I wasnt sure if this file was safe or not so i wanted some help from the community. I'm sorry that I triple posted, but the report couldn't fit in one post.
Submission Summary:
- Submission details:
- Submission received: 2 July 2010, 14:06:17
- Processing time: 10 min 23 sec
- Submitted sample:
- File MD5: 0x39CB2B084C5DD58191681D8438A33CE8
- File SHA-1: 0xAA35CBA4CCCA8F8AB6993CBB1AC042E49BC9A352
- Filesize: 3,714,376 bytes
- Summary of the findings:
| What's been found | Severity Level |
| Creates a startup registry entry. |  |
| Registers a 32-bit in-process server DLL. |  |
Technical Details:
- The new window was created, as shown below:
NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.
 | File System Modifications |
- The following files were created in the system:
| # | Filename(s) | File Size | File Hash |
| 1 | %CommonDesktopDir%\PPTV Online Video.lnk | 1,214 bytes | MD5: 0x4A34EBF7D0F1955E09FB53C3FF613D72 SHA-1: 0x96DA4088FE9B170CF69A7CB92314C214BF8EF0AD |
| 2 | %Temp%\1.html | 10 bytes | MD5: 0x511E467DD932738E5E743E4EF87AD2EA SHA-1: 0xEFB354D26EE644B2068F3D7051901FB6913B2A80 |
| 3 | %Temp%\nsn3.tmp\SendDAC.exe | 38,272 bytes | MD5: 0x2E80257F9C377301C1184A697271B8AD SHA-1: 0x5F1E9F3D157A581175DB8BADA3A8C8A7B79173AC |
| 4 | %ProgramFiles%\Common Files\PPLiveNetwork\kernel\FWUpnp.dll | 143,720 bytes | MD5: 0xBE2D4B56D5D40AFCA9C804D0776A25C6 SHA-1: 0x7EA48CF0E980FE999F14338F44AD4C57C9B714DE |
| 5 | %ProgramFiles%\Common Files\PPLiveNetwork\kernel\Hookkernel.dll | 255,336 bytes | MD5: 0x9E5EC82AE6EAF73C21B344AF16FC6E37 SHA-1: 0xBFC552D9EC37858B7B197B089E05BAE9733CC42F |
| 6 | %ProgramFiles%\Common Files\PPLiveNetwork\kernel\live\Live.dll | 226,712 bytes | MD5: 0x3DC6CDDE8C48BFCB2BAEE14DDE26940F SHA-1: 0xAAB6D9A5F9D75703B080E0676A6B9DA91E8E19D6 |
| 7 | %ProgramFiles%\Common Files\PPLiveNetwork\kernel\live\mir.dll | 1,107,304 bytes | MD5: 0x489D07C6F131F64BD6668923FB9A3123 SHA-1: 0xA87FFADDC430C11D1D258CC8A3643198C6265D07 |
| 8 | %ProgramFiles%\Common Files\PPLiveNetwork\kernel\peer.dll | 2,237,800 bytes | MD5: 0x1C7909FAE05EC9FE026693EBF3BAC510 SHA-1: 0x3212B1812F6BE62F0F3E1F184F8F5AC78CF2DCBD |
| 9 | %ProgramFiles%\Common Files\PPLiveNetwork\kernel\PPHookShell.dll | 247,144 bytes | MD5: 0xF9B346BCFEC4605755D4435E8EAC34A1 SHA-1: 0xF694ECE30381CA9DC37E18030454A56A737CE4A4 |
| 10 | %ProgramFiles%\Common Files\PPLiveNetwork\kernel\sop.dll | 361,832 bytes | MD5: 0x1681715926806173E6658C60CD723313 SHA-1: 0xE47ECC597ADD50E88A97A6FD8B98F0798AF921FE |
| 11 | %ProgramFiles%\Common Files\PPLiveNetwork\kernel\VAProxyD.dll | 288,104 bytes | MD5: 0x8BC6A1A2E05D0D638E36644378FD4D5F SHA-1: 0xA0242AE90FE80CC7E04591D98165E4498FC18E31 |
| 12 | %ProgramFiles%\Common Files\PPLiveNetwork\MngModule.dll | 833,896 bytes | MD5: 0x52D48F039B1271FE91C4A7275603C7BF SHA-1: 0xE488EF8A8E5CB0FA37A4F706B66E63AA30FE725D |
| 13 | %ProgramFiles%\Common Files\PPLiveNetwork\player\CoreAAC.ax | 319,488 bytes | MD5: 0xB0FFAC757BE8D6CC41E1131EB2B0D959 SHA-1: 0x0E41733A050BC2ED53FDA6337D6501B9942317C2 |
| 14 | %ProgramFiles%\Common Files\PPLiveNetwork\player\CoreAVC.2.0.0.0.ax | 271,872 bytes | MD5: 0xA45CFB1F058297AE981F8AFEEF056B8D SHA-1: 0xE454ED585A0F19D3119CEF725958EA19C93CD7CF |
| 15 | %ProgramFiles%\Common Files\PPLiveNetwork\player\CoreAVC.ax | 185,436 bytes | MD5: 0xC264FED121AFD44BDA8BF0FF8F4E4269 SHA-1: 0x7480A3B26B81045A1504E68E15225682BCC6F440 |
| 16 | %ProgramFiles%\Common Files\PPLiveNetwork\player\HTTP_ASF_SOURCE.ax | 518,144 bytes | MD5: 0xD8DEA47EE79837F435193FB9B6972CC1 SHA-1: 0xD8CE8E1BD0FCAD2D50BC83846F7B16C52987D083 |
