Assiste.com
cr 01.04.2012 r+ 01.06.2024 r- 15.07.2024 Pierre Pinard. (Alertes et avis de sécurité au jour le jour)
Dossier (collection) : Encyclopédie |
---|
Introduction Liste Malwarebytes et Kaspersky ou Emsisoft (incluant Bitdefender) |
Sommaire (montrer / masquer) |
---|
Qualité du service : 1,5/5 | Sandbox Online (Behaviourial information - Informations comportementales) Conseil : ouvrir un compte (lien "Register", en haut à droite). Il est ensuite beaucoup plus facile d'utiliser ThreatExpert, dont retrouver tous ses propres résultats d'analyses, depuis le tout premier, il y a des années, jusqu'au dernier (Onglet ThreatExpert reports Browse/Search My Reports). La possibilité de soumettre un échantillon sans ouvrir de compte se trouve à https://www.threatexpert.com/filescan.aspx. ThreatExpert permet une analyse comportementale (Sandboxing) d'un fichier dont la taille ne doit pas dépasser 5 MO (cette limitation est très pénalisante). Les résultats de l'analyse (le rapport) ne sont pas aussi complets, loin s'en faut, que ceux de sandboxes comme Joe Sandbox File Analyzer ou Hybrid Analysis ou malwr Sandbox, mais ThreatExpert est très facile à utiliser. Possibilité de télécharger et installer une applet Java pour soumettre directement un fichier à ThreatExpert, sans passer par un navigateur Internet : Au bout de 10 à 20 minutes (selon la charge du serveur et l'échantillon à analyser), un courrier entrant vous donne le lien vers le résultat d'analyse. Un outil de recherche intéressant de ThreatExpert : Online Side-Effect Scanner. Si vous notez, dans votre ordinateur, quelque chose d'inconnu (une clé du Registre Windows inexplicable, un CLSID, un nom de fichier qui ne vous dit rien, une URL inconnue, etc. ...) saisissez la dans ce formulaire et ThreatExpert balaiera sa base de données pour vous dire s'il l'a déjà rencontrée et dans quelles circonstances. ThreatExpert semble à l'abandon depuis son rachat par Symantec le 18.08.2008 et pédale dans le vide. |
Notes :
Aidez et soutenez Assiste – autorisez quelques publicités et cliquez dessus. |
What's been found | Severity Level |
Capability to send out email message(s) with the built-in SMTP client engine. | |
Downloads/requests other files from Internet. | |
Creates a startup registry entry. |
File System Modifications |
# | Filename(s) | File Size | File Hash | Alias |
1 | %CommonPrograms%\PC Cleaner\Check updates.lnk | 741 bytes | MD5: 0xAD5D4B00032BC7CE601F882D0F594FB0 SHA-1: 0x9D1B69E41E91D4EC89641B16315662C8561678A7 | (not available) |
2 | %CommonPrograms%\PC Cleaner\Help.lnk | 713 bytes | MD5: 0x82539496997414FAFA602A43C587D795 SHA-1: 0x33A4DC15C7204FF0D61A126EDAA0D8C20C5E774B | (not available) |
3 | %CommonPrograms%\PC Cleaner\PC Cleaner on the Web.lnk | 708 bytes | MD5: 0x731C04B784EEA168EB68CC1BB88EFE31 SHA-1: 0x6CCEF038FE04D3C13CE74AF18E98689C3B068E02 | (not available) |
4 | %CommonPrograms%\PC Cleaner\PC Cleaner.lnk | 713 bytes | MD5: 0xCB7FA909D231BC88F5C16E367C6A5389 SHA-1: 0x01EF6A614CDBA81886A2766803E1F881D0434C6E | (not available) |
5 | %CommonPrograms%\PC Cleaner\Uninstall PC Cleaner.lnk | 708 bytes | MD5: 0x068EE266E67A1B159A1034AEDB8CECA0 SHA-1: 0xF1172E9FF86FBE4AF63D742E7E452BFC31BE4ECC | (not available) |
6 | %DesktopDir%\PC Cleaner.lnk | 701 bytes | MD5: 0x8068F388E8D55D5F419089E184ADE2E4 SHA-1: 0xBDEB95D2C249964F51CAF0CE16F4BD4D4CDC621B | (not available) |
7 | %ProgramFiles%\PC Cleaner\Animation.gif | 16 555 bytes | MD5: 0x5318090C04B824B1712494A2A69030FF SHA-1: 0x9952069B25B2A9B4C45D018DB4A78EC4E9FCF0C0 | (not available) |
