Trojan.Generic.12555347 (B) (Emsisoft), Trojan.Generic.12555347 (AdAware), mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: f1351428b3e81bf3a6b8972c71a26f0d
SHA1: 4ba7afae75e2202bc6c20d77699d11402091139a
SHA256: 2fca6abb18e622e8ad1be7501f2748f529294bb5086ceb8960aca36defeec731
SSDeep: 12288:AoucvQQACqe5gcEfjpo24PKCNRD2BsnmIvL7m1uMMM7 fiuGXLL:A3cvQYefjZFCNRyBsnxTi15T qb
Size: 732680 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2014-12-10 23:16:41
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
CatalinaUpdate.exe:1976
CatalinaUpdate.exe:1856
CatalinaUpdate.exe:816
%original file name%.exe:1036
The Trojan injects its code into the following process(es):
CatalinaUpdate.exe:152
CatalinaUpdate.exe:636
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process CatalinaUpdate.exe:1976 makes changes in the file system.
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\Install (0 bytes)
The process CatalinaUpdate.exe:152 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\CatalinaUpdateOnDemand.exe (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_hu.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_uk.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_no.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_th.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_fil.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_en.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ja.dll (22 bytes)
%WinDir%\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1844237615-1960408961-1801674531-1003Core.job (948 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_pl.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_fi.dll (26 bytes)
%WinDir%\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1844237615-1960408961-1801674531-1003UA.job (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_pt-PT.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_en-GB.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_fr.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_et.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_sk.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_mr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_bn.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_kn.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_es-419.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_sl.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_sw.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_iw.dll (23 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\CatalinaUpdateBroker.exe (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ta.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ko.dll (21 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_de.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_hr.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_am.dll (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_pt-BR.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_sr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_zh-CN.dll (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\CatalinaCrashHandler.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_zh-TW.dll (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\CatalinaUpdate.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_vi.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_cs.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ar.dll (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ca.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\npCatalinaUpdate3.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_nl.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\psmachine.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_el.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_it.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_sv.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_lv.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ur.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_te.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_is.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ru.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\CatalinaUpdate.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ro.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_id.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\psuser.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_fa.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_lt.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_tr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_bg.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\CatalinaUpdateHelper.msi (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ms.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdate.dll (5873 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_hi.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_es.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ml.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_da.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_gu.dll (26 bytes)
The process %original file name%.exe:1036 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sl.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_gu.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUT2.tmp (22433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_nl.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_te.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sk.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_el.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ru.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_es-419.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_iw.dll (23 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_no.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_tr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_en-GB.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_da.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ro.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_uk.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_zh-TW.dll (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_bn.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ms.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ta.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdateBroker.exe (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_es.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdate.dll (1990 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sw.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_de.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_is.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sv.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fr.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_en.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_cs.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_mr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_pt-BR.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fa.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_kn.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_bg.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_pt-PT.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_id.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fi.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ja.dll (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\npCatalinaUpdate3.dll (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\psuser.dll (161 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ml.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ko.dll (21 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_th.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ca.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_vi.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_hi.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_zh-CN.dll (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_lv.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_hu.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdate.exe (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ar.dll (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_pl.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_hr.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdateHelper.msi (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_lt.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_et.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_am.dll (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\psmachine.dll (155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaCrashHandler.exe (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_it.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fil.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ur.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdateOnDemand.exe (58 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp (0 bytes)
Registry activity
The process CatalinaUpdate.exe:1976 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "53 18 D9 AD E7 BC 90 2D 4C 02 87 5D 10 9C 03 7D"
[HKCU\Software\CatalinaGroup\Update\proxy]
"source" = "IE"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"tttoken"
"iid"
The process CatalinaUpdate.exe:152 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}]
"Policy" = "3"
[HKCU\Software\Classes\CLSID\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}\ProgID]
"(Default)" = "CatalinaGroup.OneClickCtrl.9"
[HKCU\Software\CatalinaGroup\Update\ClientState\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}]
"iid" = "{B856E50C-E696-476C-B31E-A3B6B9C0D96F}"
[HKCU\Software\CatalinaGroup\Update]
"UID" = "{84E50249-9AF3-4FF9-BF29-E4BBF87ECACE}"
[HKCU\Software\Classes\MIME\Database\Content Type\application/x-vnd.catalinahub.oneclickctrl.9]
"CLSID" = "{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}"
[HKCU\Software\Classes\CatalinaGroup.OneClickCtrl.9\CLSID]
"(Default)" = "{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Classes\CLSID\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}]
"(Default)" = "CatalinaGroup Update Plugin"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71216BD6-4D03-4387-BD01-7FE8D9512541}]
"Policy" = "3"
[HKCU\Software\Classes\MIME\Database\Content Type\application/x-vnd.catalinahub.update3webcontrol.3]
"CLSID" = "{71216BD6-4D03-4387-BD01-7FE8D9512541}"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}]
"AppName" = "CatalinaUpdate.exe"
[HKCU\Software\CatalinaGroup\Update]
"Version" = "1.3.25.215"
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"usagestats" = "1"
[HKCU\Software\CatalinaGroup\Update\Clients\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}]
"Name" = "Catalina Update"
[HKCU\Software\MozillaPlugins\@catalinahub.com/CatalinaGroup Update;version=3]
"vendor" = "Catalina Group Ltd."
[HKCU\Software\CatalinaGroup\Update\ClientState\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}]
"InstallTime" = "1425061843"
[HKCU\Software\Classes\CLSID\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\npCatalinaUpdate3.dll"
[HKCU\Software\MozillaPlugins\@catalinahub.com/CatalinaGroup Update;version=3]
"Description" = "CatalinaGroup Update"
[HKCU\Software\Classes\CatalinaGroup.Update3WebControl.3]
"(Default)" = "CatalinaGroup Update Plugin"
[HKCU\Software\MozillaPlugins\@catalinahub.com/CatalinaGroup Update;version=9]
"Path" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\npCatalinaUpdate3.dll"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\MozillaPlugins\@catalinahub.com/CatalinaGroup Update;version=9]
"Description" = "CatalinaGroup Update"
[HKCU\Software\Classes\CLSID\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\MozillaPlugins\@catalinahub.com/CatalinaGroup Update;version=9]
"vendor" = "Catalina Group Ltd."