| 17 | %ProgramFiles%\Common Files\PPLiveNetwork\player\OPlayer.ocx | 1,109,352 bytes | MD5: 0x025A1F05DEA5771611E075857598A769 SHA-1: 0x4798950C473FF8FD3FF5D546395F41B9588FACA9 |
| 18 | %ProgramFiles%\Common Files\PPLiveNetwork\PPAP.exe | 185,800 bytes | MD5: 0x71D558D35FCCFFA53E6D6414BBF91DE3 SHA-1: 0x4F484219296FDB004168F8B875DC878F3FF6D392 |
| 19 | %ProgramFiles%\Common Files\PPLiveNetwork\product.ini | 165 bytes | MD5: 0xA65BCC3461FEB77C48C9376F0362332C SHA-1: 0xC5793CFBDDFA23782DF6B2B8D30186701787499B |
| 20 | %ProgramFiles%\Common Files\PPLiveNetwork\resource\ikan-p.ico | 129,318 bytes | MD5: 0x96651DCF6E6ACC9966F24B31C84F6937 SHA-1: 0x847E145C951139BB2736EB5F32E82F55B565A0C3 |
| 21 | %ProgramFiles%\Common Files\PPLiveNetwork\resource\PPTV.url | 86 bytes | MD5: 0xE546B760DA76CB20FDB96B40336CE9F9 SHA-1: 0xE17CE30F9E8FDB384456D12BCBA1EBDC800B9E91 |
| 22 | %ProgramFiles%\Common Files\PPLiveNetwork\uilib.dll | 410,960 bytes | MD5: 0xF4DF4ECB3BCCA7D0E10951ABA24C49CE SHA-1: 0x0D36A9DCBDC3895772841E8B97C7C12A39EE7084 |
| 23 | %ProgramFiles%\Internet Explorer\PPLite\plugin\1.0.0.2\mframe.dll | 619,960 bytes | MD5: 0x769EE9999CAE92D8A9A7E573F60A565B SHA-1: 0x1EE8FAC608A7B61E2298FD92CF2C1F8BDF672D06 |
| 24 | %ProgramFiles%\Internet Explorer\PPLite\plugin\1.0.0.2\ppp.dll | 312,768 bytes | MD5: 0xA64FBCE65D35ED31528CC797C2C360B2 SHA-1: 0x3CC0E3052EC73B9DF72887D525F64EF5898F2142 |
| 25 | %ProgramFiles%\Internet Explorer\PPLite\plugin\pplugin2.dll | 239,104 bytes | MD5: 0xB173625530AB5F74D81527D0BAC6E143 SHA-1: 0xC445ED748E034CC4793D76CE3693B637B3187608 |
| 26 | %ProgramFiles%\PPLive\PPLite\ETADPU.DAT | 458 bytes | MD5: 0x105F8B5567FDFEB1BDE2C40CAE4B5B1E SHA-1: 0x187B99A4DAF5C3C945C7EF757A972D040B0F04FB |
| 27 | %ProgramFiles%\PPLive\PPLite\PPLite.exe | 181,632 bytes | MD5: 0xDAFF5F34C1AEBE4620DE396D88AD60D7 SHA-1: 0x448617693BC9452DF15C20DA6ECCA287183531B9 |
| 28 | %ProgramFiles%\PPLive\PPLite\ProductUpdate.dll | 691,048 bytes | MD5: 0x1B019C9E492B632140CF5E6DD9B8683E SHA-1: 0x0EDB62C24E33CFF20EC2617FF739B87339F4EFEE |
| 29 | %ProgramFiles%\PPLive\PPLite\uninst.exe | 216,451 bytes | MD5: 0xCEFB5F9D94D5C0D6BEBFFA45916BA177 SHA-1: 0x624F487B9361C382F2E523881AD4317E87763E0A |
| 30 | [file and pathname of the sample #1] | 3,714,376 bytes | MD5: 0x39CB2B084C5DD58191681D8438A33CE8 SHA-1: 0xAA35CBA4CCCA8F8AB6993CBB1AC042E49BC9A352 |
- Notes:
- %CommonDesktopDir% is a variable that refers to the file system directory that contains files and folders that appear on the desktop for all users. A typical path is C:\Documents and Settings\All Users\Desktop (Windows NT/2000/XP).
- %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
- %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
- The following directories were created:
- %CommonAppData%\PPLive
- %CommonAppData%\PPLive\PPLite
- %Temp%\nsn3.tmp
- %ProgramFiles%\Common Files\PPLiveNetwork
- %ProgramFiles%\Common Files\PPLiveNetwork\kernel
- %ProgramFiles%\Common Files\PPLiveNetwork\kernel\live
- %ProgramFiles%\Common Files\PPLiveNetwork\player
- %ProgramFiles%\Common Files\PPLiveNetwork\resource
- %ProgramFiles%\Internet Explorer\PPLite
- %ProgramFiles%\Internet Explorer\PPLite\plugin
- %ProgramFiles%\Internet Explorer\PPLite\plugin\1.0.0.2
- %ProgramFiles%\PPLive
- %ProgramFiles%\PPLive\PPLite
- Notes:
- %CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
 | Memory Modifications |
- There was a new process created in the system:
| Process Name | Process Filename | Main Module Size |
| [filename of the sample #1] | [file and pathname of the sample #1] | 385,024 bytes |