Need help? Ask the community or hire an expert.
Go to Avira Answers
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
File size:584.072 Bytes
MD5 checksum:066b0A995cc74e0Deb916732a3550A69

 General Method of propagation:
   • No own spreading routine

   •  Symantec: Trojan.ADH.2
   •  Eset: Win32/InstallCore.H
     DrWeb: Adware.InstallCore.21
     Norman: W32/InstallCore.AY

Platforms / OS:
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7

Side effects:
   • Downloads files
   • Drops files

Right after execution the following information is displayed:

 Files  It creates the following directories:
   • C:\TEMP\ish416625\
   • C:\TEMP\is1438683437\

The following files are created:

Non malicious files:
   • C:\TEMP\ish416625\defaultOffer\offer_code.dat
   • C:\TEMP\ish416625\defaultOffer\offer_html.dat
   • C:\TEMP\ICReinstall_tr.exe
   • C:\TEMP\is1438683437\MyBabylonTB.exe

 Miscellaneous Accesses internet resources:

 File details Programming language:
The malware program was written in Delphi.

Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • UPX

Description inserted by Martin Muench on Tuesday, March 13, 2012
Description updated by Martin Muench on Tuesday, March 13, 2012

Back . . . .