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}]
"AppPath" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update"
[HKCU\Software\Classes\CLSID\{71216BD6-4D03-4387-BD01-7FE8D9512541}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\npCatalinaUpdate3.dll"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71216BD6-4D03-4387-BD01-7FE8D9512541}]
"AppPath" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215"
[HKCU\Software\CatalinaGroup\Update\ClientState\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}]
"pv" = "1.3.25.215"
"brand" = "GGLS"
[HKCU\Software\Classes\CatalinaGroup.Update3WebControl.3\CLSID]
"(Default)" = "{71216BD6-4D03-4387-BD01-7FE8D9512541}"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71216BD6-4D03-4387-BD01-7FE8D9512541}]
"AppName" = "CatalinaUpdateOnDemand.exe"
[HKCU\Software\CatalinaGroup\Update]
"Path" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\CatalinaUpdate.exe"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update]
"CatalinaUpdate.exe" = "CatalinaGroup Update"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "51 28 DC 37 DF 73 89 01 2B EC 90 F1 DE C1 E6 11"
[HKCU\Software\Classes\CLSID\{71216BD6-4D03-4387-BD01-7FE8D9512541}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCU\Software\CatalinaGroup\Update\Clients\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}]
"pv" = "1.3.25.215"
[HKCU\Software\MozillaPlugins\@catalinahub.com/CatalinaGroup Update;version=3]
"ProductName" = "CatalinaGroup Update"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Classes\CLSID\{71216BD6-4D03-4387-BD01-7FE8D9512541}\ProgID]
"(Default)" = "CatalinaGroup.Update3WebControl.3"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Classes\CatalinaGroup.OneClickCtrl.9]
"(Default)" = "CatalinaGroup Update Plugin"
[HKCU\Software\MozillaPlugins\@catalinahub.com/CatalinaGroup Update;version=9]
"ProductName" = "CatalinaGroup Update"
[HKCU\Software\MozillaPlugins\@catalinahub.com/CatalinaGroup Update;version=3]
"Path" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\npCatalinaUpdate3.dll"
[HKCU\Software\MozillaPlugins\@catalinahub.com/CatalinaGroup Update;version=9]
"Version" = "9"
[HKCU\Software\Classes\CLSID\{71216BD6-4D03-4387-BD01-7FE8D9512541}]
"(Default)" = "CatalinaGroup Update Plugin"
[HKCU\Software\MozillaPlugins\@catalinahub.com/CatalinaGroup Update;version=3]
"Version" = "3"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"CatalinaGroup Update" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\CatalinaUpdate.exe /c"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\CatalinaGroup\Update]
"eulaaccepted"
"ui"
"LastChecked"
[HKCU\Software\CatalinaGroup\Update\ClientState\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}]
"UpdateAvailableSince"
"UpdateAvailableCount"
The process CatalinaUpdate.exe:636 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8E 7F 0A 91 32 53 04 69 9E 8A 2A D4 6B 21 50 5E"
[HKCU\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"usagestats" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\CatalinaGroup\Update]
"eulaaccepted"
The process CatalinaUpdate.exe:1856 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DE 64 6F A6 83 A1 CE 42 85 B6 DF 4B DB 25 1D D2"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_sp_major_version" = "03 00 00 00 00 00 00 00"
[HKCU\Software\CatalinaGroup\Update\proxy]
"source" = "IE"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_minor_version" = "01 00 00 00 00 00 00 00"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"goopdate_main" = "02 00 00 00 00 00 00 00"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_major_version" = "05 00 00 00 00 00 00 00"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"goopdate_constructor" = "02 00 00 00 00 00 00 00"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\CatalinaGroup\Update\network\secure]
"sk"
"c"
The process CatalinaUpdate.exe:816 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13660822-39AC-408C-BA99-702EBEE3EF26}]
"CLSID" = "{13660822-39AC-408C-BA99-702EBEE3EF26}"
[HKCU\Software\Classes\Interface\{A2589E53-1490-4C0A-BFC7-A47B7A88E3D8}]
"(Default)" = "ICatalinaUpdate3WebSecurity"
[HKCU\Software\Classes\CatalinaGroupUpdate.Update3COMClassUser]
"(Default)" = "Update3COMClass"
[HKCU\Software\Classes\Interface\{0E09406F-1420-4BF4-B6EB-F0994674AD68}]
"(Default)" = "IAppBundle"
[HKCU\Software\Classes\CLSID\{554335BD-87F8-43DA-806A-741504EEFF62}\InProcServer32]
"ThreadingModel" = "Both"
[HKCU\Software\Classes\Interface\{3EA78C6E-8267-4554-8EC6-8982D5AF539A}]
"(Default)" = "ICoCreateAsyncStatus"
[HKCU\Software\Classes\Interface\{0E09406F-1420-4BF4-B6EB-F0994674AD68}\NumMethods]
"(Default)" = "39"
[HKCU\Software\Classes\CLSID\{F4CBF20B-F634-4095-B64A-2EBCDD9E560E}\InprocServer32]
"ThreadingModel" = "Both"
[HKCU\Software\Classes\Interface\{34F067BE-C79C-4C5F-8E64-622A3CC59055}\ProxyStubClsid32]
"(Default)" = "{554335BD-87F8-43DA-806A-741504EEFF62}"
[HKCU\Software\Classes\CLSID\{13660822-39AC-408C-BA99-702EBEE3EF26}\LocalServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\CatalinaUpdateOnDemand.exe"
[HKCU\Software\Classes\Interface\{23185EAB-61B0-4B70-BE89-589585B91392}\NumMethods]
"(Default)" = "8"
[HKCU\Software\Classes\Interface\{C1D8630A-9D2D-4E0E-A4A1-8AA5CA3FAE57}\ProxyStubClsid32]
"(Default)" = "{554335BD-87F8-43DA-806A-741504EEFF62}"
[HKCU\Software\Classes\CLSID\{C8362D5A-4303-4E22-8668-BB10D65B95BD}\VersionIndependentProgID]
"(Default)" = "CatalinaGroupUpdate.OnDemandCOMClassUser"
[HKCU\Software\Classes\CLSID\{2823499B-60F3-4940-8042-2C16D5829A39}\VersionIndependentProgID]
"(Default)" = "CatalinaGroupUpdate.Update3WebUser"
[HKCU\Software\Classes\Interface\{7A1A1D82-1E2B-41B8-9FA3-F40D8DD3EEF0}\ProxyStubClsid32]
"(Default)" = "{554335BD-87F8-43DA-806A-741504EEFF62}"
[HKCU\Software\Classes\Interface\{263B5A28-834A-4D1B-AB71-A28E882CC59B}\NumMethods]
"(Default)" = "13"
[HKCU\Software\Classes\CatalinaGroupUpdate.CredentialDialogUser]
"(Default)" = "GoogleUpdate CredentialDialog"
[HKCU\Software\Classes\Interface\{7C9F9415-9947-482C-A62B-24A0BD92B8A7}\NumMethods]
"(Default)" = "4"
[HKCU\Software\Classes\Interface\{A2589E53-1490-4C0A-BFC7-A47B7A88E3D8}\ProxyStubClsid32]
"(Default)" = "{554335BD-87F8-43DA-806A-741504EEFF62}"
[HKCU\Software\Classes\Interface\{C1D8630A-9D2D-4E0E-A4A1-8AA5CA3FAE57}]
"(Default)" = "ICredentialDialog"
[HKCU\Software\Classes\Interface\{A1E6F38D-8C9E-4BDA-86A2-1940472A8429}]
"(Default)" = "ICatalinaUpdate"
[HKCU\Software\Classes\Interface\{FFC6ECB2-25E8-40EE-BF37-5AA25CBCBA63}\NumMethods]
"(Default)" = "10"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"goopdate_main" = "01 00 00 00 00 00 00 00"
[HKCU\Software\Classes\Interface\{D085AC3B-E5CC-40C9-8366-C12ADC489967}\ProxyStubClsid32]
"(Default)" = "{554335BD-87F8-43DA-806A-741504EEFF62}"
[HKCU\Software\Classes\Interface\{789E3792-8514-4ED5-90F3-5B525275B953}\ProxyStubClsid32]
"(Default)" = "{554335BD-87F8-43DA-806A-741504EEFF62}"
[HKCU\Software\Classes\Interface\{FCD277CC-8D3E-4264-80D3-98E7B05E2E8A}\ProxyStubClsid32]
"(Default)" = "{554335BD-87F8-43DA-806A-741504EEFF62}"
[HKCU\Software\Classes\CLSID\{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}]
"(Default)" = "Update3COMClass"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_sp_major_version" = "03 00 00 00 00 00 00 00"
[HKCU\Software\Classes\CLSID\{73436A91-85A6-4850-A7D0-375C4E369A5A}\ProgID]
"(Default)" = "CatalinaGroupUpdate.CredentialDialogUser.1.0"
[HKCU\Software\Classes\CLSID\{13660822-39AC-408C-BA99-702EBEE3EF26}]
"(Default)" = "CatalinaGroup.OneClickProcessLauncher"
[HKCU\Software\Classes\Interface\{263B5A28-834A-4D1B-AB71-A28E882CC59B}\ProxyStubClsid32]
"(Default)" = "{554335BD-87F8-43DA-806A-741504EEFF62}"
[HKCU\Software\Classes\CLSID\{C8362D5A-4303-4E22-8668-BB10D65B95BD}]
"(Default)" = "Google Update Legacy On Demand"
[HKCU\Software\Classes\CatalinaGroupUpdate.Update3WebUser\CurVer]
"(Default)" = "CatalinaGroupUpdate.Update3WebUser.1.0"
[HKCU\Software\Classes\Interface\{FCD277CC-8D3E-4264-80D3-98E7B05E2E8A}\NumMethods]
"(Default)" = "10"
[HKCU\Software\Classes\Interface\{CBAC6FCC-819A-443D-98BB-E7A122DCCAE3}\NumMethods]
"(Default)" = "4"
[HKCU\Software\Classes\Interface\{7C9F9415-9947-482C-A62B-24A0BD92B8A7}\ProxyStubClsid32]
"(Default)" = "{554335BD-87F8-43DA-806A-741504EEFF62}"
[HKCU\Software\Classes\Interface\{0CD725CD-5650-4F13-91DA-E42FAA9687E8}\ProxyStubClsid32]
"(Default)" = "{554335BD-87F8-43DA-806A-741504EEFF62}"
[HKCU\Software\Classes\CatalinaGroupUpdate.Update3WebUser\CLSID]
"(Default)" = "{2823499B-60F3-4940-8042-2C16D5829A39}"
[HKCU\Software\Classes\Interface\{FCD277CC-8D3E-4264-80D3-98E7B05E2E8A}]
"(Default)" = "IAppVersionWeb"
[HKCU\Software\Classes\CatalinaGroupUpdate.CredentialDialogUser.1.0]
"(Default)" = "GoogleUpdate CredentialDialog"
[HKCU\Software\Classes\Interface\{84BA4DAC-82EA-4DC8-BCB0-B69DD6E95670}\ProxyStubClsid32]
"(Default)" = "{554335BD-87F8-43DA-806A-741504EEFF62}"
[HKCU\Software\Classes\CLSID\{554335BD-87F8-43DA-806A-741504EEFF62}]
