Thread: KRenameSetup
View Single Post
Old 02. Oct 2010, 08:50 AM   #3 (permalink)
Ritho
Senior Member
 
Ritho's Avatar
 
Join Date: Apr 2008
Location: Planet Earth
Posts: 1,379
Default

Here are the results from Norman Sandbox, I don't see anything suspicious going on in the install. I am waiting for results from other online malware analyzers

Quote:
KRenameSetup.exe : Not detected by Sandbox (Signature: NO_VIRUS)


[ DetectionInfo ]
* Filename: C:\analyzer\scan\KRenameSetup.exe_\noname.nsis.
* Sandbox name: NO_MALWARE
* Signature name: NO_VIRUS.
* Compressed: NO.
* TLS hooks: NO.
* Executable type: N/A.
* Executable file structure: OK.
* Filetype: PE_I386.

[ General information ]
* File length: 1015957 bytes.
* MD5 hash: 98eacb23f9ab7fb1cf3c2e3a143d7fc9.
* SHA1 hash: 9f0f4c8fa4d779be58e0c8cfa0908d5125f45dce.

[ Changes to filesystem ]
* Creates directory C:\WINDOWS\TEMP\.
* Creates file C:\WINDOWS\TEMP\nsb3624.tmp.
* Deletes file C:\WINDOWS\TEMP\nsb3624.tmp.
* Creates file C:\WINDOWS\TEMP\nsv4817.tmp.
* Deletes file C:\WINDOWS\TEMP\nsv4817.tmp.
* Creates directory C:\WINDOWS.
* Creates directory C:\WINDOWS\TEMP.
* Creates directory C:\WINDOWS\TEMP\nsv4817.tmp.
* Creates file C:\WINDOWS\TEMP\nsv4817.tmp\LangDLL.dll.
* Deletes file C:\WINDOWS\TEMP\nsv4817.tmp\LANGDLL.DLL.
* Creates file C:\WINDOWS\wininit.ini.
* Deletes directory C:\WINDOWS\TEMP\nsv4817.tmp\.

[ Changes to registry ]
* Accesses Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ap p Paths\KRename.exe".
* Accesses Registry key "HKLM\Software\Microsoft\Windows\CurrentVersio n".
* Accesses Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Un install\Ken Rename".

[ Process/window information ]
* Creates a window with caption and classname #32770.
* Creates dialog control (static) with id 1030 and caption .
* Creates dialog control (static) with id -1 and caption .
* Creates dialog control (static) with id 76 and caption Please wait while Setup is loading....
* Creates a window with caption Dialog and classname #32770.
* Creates dialog control (combobox) with id 1002 and caption .
* Creates dialog control (button) with id 1 and caption OK.
* Creates dialog control (button) with id 2 and caption Cancel.
* Creates dialog control (static) with id 1007 and caption .
* Creates dialog control (static) with id 1008 and caption .
* Pressing button with id 1.

[ Signature Scanning ]
* C:\WINDOWS\TEMP\nsv4817.tmp\LANGDLL.DLL (5632 bytes) : no signature detection.
* C:\WINDOWS\wininit.ini (55 bytes) : no signature detection.
__________________
The smallest good deed is better than the greatest intention.
Ritho is offline   Reply With Quote