8 | %ProgramFiles%\PC Cleaner\CookiesException.txt | 712 bytes | MD5: 0xADF1E0B95E3F048A59B91541C0528D03 SHA-1: 0x1E740571514584DC69BD60D14D419419D070A5FE | (not available) |
9 | %ProgramFiles%\PC Cleaner\English.ini | 30 183 bytes | MD5: 0x51126ABD45170E80950FBC2DF893A42F SHA-1: 0xD86C649FD33FAE98DE845F0E93211FF344902329 | (not available) |
10 | %ProgramFiles%\PC Cleaner\file_id.diz | 890 bytes | MD5: 0x81EA40CD7521BDA4848C8014D8638A49 SHA-1: 0x5154413BEF2D29CF3D0E3F4738440D82768C4DAD | (not available) |
11 | %ProgramFiles%\PC Cleaner\French.ini | 36 257 bytes | MD5: 0x49749A3A498AE831E72B9C7E3BD898FE SHA-1: 0x21B9A1F773C974347926CA19214B720236525F1D | (not available) |
12 | %ProgramFiles%\PC Cleaner\German.ini | 35 629 bytes | MD5: 0xABBA4C7C708E354F5AAAFE5ED38A816E SHA-1: 0x889D4284ADE54FF4E0379D94F6B5F33AD9E13E21 | (not available) |
13 | %ProgramFiles%\PC Cleaner\HomePage.url | 51 bytes | MD5: 0x37BD10AD97861B52EE123C10508BFAA7 SHA-1: 0xA212EF6E1C334DB7CCA1D17DA020C0BF0B8B09C4 | (not available) |
14 | %ProgramFiles%\PC Cleaner\PCCleaner.chm | 35 960 bytes | MD5: 0xEC66EAE61939CE51FB9830996150DB0A SHA-1: 0xCF672C8B447A33B4633A63B5FB5332ACF934676C | (not available) |
15 | %ProgramFiles%\PC Cleaner\PCCleaner.exe | 0 bytes | MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709 | (not available) |
16 | %ProgramFiles%\PC Cleaner\PCCSchedule.exe | 1 668 360 bytes | MD5: 0xDF1AE67BF8CFF8B3FD09462C68FB51D5 SHA-1: 0xB582FDCCDE95147B791A283666974A9E0FC76501 | (not available) |
17 | %ProgramFiles%\PC Cleaner\PCCUninstaller.exe | 246 024 bytes | MD5: 0xC87156C22180B6C4E89DDDFDEEE240F9 SHA-1: 0xD8B647AB32CDB665C3207D4234AE2D2046E4B5F4 | Worm.Win32.Antinny [Ikarus] |
18 | %ProgramFiles%\PC Cleaner\Spanish.ini | 35 845 bytes | MD5: 0x05EE11DECA3A18C9BB363D46909B9A38 SHA-1: 0x5C4CD7304FBA988F0CECE1534833CC7BC3EBE8DB | (not available) |
19 | %ProgramFiles%\PC Cleaner\sqlite3.dll | 520 234 bytes | MD5: 0x0F66E8E2340569FB17E774DAC2010E31 SHA-1: 0x406BB6854E7384FF77C0B847BF2F24F3315874A3 | (not available) |
20 | %ProgramFiles%\PC Cleaner\StartupList.txt | 83 501 bytes | MD5: 0x90912E30318806838ACD72812A782EE9 SHA-1: 0x7D166DDD2821C6B7E7EB16729D1ED6596390A863 | (not available) |
21 | %ProgramFiles%\PC Cleaner\unins000.dat | 9 232 bytes | MD5: 0x7771777A630AFFCF27E5D84EAFAE35B2 SHA-1: 0x4D85C1268375706AF1A7D44147B237BD94F26F3E | (not available) |
22 | %ProgramFiles%\PC Cleaner\unins000.exe | 717 985 bytes | MD5: 0x951760F9B54C03BEDDC7D312083FBE89 SHA-1: 0x9494B58504393DF1F2FED47AE7E053D2ECBA3342 | (not available) |
23 | [file and pathname of the sample #1] | 2 035 144 bytes | MD5: 0x9E02E9BC593BF6754C59F08BF69591D2 SHA-1: 0x00207DAC5DEC3CB7C3DFEB4716A207CB52E41E7D | (not available) |
Memory Modifications |
Process Name | Process Filename | Main Module Size |
[filename of the sample #1] | [file and pathname of the sample #1] | 81 920 bytes |
pccuninstaller.exe | %ProgramFiles%\pc cleaner\pccuninstaller.exe | 266 240 bytes |
[filename of the sample #1 without extension].tmp | %Temp%\is-CSBBH.tmp\[filename of the sample #1 without extension].tmp | 770 048 bytes |
PCCleaner.exe | %ProgramFiles%\PC Cleaner\PCCleaner.exe | 20 058 112 bytes |
Registry Modifications |
Other details |
Russian Federation | |
Netherlands |
Server Name | Server Port | Connect as User | Connection Password |
www.pchelpsoft.com | 80 | (null) | (null) |
All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.
The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2016 ThreatExpert. All rights reserved.
Aidez et soutenez Assiste – autorisez quelques publicités et cliquez dessus. |