"(Default)" = "PSFactoryBuffer"
[HKCU\Software\Classes\Interface\{F009E353-D4BD-42FE-994E-F6C315055F9B}\ProxyStubClsid32]
"(Default)" = "{554335BD-87F8-43DA-806A-741504EEFF62}"
[HKCU\Software\Classes\CatalinaGroupUpdate.Update3COMClassUser\CurVer]
"(Default)" = "CatalinaGroupUpdate.Update3COMClassUser.1.0"
[HKCU\Software\Classes\CLSID\{73436A91-85A6-4850-A7D0-375C4E369A5A}\VersionIndependentProgID]
"(Default)" = "CatalinaGroupUpdate.CredentialDialogUser"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_minor_version" = "01 00 00 00 00 00 00 00"
[HKCU\Software\Classes\Interface\{CBAC6FCC-819A-443D-98BB-E7A122DCCAE3}]
"(Default)" = "IOneClickProcessLauncher"
[HKCU\Software\Classes\Interface\{051D14B3-CF0F-4CCA-B8FE-AF9E007ACD43}\NumMethods]
"(Default)" = "4"
[HKCU\Software\Classes\Interface\{051D14B3-CF0F-4CCA-B8FE-AF9E007ACD43}]
"(Default)" = "ICoCreateAsync"
[HKCU\Software\Classes\Interface\{F9F2D675-F172-42F2-A26E-6453B80EA7F1}]
"(Default)" = "ICurrentState"
[HKCU\Software\Classes\CLSID\{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}\ProgID]
"(Default)" = "CatalinaGroupUpdate.Update3COMClassUser.1.0"
[HKCU\Software\Classes\Interface\{789E3792-8514-4ED5-90F3-5B525275B953}]
"(Default)" = "IAppBundleWeb"
[HKCU\Software\Classes\Interface\{D085AC3B-E5CC-40C9-8366-C12ADC489967}]
"(Default)" = "IApp"
[HKCU\Software\Classes\Interface\{A1E6F38D-8C9E-4BDA-86A2-1940472A8429}\NumMethods]
"(Default)" = "5"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Integers]
"windows_major_version" = "05 00 00 00 00 00 00 00"
[HKCU\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser\CLSID]
"(Default)" = "{13660822-39AC-408C-BA99-702EBEE3EF26}"
[HKCU\Software\Classes\CLSID\{554335BD-87F8-43DA-806A-741504EEFF62}\InProcServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\psuser.dll"
[HKCU\Software\Classes\Interface\{A1E6F38D-8C9E-4BDA-86A2-1940472A8429}\ProxyStubClsid32]
"(Default)" = "{554335BD-87F8-43DA-806A-741504EEFF62}"
[HKCU\Software\Classes\CatalinaGroupUpdate.CredentialDialogUser\CLSID]
"(Default)" = "{73436A91-85A6-4850-A7D0-375C4E369A5A}"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9F E8 F0 AC CC D9 6A C8 3F F6 8A 07 84 81 25 62"
[HKCU\Software\Classes\Interface\{D085AC3B-E5CC-40C9-8366-C12ADC489967}\NumMethods]
"(Default)" = "44"
[HKCU\Software\Classes\CLSID\{13660822-39AC-408C-BA99-702EBEE3EF26}\VersionIndependentProgID]
"(Default)" = "CatalinaGroup.OneClickProcessLauncherUser"
[HKCU\Software\Classes\CatalinaGroupUpdate.Update3WebUser.1.0]
"(Default)" = "GoogleUpdate Update3Web"
[HKCU\Software\Classes\Interface\{C1D8630A-9D2D-4E0E-A4A1-8AA5CA3FAE57}\NumMethods]
"(Default)" = "4"
[HKCU\Software\Classes\Interface\{0CD725CD-5650-4F13-91DA-E42FAA9687E8}\NumMethods]
"(Default)" = "10"
[HKCU\Software\Classes\Interface\{34F067BE-C79C-4C5F-8E64-622A3CC59055}\NumMethods]
"(Default)" = "9"
[HKCU\Software\Classes\Interface\{EC3867B7-B9EF-494E-B42B-BA009D57D90E}\NumMethods]
"(Default)" = "6"
[HKCU\Software\Classes\Interface\{6B6DE56F-09F2-4343-80AD-28E5D6CB78F9}\ProxyStubClsid32]
"(Default)" = "{554335BD-87F8-43DA-806A-741504EEFF62}"
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13660822-39AC-408C-BA99-702EBEE3EF26}]
"Policy" = "3"
[HKCU\Software\Classes\Interface\{F9F2D675-F172-42F2-A26E-6453B80EA7F1}\ProxyStubClsid32]
"(Default)" = "{554335BD-87F8-43DA-806A-741504EEFF62}"
[HKCU\Software\Classes\Interface\{0E09406F-1420-4BF4-B6EB-F0994674AD68}\ProxyStubClsid32]
"(Default)" = "{554335BD-87F8-43DA-806A-741504EEFF62}"
[HKCU\Software\Classes\Interface\{6B6DE56F-09F2-4343-80AD-28E5D6CB78F9}\NumMethods]
"(Default)" = "14"
[HKCU\Software\Classes\CLSID\{2823499B-60F3-4940-8042-2C16D5829A39}\ProgID]
"(Default)" = "CatalinaGroupUpdate.Update3WebUser.1.0"
[HKCU\Software\Classes\Interface\{7C9F9415-9947-482C-A62B-24A0BD92B8A7}]
"(Default)" = "ICatalinaUpdateCore"
[HKCU\Software\Classes\Interface\{3EA78C6E-8267-4554-8EC6-8982D5AF539A}\NumMethods]
"(Default)" = "10"
[HKCU\Software\Classes\CLSID\{73436A91-85A6-4850-A7D0-375C4E369A5A}\LocalServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\CatalinaUpdateOnDemand.exe"
[HKCU\Software\Classes\Interface\{051D14B3-CF0F-4CCA-B8FE-AF9E007ACD43}\ProxyStubClsid32]
"(Default)" = "{554335BD-87F8-43DA-806A-741504EEFF62}"
[HKCU\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser.1.0]
"(Default)" = "CatalinaGroup.OneClickProcessLauncher"
[HKCU\Software\Classes\CLSID\{2823499B-60F3-4940-8042-2C16D5829A39}]
"(Default)" = "GoogleUpdate Update3Web"
[HKCU\Software\Classes\CLSID\{13660822-39AC-408C-BA99-702EBEE3EF26}\ProgID]
"(Default)" = "CatalinaGroup.OneClickProcessLauncherUser.1.0"
[HKCU\Software\Classes\Interface\{CBAC6FCC-819A-443D-98BB-E7A122DCCAE3}\ProxyStubClsid32]
"(Default)" = "{554335BD-87F8-43DA-806A-741504EEFF62}"
[HKCU\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser\CurVer]
"(Default)" = "CatalinaGroup.OneClickProcessLauncherUser.1.0"
[HKCU\Software\Classes\CLSID\{2823499B-60F3-4940-8042-2C16D5829A39}\LocalServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\CatalinaUpdateOnDemand.exe"
[HKCU\Software\Classes\Interface\{FFC6ECB2-25E8-40EE-BF37-5AA25CBCBA63}\ProxyStubClsid32]
"(Default)" = "{554335BD-87F8-43DA-806A-741504EEFF62}"
[HKCU\Software\Classes\Interface\{84BA4DAC-82EA-4DC8-BCB0-B69DD6E95670}\NumMethods]
"(Default)" = "10"
[HKCU\Software\CatalinaGroup\Update\UsageStats\Daily\Counts]
"goopdate_constructor" = "01 00 00 00 00 00 00 00"
[HKCU\Software\Classes\Interface\{FFC6ECB2-25E8-40EE-BF37-5AA25CBCBA63}]
"(Default)" = "ICatalinaUpdate3"
[HKCU\Software\Classes\Interface\{263B5A28-834A-4D1B-AB71-A28E882CC59B}]
"(Default)" = "IJobObserver"
[HKCU\Software\Classes\Interface\{0CD725CD-5650-4F13-91DA-E42FAA9687E8}]
"(Default)" = "IAppVersion"
[HKCU\Software\Classes\CatalinaGroupUpdate.OnDemandCOMClassUser.1.0]
"(Default)" = "Google Update Legacy On Demand"
[HKCU\Software\Classes\CLSID\{D6C70234-3948-4009-8568-A538F47646CB}\InprocHandler32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\psuser.dll"
[HKCU\Software\Classes\Interface\{F009E353-D4BD-42FE-994E-F6C315055F9B}]
"(Default)" = "ICatalinaUpdate3Web"
[HKCU\Software\Classes\Interface\{F009E353-D4BD-42FE-994E-F6C315055F9B}\NumMethods]
"(Default)" = "8"
[HKCU\Software\Classes\Interface\{A2589E53-1490-4C0A-BFC7-A47B7A88E3D8}\NumMethods]
"(Default)" = "4"
[HKCU\Software\Classes\Interface\{23185EAB-61B0-4B70-BE89-589585B91392}\ProxyStubClsid32]
"(Default)" = "{554335BD-87F8-43DA-806A-741504EEFF62}"
[HKCU\Software\Classes\Interface\{EC3867B7-B9EF-494E-B42B-BA009D57D90E}\ProxyStubClsid32]
"(Default)" = "{554335BD-87F8-43DA-806A-741504EEFF62}"
[HKCU\Software\Classes\CLSID\{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}\VersionIndependentProgID]
"(Default)" = "CatalinaGroupUpdate.Update3COMClassUser"
[HKCU\Software\Classes\CatalinaGroupUpdate.OnDemandCOMClassUser\CLSID]
"(Default)" = "{C8362D5A-4303-4E22-8668-BB10D65B95BD}"
[HKCU\Software\Classes\Interface\{7A1A1D82-1E2B-41B8-9FA3-F40D8DD3EEF0}]
"(Default)" = "IBrowserHttpRequest2"
[HKCU\Software\Classes\CLSID\{F4CBF20B-F634-4095-B64A-2EBCDD9E560E}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\psuser.dll"
[HKCU\Software\Classes\CatalinaGroupUpdate.Update3WebUser.1.0\CLSID]
"(Default)" = "{2823499B-60F3-4940-8042-2C16D5829A39}"
[HKCU\Software\Classes\CatalinaGroupUpdate.Update3COMClassUser.1.0]
"(Default)" = "Update3COMClass"
[HKCU\Software\Classes\Interface\{789E3792-8514-4ED5-90F3-5B525275B953}\NumMethods]
"(Default)" = "24"
[HKCU\Software\Classes\Interface\{84BA4DAC-82EA-4DC8-BCB0-B69DD6E95670}]
"(Default)" = "IPackage"
[HKCU\Software\Classes\Interface\{7A1A1D82-1E2B-41B8-9FA3-F40D8DD3EEF0}\NumMethods]
"(Default)" = "4"
[HKCU\Software\Classes\CLSID\{C8362D5A-4303-4E22-8668-BB10D65B95BD}\LocalServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\CatalinaUpdateOnDemand.exe"
[HKCU\Software\Classes\Interface\{3EA78C6E-8267-4554-8EC6-8982D5AF539A}\ProxyStubClsid32]
"(Default)" = "{554335BD-87F8-43DA-806A-741504EEFF62}"
[HKCU\Software\Classes\CLSID\{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}\LocalServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\CatalinaUpdate.exe"
[HKCU\Software\Classes\CatalinaGroupUpdate.Update3COMClassUser.1.0\CLSID]
"(Default)" = "{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}"
[HKCU\Software\Classes\Interface\{6B6DE56F-09F2-4343-80AD-28E5D6CB78F9}]
"(Default)" = "IAppWeb"
[HKCU\Software\Classes\CatalinaGroupUpdate.OnDemandCOMClassUser.1.0\CLSID]
"(Default)" = "{C8362D5A-4303-4E22-8668-BB10D65B95BD}"
[HKCU\Software\Classes\CatalinaGroupUpdate.Update3WebUser]
"(Default)" = "GoogleUpdate Update3Web"
[HKCU\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser]
"(Default)" = "CatalinaGroup.OneClickProcessLauncher"
[HKCU\Software\Classes\CLSID\{D6C70234-3948-4009-8568-A538F47646CB}\InprocHandler32]
"ThreadingModel" = "Both"
[HKCU\Software\Classes\Interface\{F9F2D675-F172-42F2-A26E-6453B80EA7F1}\NumMethods]
"(Default)" = "24"
[HKCU\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser.1.0\CLSID]
