The binary in question (SkypEmoticons.exe) can be downloaded from hxxp://skypemoticons.com/.
 |
| Home page of hxxp://skypemoticons.com/ |
After installation it dropped following executable files:
Most of the dropped files are Adware which may lead to some malicious activities.
Here is the VT report for SkypeEmotions.exe.
VT reports of the various dropped samples:
| MD5 | VT Hits |
| aa9af86b02f4e497eb0284872b50af41 | 21/54 |
| e96f6d6257bdcb54c297569d42219e97 | 22/54 |
| 1d283dd3ae2312eee624e8b8c46f6adb | 45/51 |
| 666ab79b63833a2a2502c119f0843b4a | 22/54 |
| 364207a743ff39207667a0c89ff38768 | 20/53 |
| 02861acc8be1b59be2db226947a384b2 | 5/54 |
| 23912df27a61ea0463c5509ba6a97579 | 38/52 |
| cee68ad38668785cd39e37ca069f8b85 | 19/54 |
| b4eb856acc30b0005a44b87566850fb3 | 3/54 |
| 2830932fca42074f17c46c56b4942ac2 | 23/54 |
Contacted sites from which dropped files were downloaded:
- hxxp://homebestmy.info
- hxxp://superstoragemy.com
- hxxp://setepicnew.info
- hxxp://198.7.61.118
- hxxp://54.187.76.32
- hxxp://54.213.103.160
We also observed User-Agent: TixDll being
used for downloading the files, which provided a handy mechanism to do
some data mining and identify other domains associated with the adware.
The following malicious domains were observed to be contacted via this
User-Agent:
hxxp://getapplicationmy.info zulu report
hxxp://applicationgrabb.com zulu report
hxxp://appmegga.info zulu report
hxxp://downlloaddatamy.info zulu report
Other
domains identified in our logs contacted by this User-Agent are not
currently showing any malicious activity, but may deliver some malicious
content in the future:
hxxp://getapplicationmy.info zulu report
hxxp://applicationgrabb.com zulu report
hxxp://appmegga.info zulu report
hxxp://downlloaddatamy.info zulu report
hxxp://appussajob.info
hxxp://dirgreatbestepicl.info
hxxp://embededstub.de.drive-files-b.com
hxxp://embededstub.download.dmccint.com
hxxp://fra-7m17-stor06.uploaded.net
hxxp://getdirfrfee.info
hxxp://getgoolld.info
hxxp://getinstaal.info
hxxp://getmeegan.info
hxxp://homebestmy.info
hxxp://setepicnew.info
hxxp://softservers.net
hxxp://superstoragemy.com
hxxp://xml.dljs.org
Use caution
when installing any add-on program, especially one that is able to
control a powerful communication tool such as Skype. hxxp://dirgreatbestepicl.info
hxxp://embededstub.de.drive-files-b.com
hxxp://embededstub.download.dmccint.com
hxxp://fra-7m17-stor06.uploaded.net
hxxp://getdirfrfee.info
hxxp://getgoolld.info
hxxp://getinstaal.info
hxxp://getmeegan.info
hxxp://homebestmy.info
hxxp://setepicnew.info
hxxp://softservers.net
hxxp://superstoragemy.com
hxxp://xml.dljs.org
No comments:
Post a Comment