Reanalyzed -http://cdn.bigspeedpro.com/mirror/toolbars/facesmooch-minibar-silent.exe because there could be a FP involved as I was informed and it is only detected by DrWeb’s. http://www.garyshood.com/virus/results.php?r=bc57891b8249f2bd406e2562ce75e1cc So took an Anubis Analysis: http://anubis.iseclab.org/? action=result&task_id=1319b250c7d6715e481978fbdb22b648c Some characteristics found - The executable issues HTTP Requests and downloads potential malicious executable code…risk DNS queries to bad web host: Bad Host Experience malware network activity 216.137.45.etc. domain known to have some 132 spam bot servers, C&C servers, 1 exploit server… Spoof with trojan payload possible: 86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x773D0000 86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x773D0000 could lead to profiler crashes Migrate proxy mutex created: 8HKU\S-1-5-21\42925246 1425521274 308236825 500 Named pipe 0x0011C017 \PIPE ROUTER _SHuassist.mtx. mutex host name requests from a host database
So Comodo flags it, some say FP (Norman), well will hear about the verdict, could be a PUP! check: -http://www.bigseekpro.com/installer/execution_arguments -http://www.bigseekpro.com/install_ping/facesmooch/{D68B9B88-7A31-2D3C-47DE-F10633B1D06A}/5 -http://www.bigseekpro.com/install_ping/facesmooch22/{D68B9B88-7A31-2D3C-47DE-F10633B1D06A}/5 -http://www.bigseekpro.com/installer/complete -http://www.bigspeedpro.com/button/facesmooch/ie/config.json -http://www.bigspeedpro.com/button/facesmooch22/ie/config.json -http://www.bigspeedpro.com/button/C:/Program%20Files/Minibar//ie/config.json -http://www.bigspeedpro.com/button/facesmooch22/ie/icons/icon16.ico -http://www.bigspeedpro.com/button/facesmooch/ie/icons/icon16.icoinstaller/execution_arguments -http://www.bigseekpro.com/install_ping/facesmooch/{D68B9B88-7A31-2D3C-47DE-F10633B1D06A}/5 -http://www.bigseekpro.com/install_ping/facesmooch22/{D68B9B88-7A31-2D3C-47DE-F10633B1D06A}/5 -http://www.bigseekpro.com/installer/complete -http://www.bigspeedpro.com/button/facesmooch/ie/config.json -http://www.bigspeedpro.com/button/facesmooch22/ie/config.json -http://www.bigspeedpro.com/button/C:/Program%20Files/Minibar//ie/config.json -http://www.bigspeedpro.com/button/facesmooch22/ie/icons/icon16.ico -http://www.bigspeedpro.com/button/facesmooch/ie/icons/icon16.ico
polonus