"(Default)" = "{13660822-39AC-408C-BA99-702EBEE3EF26}"
[HKCU\Software\Classes\Interface\{EC3867B7-B9EF-494E-B42B-BA009D57D90E}]
"(Default)" = "IProcessLauncher"
[HKCU\Software\Classes\CatalinaGroupUpdate.OnDemandCOMClassUser\CurVer]
"(Default)" = "CatalinaGroupUpdate.OnDemandCOMClassUser.1.0"
[HKCU\Software\Classes\CLSID\{C8362D5A-4303-4E22-8668-BB10D65B95BD}\ProgID]
"(Default)" = "CatalinaGroupUpdate.OnDemandCOMClassUser.1.0"
[HKCU\Software\Classes\CatalinaGroupUpdate.Update3COMClassUser\CLSID]
"(Default)" = "{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}"
[HKCU\Software\Classes\CatalinaGroupUpdate.CredentialDialogUser\CurVer]
"(Default)" = "CatalinaGroupUpdate.CredentialDialogUser.1.0"
[HKCU\Software\Classes\Interface\{34F067BE-C79C-4C5F-8E64-622A3CC59055}]
"(Default)" = "IProgressWndEvents"
[HKCU\Software\Classes\CatalinaGroupUpdate.OnDemandCOMClassUser]
"(Default)" = "Google Update Legacy On Demand"
[HKCU\Software\Classes\CLSID\{73436A91-85A6-4850-A7D0-375C4E369A5A}]
"(Default)" = "GoogleUpdate CredentialDialog"
[HKCU\Software\Classes\CatalinaGroupUpdate.CredentialDialogUser.1.0\CLSID]
"(Default)" = "{73436A91-85A6-4850-A7D0-375C4E369A5A}"
[HKCU\Software\Classes\Interface\{23185EAB-61B0-4B70-BE89-589585B91392}]
"(Default)" = "IRegistrationUpdateHook"
The Trojan deletes the following registry key(s):
[HKCU\Software\Classes\CLSID\{F4CBF20B-F634-4095-B64A-2EBCDD9E560E}]
[HKCU\Software\Classes\CLSID\{F4CBF20B-F634-4095-B64A-2EBCDD9E560E}\InprocServer32]
[HKCU\Software\Classes\CLSID\{D6C70234-3948-4009-8568-A538F47646CB}\InprocHandler32]
[HKCU\Software\Classes\CLSID\{D6C70234-3948-4009-8568-A538F47646CB}]
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\CatalinaGroup\Update\network\secure]
"sk"
"c"
The process %original file name%.exe:1036 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C6 2B 34 1D 74 CC 34 E2 BC 03 14 5A 81 B9 74 D6"
Dropped PE files
| MD5 | File path |
|---|---|
| 6cea215160ae4188fee4a92ef15dda05 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\CatalinaCrashHandler.exe |
| 6cea215160ae4188fee4a92ef15dda05 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\CatalinaUpdate.exe |
| 7ad1bcd40606876cb6680d83c9ec989a | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\CatalinaUpdateBroker.exe |
| 2b3cf7ea69432a594e10f40cb922ac26 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\CatalinaUpdateOnDemand.exe |
| 2c2b5f94feeb782f83bb15f016a6bf68 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdate.dll |
| aaf96cdd105289e7ff35394d325cc3dc | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_am.dll |
| a399a7747af02e7f6289398aa2265c3c | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ar.dll |
| c3b2b4701849ea07b96fa137a6e94e02 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_bg.dll |
| de800351848d365dd563631771f5b5b0 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_bn.dll |
| d8e741a14434f59b778db9e562625838 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ca.dll |
| 6e27092a569dda3f4b0aa1a9948089a2 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_cs.dll |
| c72c8072a466e9a32d2a926071bc400c | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_da.dll |
| 387cc6ea3e3b20fb7e55be314cf41ef9 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_de.dll |
| fa3a9047608e216c68e83f3b3f4e62ec | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_el.dll |
| c18e8508c8b691aad860de077390d9d3 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_en-GB.dll |
| f8e1288bb72f67c25c367e5a61651bca | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_en.dll |
| e67f2ba7b2d5e2841e7f317080f3fd62 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_es-419.dll |
| 4a80f1645d7dd9e9b1392841ad02d970 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_es.dll |
| d83ed084a47c3352d5e68404500ce4af | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_et.dll |
| a420edd640c17822899c730af0d516ad | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_fa.dll |
| 028b1d4af503a3209383ad0a2e1c6dac | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_fi.dll |
| 428a992a1329cebe4c48bb7d54ba44d7 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_fil.dll |
| 6805edac4a9be23a70947c5d990dbf8c | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_fr.dll |
| f7e7d920bf9c0e98d350dd19a0dff5c3 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_gu.dll |
| 05770102a6c300aa14d917b773b13f72 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_hi.dll |
| 4c7c2b2f13eb1d17fdeb8974f1b9a1ab | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_hr.dll |
| 5ae0ab73c27fa94752554f811e54548e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_hu.dll |
| 571702223ba20e311291c4641db8a0e5 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_id.dll |
| b60ad05c51a0deb944c9b6d515ba3f75 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_is.dll |
| d140749f5da947cad9d95a568c92a412 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_it.dll |
| 7572629ccdc27e59f98185b0b100a81d | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_iw.dll |
| e00fc2475ee6221a470f7a02304ef577 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ja.dll |
| 1f9c169f28c96a84ad699ad7d8e8ecea | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_kn.dll |
| 5426cd1549caf223134627d50c8f2fd7 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ko.dll |
| fcedbb1d3960e1ed1f208e426b461e47 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_lt.dll |
| 677c82aee1a8e1bc1d8679051a7a7ef6 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_lv.dll |
| 5adbacbe7871978d5487e50d4f9d5fd9 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ml.dll |
| 7a7e9bbf621bd0310b27a29dae338b25 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_mr.dll |
| f55cca95c0ce7bb9dd0df7426d0850b7 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ms.dll |
| b635337f96458e4240d6d36a0f1ad0c0 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_nl.dll |
| a9d7acb329bb58291371783bfd765747 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_no.dll |
| 151e2197c465d69f0531f1eda0ae723e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_pl.dll |
| 16f588b707fa9574c2c4c033442a54bc | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_pt-BR.dll |
| 742c5173ad19be9995323f9aa55c7ce6 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_pt-PT.dll |
| 9187e5a69439016f6d87d2400433652f | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ro.dll |
| 1088f9f75d48492f9a59b327a1b4150f | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ru.dll |
| 7aa2aa0182bf743aee50f0da6211fc25 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_sk.dll |
| 9f97e32ab67e6176a310f80750195055 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_sl.dll |
| 80d3b8af8f5ea5fabc59f6c3871f8c8b | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_sr.dll |
| 172d968afada4520e29d1fd274f89a4f | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_sv.dll |
| 7fc9f569c18a6dea813dd9a596aedb59 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_sw.dll |
| ef7097038ed66124b148e2a796f591c3 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ta.dll |
| 30ff6ccc5934ac9b9feec18c17534324 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_te.dll |
| 3405f18d69e7a10e02258f0cee5ca9a4 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_th.dll |
| d07cd67deabd1d6bcbfd581eddb55191 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_tr.dll |
| b5a72b466f81ab67a4efb1e8925fc4bc | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_uk.dll |
| cec3e2877c12ec603e0f0c523909717e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ur.dll |
| b31627a3b5d15e05b94c1261f3b3b85a | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_vi.dll |
| b397baf228f38e28e2690ddb20852bce | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_zh-CN.dll |
| 1b0dea6bce09f17beec9646bae225517 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_zh-TW.dll |
| 5d092b19ed729ece612a2247cf45c358 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\npCatalinaUpdate3.dll |
| 4c3a99424c4a6fa0cfde4261b8c784d5 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\psmachine.dll |
| 6c87927c9537cc20f16943bded647e30 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\psuser.dll |
| 6cea215160ae4188fee4a92ef15dda05 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\CatalinaGroup\Update\CatalinaUpdate.exe |
| 6cea215160ae4188fee4a92ef15dda05 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\CatalinaCrashHandler.exe |
| 6cea215160ae4188fee4a92ef15dda05 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\CatalinaUpdate.exe |
| 7ad1bcd40606876cb6680d83c9ec989a | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\CatalinaUpdateBroker.exe |
| 2b3cf7ea69432a594e10f40cb922ac26 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\CatalinaUpdateOnDemand.exe |
| 2c2b5f94feeb782f83bb15f016a6bf68 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdate.dll |
| aaf96cdd105289e7ff35394d325cc3dc | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_am.dll |
