MD5: 5d89275fc9d257e3d15d375bfcfd8e1f
SHA1: 1158c31515a261a52e072640f248f2b9b9c10288
SHA256: 59287b948ad9d1a61ce479b8f9d876b64415b3a2d244d4f1529115b888b6e2b1
SSDeep: 6144:lz 92mhAMJ/cPl3iwzkozlx/LVXHSPF0MfM:lK2mhAMJ/cPll97VX1
Size: 212224 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID:
Company: no certificate found
Created at: 2012-06-09 16:19:49
Analyzed on: WindowsAda SP3 32-bit

Summary:

PUP. Potentially Unwanted Program. An application that does not display malicious behavior yet is installed without having first sought affirmative user consent for installation. Users may not realize, due to the nature of the installation procedure, that an application they have not explicitly agreed to has been installed. This category can also be used to classify other applications which in a certain context can be wanted e.g. remote administration tools or IRC clients.

Payload

No specific payload has been found.

Process activity

The Malware creates the following process(es):
No processes have been created.
The Malware injects its code into the following process(es):
No processes have been created.

File activity

No files have been created.

Registry activity

Dropped PE files

There are no dropped PE files.

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name: 1.3.9.0.140504.0
Product Version: 1.3.9.
Legal Copyright: (c) 2014 ClientConnect Ltd
Legal Trademarks:
Original Filename: tb_mywebsearch.ex
Internal Name: tb_mywebsearch.ex
File Version: 1.3.9.
File Description: Setup.ex
Comments:
Language: Language Neutral

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 8
5780482b2d8c28acade7bb48409e189e
c7fe7201fb4e9b90647ab87c7a1fd86c
13ecf4abe78d616085e57a9a17620de2
17dd129a70f7b56f68835e624cfaaa29
03a821dbe71fa467d7c65e6f8d6d5697
66fbe16109c455e8015b336694ec59be
dba443ff4c721697f806b7d7c3aa8ff2
87feb1838f77426bc9e5eebc141a03b6

URLs

No activity has been detected.

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

Web Traffic was not found.

The Malware connects to the servers at the folowing location(s):

.text

`.data

.rsrc

msvcrt.dll

KERNEL32.dll

NTDLL.DLL

GDI32.dll

USER32.dll

IMAGEHLP.dll

rundll32.pdb

.....eZXnnnnnnnnnnnn3

....eDXnnnnnnnnnnnn3

...eDXnnnnnnnnnnnn,

.eDXnnnnnnnnnnnn,

%Xnnnnnnnnnnnnnnn1

O3$dS7"%U9

.manifest

5.1.2600.5512 (xpsp.080413-2105)

RUNDLL.EXE

Windows

Operating System

5.1.2600.5512

YThere is not enough memory to run the file %s.

Please close other windows and try again.

9The file %s or one of its components could not be opened.

0The file %s or one of its components cannot run.

MThe file %s or one of its components requires a different version of Windows.

UThe file %s or one of its components cannot run in standard or enhanced mode Windows.3Another instance of the file %s is already running./An exception occurred while trying to run "%s"

Error in %s

Missing entry:%s

Error loading %s

unsecapp.exe_176:

.text

`.data

.rsrc

msvcrt.dll

KERNEL32.dll

NTDLL.DLL

wbemcomn.dll

ole32.dll

ADVAPI32.dll

USER32.dll

unsecapp.pdb

RegCloseKey

RegCreateKeyW

RegDeleteKeyW

RegOpenKeyW

Microsoft WBEM %s

5.1.2600.0 (xpclient.010817-1148)

unsecapp.dll

Windows

Operating System

5.1.2600.0

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Delete the original Malware file.
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.