ZeJackalNZ Posted December 3, 2014 Share Posted December 3, 2014 Just noted the following (expected?) behaviour after using Wintoolkit 1.5.3.3 - It appears to drop the following files into the current user's temp folder binsis142.xmlbinsischeck654.xmlbitool.dllnsw7B57.tmpxml.dll and attempts access the following URLs http://sub.ellette.info/installers/bi_downloader/1417485662766/setup.exehttp://d27foqb3kkzkt9.cloudfront.net/sdk/binsis/2.2/BiTool.dll Virus total running over the 1.5.3.3 archive: Baidu-International Adware.Win32.Somoto.bL 20141202 ESET-NOD32 Win32/Somoto.L 20141203 TrendMicro-HouseCall Suspicious_GEN.F47V1114 20141202 Google Safe browsing on the ellette.info domain: Diagnostic page for ellette.infoWhat is the current listing status for ellette.info? What happened when Google visited this site? This site is not currently listed as suspicious.Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.Has this site acted as an intermediary resulting in further distribution of malware?Of the 28 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-12-02, and the last time suspicious content was found on this site was on 2014-12-02.Malicious software includes 18 trojan(s).This site was hosted on 2 network(s) including AS16509 (AMAZON-02), AS26496 (26496-GO-DADDY-COM-LLC).Over the past 90 days, ellette.info did not appear to function as an intermediary for the infection of any sites.Has this site hosted malware?Yes, this site has hosted malicious software over the past 90 days. It infected 5 domain(s), including bit.ly/, openofficedl.com/, downloadappsforpc.net/. This may be another instance of "possible malaicious"\Adware detection but did not seem very kosher to me.Will switch to the portable version Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.