| a399a7747af02e7f6289398aa2265c3c | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ar.dll |
| c3b2b4701849ea07b96fa137a6e94e02 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_bg.dll |
| de800351848d365dd563631771f5b5b0 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_bn.dll |
| d8e741a14434f59b778db9e562625838 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ca.dll |
| 6e27092a569dda3f4b0aa1a9948089a2 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_cs.dll |
| c72c8072a466e9a32d2a926071bc400c | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_da.dll |
| 387cc6ea3e3b20fb7e55be314cf41ef9 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_de.dll |
| fa3a9047608e216c68e83f3b3f4e62ec | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_el.dll |
| c18e8508c8b691aad860de077390d9d3 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_en-GB.dll |
| f8e1288bb72f67c25c367e5a61651bca | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_en.dll |
| e67f2ba7b2d5e2841e7f317080f3fd62 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_es-419.dll |
| 4a80f1645d7dd9e9b1392841ad02d970 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_es.dll |
| d83ed084a47c3352d5e68404500ce4af | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_et.dll |
| a420edd640c17822899c730af0d516ad | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_fa.dll |
| 028b1d4af503a3209383ad0a2e1c6dac | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_fi.dll |
| 428a992a1329cebe4c48bb7d54ba44d7 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_fil.dll |
| 6805edac4a9be23a70947c5d990dbf8c | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_fr.dll |
| f7e7d920bf9c0e98d350dd19a0dff5c3 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_gu.dll |
| 05770102a6c300aa14d917b773b13f72 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_hi.dll |
| 4c7c2b2f13eb1d17fdeb8974f1b9a1ab | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_hr.dll |
| 5ae0ab73c27fa94752554f811e54548e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_hu.dll |
| 571702223ba20e311291c4641db8a0e5 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_id.dll |
| b60ad05c51a0deb944c9b6d515ba3f75 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_is.dll |
| d140749f5da947cad9d95a568c92a412 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_it.dll |
| 7572629ccdc27e59f98185b0b100a81d | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_iw.dll |
| e00fc2475ee6221a470f7a02304ef577 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ja.dll |
| 1f9c169f28c96a84ad699ad7d8e8ecea | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_kn.dll |
| 5426cd1549caf223134627d50c8f2fd7 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ko.dll |
| fcedbb1d3960e1ed1f208e426b461e47 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_lt.dll |
| 677c82aee1a8e1bc1d8679051a7a7ef6 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_lv.dll |
| 5adbacbe7871978d5487e50d4f9d5fd9 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ml.dll |
| 7a7e9bbf621bd0310b27a29dae338b25 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_mr.dll |
| f55cca95c0ce7bb9dd0df7426d0850b7 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ms.dll |
| b635337f96458e4240d6d36a0f1ad0c0 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_nl.dll |
| a9d7acb329bb58291371783bfd765747 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_no.dll |
| 151e2197c465d69f0531f1eda0ae723e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_pl.dll |
| 16f588b707fa9574c2c4c033442a54bc | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_pt-BR.dll |
| 742c5173ad19be9995323f9aa55c7ce6 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_pt-PT.dll |
| 9187e5a69439016f6d87d2400433652f | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ro.dll |
| 1088f9f75d48492f9a59b327a1b4150f | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ru.dll |
| 7aa2aa0182bf743aee50f0da6211fc25 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_sk.dll |
| 9f97e32ab67e6176a310f80750195055 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_sl.dll |
| 80d3b8af8f5ea5fabc59f6c3871f8c8b | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_sr.dll |
| 172d968afada4520e29d1fd274f89a4f | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_sv.dll |
| 7fc9f569c18a6dea813dd9a596aedb59 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_sw.dll |
| ef7097038ed66124b148e2a796f591c3 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ta.dll |
| 30ff6ccc5934ac9b9feec18c17534324 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_te.dll |
| 3405f18d69e7a10e02258f0cee5ca9a4 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_th.dll |
| d07cd67deabd1d6bcbfd581eddb55191 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_tr.dll |
| b5a72b466f81ab67a4efb1e8925fc4bc | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_uk.dll |
| cec3e2877c12ec603e0f0c523909717e | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_ur.dll |
| b31627a3b5d15e05b94c1261f3b3b85a | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_vi.dll |
| b397baf228f38e28e2690ddb20852bce | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_zh-CN.dll |
| 1b0dea6bce09f17beec9646bae225517 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\goopdateres_zh-TW.dll |
| 5d092b19ed729ece612a2247cf45c358 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\npCatalinaUpdate3.dll |
| 4c3a99424c4a6fa0cfde4261b8c784d5 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\psmachine.dll |
| 6c87927c9537cc20f16943bded647e30 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\GUM1.tmp\psuser.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
CatalinaUpdate.exe:1976
CatalinaUpdate.exe:1856
CatalinaUpdate.exe:816
%original file name%.exe:1036 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\CatalinaUpdateOnDemand.exe (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_hu.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_uk.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_no.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_th.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_fil.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_en.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ja.dll (22 bytes)
%WinDir%\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1844237615-1960408961-1801674531-1003Core.job (948 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_pl.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_fi.dll (26 bytes)
%WinDir%\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1844237615-1960408961-1801674531-1003UA.job (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_pt-PT.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_en-GB.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_fr.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_et.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_sk.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_mr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_bn.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_kn.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_es-419.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_sl.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_sw.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_iw.dll (23 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\CatalinaUpdateBroker.exe (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ta.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ko.dll (21 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_de.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_hr.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_am.dll (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_pt-BR.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_sr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_zh-CN.dll (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\CatalinaCrashHandler.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_zh-TW.dll (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\CatalinaUpdate.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_vi.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_cs.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ar.dll (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ca.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\npCatalinaUpdate3.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_nl.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\psmachine.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_el.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_it.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_sv.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_lv.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ur.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_te.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_is.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ru.