Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:15/02/2012
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:582.536 Bytes
MD5 checksum:d420892051c4495b6923e2cd2849113a
VDF version: - Wednesday, February 15, 2012
IVDF version: - Wednesday, February 15, 2012

 General ADWARE/ malware class description (en)
Method of propagation:
   • No own spreading routine

   •  Eset: Win32/InstallCore
     DrWeb: Adware.InstallCore.20

Platforms / OS:
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7

Right after execution the following information is displayed:

 Files  It creates the following directories:
   • C:\TEMP\ish423234\
   • C:\TEMP\is1438683437\

The following files are created:

Non malicious files:
   • C:\TEMP\ish411640\defaultOffer\offer_code.dat
   • C:\TEMP\ish411640\defaultOffer\offer_html.dat
   • C:\TEMP\ish411640\defaultOffer\US\offer_code.dat
   • C:\TEMP\ish411640\defaultOffer\US\offer_html.dat
   • C:\TEMP\ish411640\bootstrap_6570.html
   • C:\TEMP\ICReinstall_ad.exe
   • %HOME%\Desktop\Continue FoxTabFLV Player Installation.lnk
   • C:\TEMP\is1438683437\4380116.cfg
   • C:\TEMP\is1438683437\673479180.cfg

– Temporary files that might be deleted afterwards:
   • C:\TEMP\000647F8.log
   • C:\Programme\is420125.log
   • C:\TEMP\0006693C.log
   • C:\TEMP\00066C39.log

 Miscellaneous Accesses internet resources:

 File details Programming language:
The malware program was written in Delphi.

설명 삽입자 Martin Muench   2012년 2월 15일 수요일
설명 업데이트 Martin Muench   2012년 2월 15일 수요일

뒤로 . . . .
https:// 이 창은 보안을 위해 암호화되었습니다.