dabc3e79127396e50e7a1edb5c70.exe = "%SYSTEMDRIVE%\data\ff31dabc3e79127396e50e7a1edb5c70.exe"
|__ Value Added :
kvrllwxxx.exe = "%windir%\system32\kvrllwxxx.exe"
|__ Value Added :
ldeqawskx.exe = "%windir%\system32\ldeqawskx.exe"
|__ Value Added :
srlsxwvsv.exe = "%windir%\system32\srlsxwvsv.exe"
|__ Value Added :
wkpcxwkkl.exe = "%windir%\system32\wkpcxwkkl.exe"
|__ Value Added :
xdlalwrlk.exe = "%windir%\system32\xdlalwrlk.exe"
Creates the following child process(s) on execution:

%windir%\system32\xdlalwrlk.exe

services.exe

%workingdir%\tmp_1023921881.exe e0e88b08595af9e2e971d45ed6e32787.exe

%windir%\system32\zaxdlalwrlk.exe

Tries to Download Files from the following links :-

http://cashback.j-naver2.com/exe/up2.html?set=105&pid=&mac=000c295a5d60

Creates the Following MUTEX(s) on user's System:-
raspbfile
xdlalwrlk.exe
oleacc-msaa-loaded
msratingmutex
ctf.lbes.mutexdefaults-1-5-21-2980353422-3037531735-1104518836-1010
ctf.compart.mutexdefaults-1-5-21-2980353422-3037531735-1104518836-1010
ctf.asm.mutexdefaults-1-5-21-2980353422-3037531735-1104518836-1010
ctf.layouts.mutexdefaults-1-5-21-2980353422-3037531735-1104518836-1010
ctf.tmd.mutexdefaults-1-5-21-2980353422-3037531735-1104518836-1010
_!shmsfthistory!_
Tries To Connect to The Following Urls:-
Http_Version :http/1.1
211.51.221.23/exe/up2.html?set=105&pid=&mac=000c295a5d60
Http_Version :http/1.1
211.51.221.124/ovn_o.asp?v=4
Http_Version :http/1.1
211.51.221.124/sidebar.asp?bn=0&qy=0
Tries To Connect's to the following IP Address(s) through UDP(User DataGram Protocal) :-

127.0.0.1

NOTE:

2. %workingdir% Refers to the current directory in which user is working.
3. %windir% Refers to the windows root folder. By default it is 'C:\Windows'

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.


Microsoft Gold Certified Partner

© Systweak Inc., 1999-2011 All rights reserved.