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\CatalinaUpdate.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ro.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_id.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\psuser.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_fa.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_lt.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_tr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_bg.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\CatalinaUpdateHelper.msi (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ms.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdate.dll (5873 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_hi.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_es.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_ml.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_da.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\1.3.25.215\goopdateres_gu.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sl.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_gu.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUT2.tmp (22433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_nl.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_te.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sk.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_el.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ru.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_es-419.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_iw.dll (23 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_no.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_tr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_en-GB.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_da.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ro.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_uk.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_zh-TW.dll (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_bn.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ms.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ta.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdateBroker.exe (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_es.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdate.dll (1990 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sw.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_de.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_is.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_sv.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fr.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_en.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_cs.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_mr.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_pt-BR.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fa.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_kn.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_bg.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_pt-PT.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_id.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fi.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ja.dll (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\npCatalinaUpdate3.dll (237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\psuser.dll (161 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ml.dll (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ko.dll (21 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_th.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ca.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_vi.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_hi.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_zh-CN.dll (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_lv.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_hu.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdate.exe (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ar.dll (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_pl.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_hr.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdateHelper.msi (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_lt.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_et.dll (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_am.dll (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\psmachine.dll (155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaCrashHandler.exe (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_it.dll (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_fil.dll (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\goopdateres_ur.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GUM1.tmp\CatalinaUpdateOnDemand.exe (58 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"CatalinaGroup Update" = "%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\CatalinaUpdate.exe /c" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: Catalina Group Ltd.
Product Name: CatalinaGroup Update
Product Version: 1.3.25.215
Legal Copyright: Copyright 2013 Catalina Group Ltd.
Legal Trademarks:
Original Filename: CatalinaUpdateSetup.exe
Internal Name: CatalinaGroup Update Setup
File Version: 1.3.25.215
File Description: CatalinaGroup Update Setup
Comments:
Language: Language Neutral
Company Name: Catalina Group Ltd.Product Name: CatalinaGroup UpdateProduct Version: 1.3.25.215Legal Copyright: Copyright 2013 Catalina Group Ltd.Legal Trademarks: Original Filename: CatalinaUpdateSetup.exeInternal Name: CatalinaGroup Update SetupFile Version: 1.3.25.215File Description: CatalinaGroup Update SetupComments: Language: Language Neutral
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 47535 | 47616 | 4.63666 | da072aeedacb67c58ca3952875d79a2b |
| .rdata | 53248 | 10788 | 11264 | 3.70551 | cc85a67bbda310b5aa377cecaa3156cf |
| .data | 65536 | 6428 | 3584 | 1.72368 | 8e425fbedc6927dfabb8fdfaaf8e8d97 |
| .rsrc | 73728 | 659744 | 659968 | 5.30312 | 89169e477c01dd8186928471af10e787 |
| .reloc | 737280 | 5598 | 5632 | 2.64966 | 17957bd86fff892742280f82a0bf537a |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 16
52e93d93473e442df41b45a8df00f628
54377355d4b7290a0a998471c7846e24
d832665608fcf53ef06453b7932a39d2
bf20e4684fc070983c29557b1f2b8728
3f4b2b26245f3679f51cedafcfbb7815
f36dddc368f66380c5a0dcae5f68a86a
7596819db358e116e206821a6508a77a
d5920889911ace49d013c03ea70a0526
d931749be1fbc569b0871bdbfa5aec24
cb01ead685dd56990c0c9e610c52c810
ebd74ee6007cc6ec1e790edb7f3b21ac
a51e088751e1c2f05f4cca3124aff881
5f6e40882047b48ad3a9372cf3fb0747
1a6d4ed37dab4cc2cc2d731b08b7b100
94ef08fc3d994e8dbdb57e69c1f0c844
6466bc55d8e289bc0952cf54f03b0222
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://catalinahub.com/update/ping | 162.252.82.211 |
| hxxp://catalinahub.com/update/check?w=3:n5cHmC1Lyn5ne8SUtlLZ5TBY1Q6jcRa2_Sk-eH9vBDrXRS7zRTAVEmyB6xhXCrdzgva7UT30pVjlwNNPLUsVDELYV-To_Z_X2o-p8PgZ2rvOuMYEqUvF4J02ISmPEru3SJUoes4_kqfqZV4tWHJbSipcTnitr-uTWCDb-r82jI8 | 162.252.82.211 |
| hxxp://catalinahub.com/update/check | 162.252.82.211 |
| hxxp://catalinahub.silvercdn.com/download/citrio_40.0.2214.250_1.exe | |
| hxxp://static.citrio.com/download/citrio_40.0.2214.250_1.exe | 46.234.113.79 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
POST /update/check HTTP/1.1
User-Agent: Google Update/1.3.25.215;winhttp
X-Last-HR: 0x80040880
X-Last-HTTP-Status-Code: 200
X-Retry-Count: 0
Host: catalinahub.com
Content-Length: 567
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" version="1.3.25.215" ismachine="0" sessionid="{3E1E2330-AF38-456D-91EB-F5AE44B9A20B}" userid="{84E50249-9AF3-4FF9-BF29-E4BBF87ECACE}" installsource="taggedmi" testsource="auto" requestid="{23C4F9F4-B6C8-47EE-855A-7DC5186C6268}"><os platform="win" version="5.1" sp="Service Pack 3" arch="x86"/><app appid="{92F8A219-E740-49D5-B785-B962AD819724}" version="" nextversion="" buildtype="1" lang="en" brand="" client="" installage="-1" iid="{B856E50C-E696-476C-B31E-A3B6B9C0D96F}"><updatecheck/></app></request>
HTTP/1.1 200 OK
Date: Fri, 27 Feb 2015 18:30:42 GMT
Server: Apache-Coyote/1.1
Content-Type: application/xml;charset=UTF-8
Connection: close
Transfer-Encoding: chunked
2a6..<?xml version="1.0" encoding="UTF-8" standalone="yes"?><response protocol="3.0" server="dist"><dayStart elapsed_seconds="66642"/><app appid="{92F8A219-E740-49D5-B785-B962AD819724}" status="ok"><updatecheck status="ok"><urls><url codebase="hXXp://static.citrio.com/download/"/></urls><manifest version="40.0.2214.250"><packages><package hash="e j641Pk9x3Db9XzFsa5f6zZKok=" name="citrio_40.0.2214.250_1.exe" required="true" size="55189904"/></packages><actions><action arguments="--chrome --do-not-launch-chrome" event="install" run="citrio_40.0.2214.250_1.exe"/><action event="postinstall" onsuccess="exitsilentlyonlaunchcmd"/></actions></manifest></updatecheck></app></response>..0..
