Wintoolkit 1.5.3.3 - dropping

ZeJackalNZ · December 3, 2014

Just noted the following (expected?) behaviour after using Wintoolkit 1.5.3.3 -

It appears to drop the following files into the current user's temp folder

binsis142.xml

binsischeck654.xml

bitool.dll

nsw7B57.tmp

xml.dll

and attempts access the following URLs

http://sub.ellette.info/installers/bi_downloader/1417485662766/setup.exe

http://d27foqb3kkzkt9.cloudfront.net/sdk/binsis/2.2/BiTool.dll

Virus total running over the 1.5.3.3 archive:

Baidu-International Adware.Win32.Somoto.bL 20141202 ESET-NOD32 Win32/Somoto.L 20141203 TrendMicro-HouseCall Suspicious_GEN.F47V1114 20141202

Google Safe browsing on the ellette.info domain:

Diagnostic page for ellette.info

What is the current listing status for ellette.info? What happened when Google visited this site?

This site is not currently listed as suspicious.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

Has this site acted as an intermediary resulting in further distribution of malware?Of the 28 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-12-02, and the last time suspicious content was found on this site was on 2014-12-02.

Malicious software includes 18 trojan(s).

This site was hosted on 2 network(s) including AS16509 (AMAZON-02), AS26496 (26496-GO-DADDY-COM-LLC).

Over the past 90 days, ellette.info did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

Yes, this site has hosted malicious software over the past 90 days. It infected 5 domain(s), including

bit.ly/

,

openofficedl.com/

,

downloadappsforpc.net/

.

This may be another instance of "possible malaicious"\Adware detection but did not seem very kosher to me.