Download Link: hxxp://setup.advancedcleaner.com/files/ADCFreeInstaller.exe File Name: ADCFreeInstaller.exe VirusTotal Result: 23/32 (71.88%) AntiVir 7.6.0.85 2008.04.11 SPR/Dldr.AdvancedCleaner.C.9 Avast 4.8.1169.0 2008.04.13 Win32:Adware-gen AVG 7.5.0.516 2008.04.12 Potentially harmful program Downloader.NA CAT-QuickHeal 9.50 2008.04.12 Downloader.AdvancedCleaner.c (Not a Virus) DrWeb 4.44.0.09170 2008.04.12 Trojan.Winfixer eSafe 7.0.15.0 2008.04.09 ???????????????????? eTrust-Vet 31.3.5692 2008.04.11 Win32/VMalum.CMGP Ewido 4.0 2008.04.13 Not-A-Virus.Downloader.Win32.AdvancedCleaner.c FileAdvisor 1 2008.04.13 Low threat detected Fortinet 3.14.0.0 2008.04.13 Download/AdvancedCleaner Ikarus T3.1.1.26 2008.04.13 not-a-virus:Downloader.Win32.AdvancedCleaner.c Kaspersky 7.0.0.125 2008.04.13 not-a-virus:Downloader.Win32.AdvancedCleaner.c McAfee 5272 2008.04.11 Downloader.gen.a NOD32v2 3021 2008.04.12 Win32/Adware.AdvancedCleaner Norman 5.80.02 2008.04.12 W32/DLoader.FOGS Panda 9.0.0.4 2008.04.12 Adware/AdvancedCleaner Prevx1 V2 2008.04.13 Heuristic: Suspicious File With Bad Child Associations Sophos 4.28.0 2008.04.13 AdvancedCleaner Downloader Sunbelt 3.0.1041.0 2008.04.12 AdvancedCleaner Symantec 10 2008.04.13 AdvancedCleaner TheHacker 6.2.92.276 2008.04.12 Aplicacion/AdvancedCleaner.c VBA32 3.12.6.4 2008.04.13 Hoax-Downloader.Win32.AdvClean Webwasher-Gateway 6.6.2 2008.04.11 Riskware.Dldr.AdvancedCleaner.C.9 File Info: File size: 121120 bytes MD5...: 81cf9b2ff076e1bb16b8c4c2f2e9473c SHA1..: 0e269e039d42b54450f69d79781badd16a1d3d4c SHA256: abd96ab1a094c0497974690ede9d173de6db70a6531c78c97ecb4c21494bbd52 SHA512: 5b1906671d91a1da408077853f609abd0f7025763e085f1502aeb4c6dfbd52ae 0d4b46f3fa485818277b5a2c3e07731a1586abaf5379d41936e01a58b25a3985 PEiD..: - PE Structure information: Base Data: Entry Point Address.: 0x406605 Time Date Stamp.....: 0x47023645 (Tue Oct 02 12:15:01 2007) Machine Type.......: 0x14c (I386)] PE Section name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x8cc1 0x8e00 6.37 4fff12779ebea5671f7a28486c2adbdd .rdata 0xa000 0x1424 0x1600 4.67 10d68122e5ebf4a565313a3a1dc4971f .data 0xc000 0x6550 0x200 1.58 4d3e20875fbd622b34a6e189dd6deee8 .CRT 0x13000 0x4 0x200 0.06 4f1a9ed80abf6e61f00b69bea360239e .rsrc 0x14000 0x11800 0x11800 5.96 ec22d3bb93b459c71fe95218dd06025d ( 9 imports ) > SHLWAPI.dll: StrStrW > iphlpapi.dll: GetAdaptersInfo > COMCTL32.dll: - > WININET.dll: HttpOpenRequestW, HttpAddRequestHeadersW, HttpSendRequestW, InternetReadFile, InternetOpenW, InternetSetOptionW, InternetOpenUrlW, HttpQueryInfoW, InternetCloseHandle, InternetCrackUrlW, InternetGetCookieW, InternetConnectW > KERNEL32.dll: GetSystemTime, GetPrivateProfileIntW, WideCharToMultiByte, GetVolumeInformationW, HeapAlloc, GetProcessHeap, HeapReAlloc, HeapFree, WriteFile, GetLastError, SetFilePointer, FlushFileBuffers, lstrcmpW, SetEndOfFile, GetFileAttributesW, CreateDirectoryW, GetPrivateProfileStringW, GetTickCount, Sleep, FindClose, FindNextFileW, DeleteFileW, FindFirstFileW, GetExitCodeProcess, WaitForSingleObject, FreeLibrary, LoadLibraryW, GetVersionExW, CreateThread, FreeResource, LockResource, LoadResource, SizeofResource, FindResourceW, Thread32Next, OpenThread, TerminateThread, Thread32First, CreateToolhelp32Snapshot, GetCurrentThreadId, GetCurrentProcessId, SetUnhandledExceptionFilter, CreateMutexW, ExitProcess, GetPrivateProfileSectionNamesW, GetTempPathW, lstrcpyW, ResumeThread, SetEvent, CreateEventW, MulDiv, MultiByteToWideChar, GetModuleHandleW, lstrlenA, lstrlenW, lstrcmpiW, UnmapViewOfFile, GetFileSize, CreateFileMappingW, MapViewOfFileEx, CreateFileW, ReadFile, CloseHandle, InterlockedExchange, lstrcatW > USER32.dll: LoadCursorW, DialogBoxParamW, MessageBoxW, PostThreadMessageW, PeekMessageW, ReleaseCapture, SetCapture, LoadBitmapW, SetWindowRgn, DrawTextW, FillRect, ShowWindow, PostQuitMessage, GetClientRect, SetCursor, PtInRect, SetWindowLongW, EndDialog, GetWindowDC, ReleaseDC, ScreenToClient, SetWindowPos, GetDlgItem, LoadIconW, InvalidateRect, DefWindowProcW, PostMessageW, wsprintfW, SendMessageW, LoadStringW, GetWindowRect, GetParent > GDI32.dll: DeleteDC, CreateFontIndirectW, BitBlt, DeleteObject, StretchBlt, SetBkMode, CreatePatternBrush, GetTextExtentPointW, SetStretchBltMode, SetDIBits, GetMapMode, SelectObject, CreateCompatibleBitmap, CreateBitmap, CreateCompatibleDC, DPtoLP, CombineRgn, CreateEllipticRgn, CreateRectRgn, GetDIBits, GetObjectW, SetTextColor, SetBkColor, SetMapMode > ADVAPI32.dll: RegCloseKey, RegOpenKeyExW, RegSetValueExW, RegCreateKeyExW, RegQueryValueExW > SHELL32.dll: ShellExecuteExW, Shell_NotifyIconW, ShellExecuteW, SHGetFolderPathW Process Details: Process ID 1320 Filename C:\ADCFreeInstaller.exe Filesize 121120 bytes MD5 81cf9b2ff076e1bb16b8c4c2f2e9473c Start Reason AnalysisTarget New Files Created: \Device\Tcp6 \Device\Tcp \Device\NetBT_Tcpip_{0265502B-722A-4F96-8FE9-FBF8CF07A39D} \Device\RasAcd Opened Files: C:\Documents and Settings\Administrator\Application Data\Mozilla\registry.dat C:\Documents and Settings\Administrator\Application Data\Opera\Opera\profile\cookies4.dat \\.\PIPE\lsarpc c:\autoexec.bat Sequence of File System Activity: Create/Open File: \Device\Tcp6 (OPEN_ALWAYS) Create/Open File: \Device\Tcp (OPEN_ALWAYS) Create/Open File: \Device\NetBT_Tcpip_{0265502B-722A-4F96-8FE9-FBF8CF07A39D} (OPEN_ALWAYS) Open File: C:\Documents and Settings\Administrator\Application Data\Mozilla\registry.dat (OPEN_EXISTING) Open File: C:\Documents and Settings\Administrator\Application Data\Opera\Opera\profile\cookies4.dat (OPEN_EXISTING) Open File: \\.\PIPE\lsarpc (OPEN_EXISTING) Get File Attributes: c:\autoexec.bat Flags: (SECURITY_ANONYMOUS) Open File: c:\autoexec.bat (OPEN_EXISTING) Find File: C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk Find File: C:\WINDOWS\System32\Ras\*.pbk Find File: C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk Create/Open File: \Device\RasAcd (OPEN_ALWAYS) Mutexes: Creates Mutex: UADC_0001_D10M0502 Creates Mutex: RasPbFile Network Activity: DNS Lookup: inscan.advancedcleaner.com 85.17.4.104 Download URLs: hxxp://85.17.4.104/?action=1&type=exe&pc_id=3635705244&abbr=UADC_0001_D10M0502 (inscan.advancedcleaner.com) Outgoing connection to remote server: inscan.advancedcleaner.com TCP port 80