GET /download/citrio_40.0.2214.250_1.exe HTTP/1.1
Accept: */*
Accept-Encoding: identity
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
User-Agent: Microsoft BITS/6.7
Host: static.citrio.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 27 Feb 2015 14:02:06 GMT
Server: Apache-Coyote/1.1
ETag: W/"55189904-1424786513000"
Last-Modified: Tue, 24 Feb 2015 14:01:53 GMT
Content-Type: application/octet-stream;charset=UTF-8
Age: 16120
Content-Length: 55189904
Connection: close
Accept-Ranges: bytes
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............]...]...]...]...]9.K]...]...]...]..)]...]..e]...]..,]...]Rich...]........PE..L...0S.T................."....I......!.......@....@..........................`J.....f.J......................................P..P....`..x.I...........J......PJ.p.......8............................................P...............................text...t!.......".................. ..`.data........@......................@....idata.......P.......&..............@..@.rsrc...x.I..`....I..,..............@..@.reloc..p....PJ.......J.............@..B....................................................................................................................................................................................................................................................................................................................................................................................0S.T........g...L...L.......0S.T....................{.9.2.F.8.A.2.1.9.-.E.7.4.0.-.4.9.D.5.-.B.7.8.5.-.B.9.6.2.A.D.8.1.9.7.2.4.}.....{.E.9.F.2.4.A.7.C.-.1.3.C.A.-.4.2.F.B.-.A.4.D.9.-.7.9.C.3.C.9.D.2.1.B.2.8.}.....{.0.1.0.5.E.A.0.2.-.8.0.2.D.-.4.B.3.7.-.8.1.6.1.-.4.E.D.2.5.C.4.9.3.2.6.6.}.....{.D.E.2.8.A.2.E.A.-.7.7.F.A.-.4.F.2.B.-.8.2.5.2.-.C.3.B.5.8.4.4.F.6.4.5.5.}.....{.F.0.B.5.0.D.5.A.-.4.B.B.A.-.4.5.1.4.-.A.D.2.C.-.E.B.A.5.0.C.2.9.C.4.6.0.}.....-.-.c.h.r.o.m.e.-.s.x.s.....-.-.c.h.r.o.m.e.....-.-.c.h.
<<< skipped >>>
HEAD /download/citrio_40.0.2214.250_1.exe HTTP/1.1
Accept: */*
Accept-Encoding: identity
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
User-Agent: Microsoft BITS/6.7
Host: static.citrio.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 27 Feb 2015 14:02:06 GMT
Server: Apache-Coyote/1.1
ETag: W/"55189904-1424786513000"
Last-Modified: Tue, 24 Feb 2015 14:01:53 GMT
Content-Type: application/octet-stream;charset=UTF-8
Age: 16118
Content-Length: 55189904
Connection: close
POST /update/ping HTTP/1.1
User-Agent: Google Update/1.3.25.215;winhttp
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
Host: catalinahub.com
Content-Length: 613
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" version="1.3.25.215" ismachine="0" sessionid="{3E1E2330-AF38-456D-91EB-F5AE44B9A20B}" userid="{84E50249-9AF3-4FF9-BF29-E4BBF87ECACE}" installsource="taggedmi" testsource="auto" requestid="{B3E02252-BF34-4654-B467-DBCB93D47ED2}"><os platform="win" version="5.1" sp="Service Pack 3" arch="x86"/><app appid="{6C598730-F715-407B-A7AE-A8F10D0F8FA7}" version="" nextversion="1.3.25.215" buildtype="" lang="en" brand="" client="" iid="{B856E50C-E696-476C-B31E-A3B6B9C0D96F}"><event eventtype="2" eventresult="1" errorcode="0" extracode1="0"/></app></request>
HTTP/1.1 200 OK
Date: Fri, 27 Feb 2015 18:30:40 GMT
Server: Apache-Coyote/1.1
Content-Type: application/xml;charset=UTF-8
Connection: close
Transfer-Encoding: chunked
e6..<?xml version="1.0" encoding="UTF-8" standalone="yes"?><response protocol="3.0" server="dist"><dayStart elapsed_seconds="66640"/><app appid="{6C598730-F715-407B-A7AE-A8F10D0F8FA7}" status="ok"><event status="ok"/></app></response>..0..
POST /update/check?w=3:n5cHmC1Lyn5ne8SUtlLZ5TBY1Q6jcRa2_Sk-eH9vBDrXRS7zRTAVEmyB6xhXCrdzgva7UT30pVjlwNNPLUsVDELYV-To_Z_X2o-p8PgZ2rvOuMYEqUvF4J02ISmPEru3SJUoes4_kqfqZV4tWHJbSipcTnitr-uTWCDb-r82jI8 HTTP/1.1
User-Agent: Google Update/1.3.25.215;winhttp;cup
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
If-Match: "ohBJAs6-gO9eGV_HWISpsEvzohk"
Host: catalinahub.com
Content-Length: 567
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" version="1.3.25.215" ismachine="0" sessionid="{3E1E2330-AF38-456D-91EB-F5AE44B9A20B}" userid="{84E50249-9AF3-4FF9-BF29-E4BBF87ECACE}" installsource="taggedmi" testsource="auto" requestid="{23C4F9F4-B6C8-47EE-855A-7DC5186C6268}"><os platform="win" version="5.1" sp="Service Pack 3" arch="x86"/><app appid="{92F8A219-E740-49D5-B785-B962AD819724}" version="" nextversion="" buildtype="1" lang="en" brand="" client="" installage="-1" iid="{B856E50C-E696-476C-B31E-A3B6B9C0D96F}"><updatecheck/></app></request>
HTTP/1.1 200 OK
Date: Fri, 27 Feb 2015 18:30:42 GMT
Server: Apache-Coyote/1.1
Content-Type: application/xml;charset=UTF-8
Connection: close
Transfer-Encoding: chunked
2a6..<?xml version="1.0" encoding="UTF-8" standalone="yes"?><response protocol="3.0" server="dist"><dayStart elapsed_seconds="66642"/><app appid="{92F8A219-E740-49D5-B785-B962AD819724}" status="ok"><updatecheck status="ok"><urls><url codebase="hXXp://static.citrio.com/download/"/></urls><manifest version="40.0.2214.250"><packages><package hash="e j641Pk9x3Db9XzFsa5f6zZKok=" name="citrio_40.0.2214.250_1.exe" required="true" size="55189904"/></packages><actions><action arguments="--chrome --do-not-launch-chrome" event="install" run="citrio_40.0.2214.250_1.exe"/><action event="postinstall" onsuccess="exitsilentlyonlaunchcmd"/></actions></manifest></updatecheck></app></response>..0..
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_1036:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
operator
operator
mi_exe_stub.pdb
mi_exe_stub.pdb
GetCPInfo
GetCPInfo
KERNEL32.dll
KERNEL32.dll
SHLWAPI.dll
SHLWAPI.dll
GetProcessHeap
GetProcessHeap
ole32.dll
ole32.dll
USER32.dll
USER32.dll
c:\%original file name%.exe
c:\%original file name%.exe
7&ftP
7&ftP
4.Ppi
4.Ppi
1.Mx.e
1.Mx.e
y.Ar`
y.Ar`
%X/|0
%X/|0
P@5=%d
P@5=%d
.uBSQ
.uBSQ
Ja%F' LG3R
Ja%F' LG3R
Xgl.ES
Xgl.ES
d".qp
d".qp
)p.Rq
)p.Rq
X:\.f
X:\.f
.Pz ;
.Pz ;
^%FT7
^%FT7
lWB%S
lWB%S
X;.RG
X;.RG
x%9s\
x%9s\
v.ls?
v.ls?
TBs.Vz
TBs.Vz
=q6%D
=q6%D
t%1Xg
t%1Xg
N7N.rta
N7N.rta
%U:NT
%U:NT
?.NLp
?.NLp
t#$%S
t#$%S
a.mW3
a.mW3
_%F!R
_%F!R
.yBoo
.yBoo
.UfX~
.UfX~
L%u`=m=W
L%u`=m=W
M0.aZ
M0.aZ
.Mc0W
.Mc0W
o0.NJ
o0.NJ
TßR!
TßR!
C%Fn'6
C%Fn'6
.zfqLg
.zfqLg
%x$/a44
%x$/a44
EFTP
EFTP
*_r.Cd
*_r.Cd
k.lhx
k.lhx
pK.gJ
pK.gJ
:sssh
:sssh
7:
7:
: :%:/:=:}:
: :%:/:=:}:
3'3,30343]3
3'3,30343]3
mscoree.dll
mscoree.dll
KERNEL32.DLL
KERNEL32.DLL
appguid={92F8A219-E740-49D5-B785-B962AD819724}&installerargs=--make-chrome-default
appguid={92F8A219-E740-49D5-B785-B962AD819724}&installerargs=--make-chrome-default
Windows 2000 Service Pack 4
Windows 2000 Service Pack 4
Windows 2000
Windows 2000
lador de %1!s! requereix Windows 2000 amb Service Pack 4 o una versi
lador de %1!s! requereix Windows 2000 amb Service Pack 4 o una versi
m Windows 2000 Service Pack 4 nebo nov
m Windows 2000 Service Pack 4 nebo nov
ver Windows 2000 Service Pack 4 eller bedre.
ver Windows 2000 Service Pack 4 eller bedre.
r den %1!s!-Installer wird Windows 2000 Service Pack 4 oder h
r den %1!s!-Installer wird Windows 2000 Service Pack 4 oder h
Unknown Installer ErrorTInstallation failed. %1!s! Installer requires Windows 2000 Service Pack 4 or better.
Unknown Installer ErrorTInstallation failed. %1!s! Installer requires Windows 2000 Service Pack 4 or better.
Windows 2000 Service Pack 4:n tai uudemman.
Windows 2000 Service Pack 4:n tai uudemman.
cessite Windows
cessite Windows
je Windows 2000 Service Pack 4-et vagy frissebb verzi
je Windows 2000 Service Pack 4-et vagy frissebb verzi
krefst Windows 2000
krefst Windows 2000
Google#Programma di installazione di %1!s!!Errore sconosciuto dell'installertInstallazione non riuscita. Il programma di installazione di %1!s! richiede Windows 2000 Service Pack 4 o superiore.
Google#Programma di installazione di %1!s!!Errore sconosciuto dell'installertInstallazione non riuscita. Il programma di installazione di %1!s! richiede Windows 2000 Service Pack 4 o superiore.
Installatieprogramma van %1!s!'Onbekende fout van installatieprogrammasDe installatie is mislukt. Voor het installatieprogramma van %1!s! is Windows 2000 Service Pack 4 of hoger vereist.
Installatieprogramma van %1!s!'Onbekende fout van installatieprogrammasDe installatie is mislukt. Voor het installatieprogramma van %1!s! is Windows 2000 Service Pack 4 of hoger vereist.
Ukjent installasjonsfeilgInstallasjonen mislyktes. %1!s! installasjonsprogrammet krever Windows 2000 Service Pack 4 eller nyere.
Ukjent installasjonsfeilgInstallasjonen mislyktes. %1!s! installasjonsprogrammet krever Windows 2000 Service Pack 4 eller nyere.
. Instalator %1!s! wymaga systemu Windows 2000 z dodatkiem Service Pack 4 lub nowszego.
. Instalator %1!s! wymaga systemu Windows 2000 z dodatkiem Service Pack 4 lub nowszego.
o. O instalador do %1!s! requer o Windows 2000 Service Pack 4 ou posterior.
o. O instalador do %1!s! requer o Windows 2000 Service Pack 4 ou posterior.
it. %1!s! Programul de instalare are nevoie de Windows 2000 Service Pack 4 sau de o versiune superioar
it. %1!s! Programul de instalare are nevoie de Windows 2000 Service Pack 4 sau de o versiune superioar
ka alata za instalacijulInstalacija nije uspjela. Za instalacijski program %1!s! potreban je Windows 2000 Service Pack 4 ili noviji.
ka alata za instalacijulInstalacija nije uspjela. Za instalacijski program %1!s! potreban je Windows 2000 Service Pack 4 ili noviji.
m Windows 2000 Service Pack 4 alebo nov
m Windows 2000 Service Pack 4 alebo nov
ver Windows 2000 Service Pack 4 eller b
ver Windows 2000 Service Pack 4 eller b
kleyicisi Windows 2000 Hizmet Paketi 4 veya sonras
kleyicisi Windows 2000 Hizmet Paketi 4 veya sonras
Program pemasang %1!s!!Kesalahan Installer Tak DiketahuiePemasangan gagal. Program pemasang %1!s! memerlukan Windows 2000 Service Pack 4 atau yang lebih baik.
Program pemasang %1!s!!Kesalahan Installer Tak DiketahuiePemasangan gagal. Program pemasang %1!s! memerlukan Windows 2000 Service Pack 4 atau yang lebih baik.
na. Za namestitveni program za %1!s! potrebujete Windows 2000 s servisnim paketom SP 4 ali novej
na. Za namestitveni program za %1!s! potrebujete Windows 2000 s servisnim paketom SP 4 ali novej
uab rakendust Windows 2000 hoolduspakett 4 v
uab rakendust Windows 2000 hoolduspakett 4 v
ama Windows
ama Windows
Windows 2000
Windows 2000
u Windows 2000 G
u Windows 2000 G
Pemasang %1!s!#Ralat Pemasang yang Tidak Diketahui]Pemasangan gagal. Pemasang %1!s! memerlukan Windows 2000 Service Pack 4 atau yang lebih baik.
Pemasang %1!s!#Ralat Pemasang yang Tidak Diketahui]Pemasangan gagal. Pemasang %1!s! memerlukan Windows 2000 Service Pack 4 atau yang lebih baik.
Kisakinishi cha %1!s!%Hitilafu ya Kisakinishi Isiyojulikana_Usakinishaji haukufaulu. Kisakinishi cha %1!s! kinahitaji Windows 2000 Service Pack 4 au zaidi.
Kisakinishi cha %1!s!%Hitilafu ya Kisakinishi Isiyojulikana_Usakinishaji haukufaulu. Kisakinishi cha %1!s! kinahitaji Windows 2000 Service Pack 4 au zaidi.
. Windows 2000
. Windows 2000
Installer ng %1!s! Hindi Alam na Error ng InstallerlNabigo ang pag-install. Nangangailangan ang Installer ng %1!s! ng Windows 2000 Service Pack 4 o mas mahusay.
Installer ng %1!s! Hindi Alam na Error ng InstallerlNabigo ang pag-install. Nangangailangan ang Installer ng %1!s! ng Windows 2000 Service Pack 4 o mas mahusay.
n. %1!s! El instalador requiere Windows 2000 Service Pack 4 o superior.
n. %1!s! El instalador requiere Windows 2000 Service Pack 4 o superior.
o %1!s! necessita do Windows 2000 Service Pack 4 ou superior.
o %1!s! necessita do Windows 2000 Service Pack 4 ou superior.
n. %1!s! Installer requiere Windows 2000 Service Pack 4 o versiones posteriores.
n. %1!s! Installer requiere Windows 2000 Service Pack 4 o versiones posteriores.
1.3.25.215
1.3.25.215
CatalinaUpdateSetup.exe
CatalinaUpdateSetup.exe
CatalinaUpdate.exe_152:
.text
.text
`.data
`.data
.text/DE
.text/DE
@.rsrc
@.rsrc
@.reloc
@.reloc
SHELL32.dll
SHELL32.dll
USER32.dll
USER32.dll
SHLWAPI.dll
SHLWAPI.dll
WINTRUST.dll
WINTRUST.dll
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
operator
operator
CatalinaUpdate_unsigned.pdb
CatalinaUpdate_unsigned.pdb
RegOpenKeyExW
RegOpenKeyExW
ADVAPI32.dll
ADVAPI32.dll
KERNEL32.dll
KERNEL32.dll
ole32.dll
ole32.dll
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
publicKeyToken="6595b64144ccf1df"
###7777_{
###7777_{
###____777
###____777
###````87{
###````87{
3 3$3(3,30343~3
3 3$3(3,30343~3
5 5$5(5,5
5 5$5(5,5
?$?(?,?4?
?$?(?,?4?
= =$=@=`=
= =$=@=`=
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\GUM1.tmp\CatalinaUpdate.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\GUM1.tmp\CatalinaUpdate.exe
KERNEL32.DLL
KERNEL32.DLL
mscoree.dll
mscoree.dll
goopdate.dll
goopdate.dll
CatalinaUpdate.exe
CatalinaUpdate.exe
Software\CatalinaGroup\Update\Clients\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}
Software\CatalinaGroup\Update\Clients\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}
1.3.25.215
1.3.25.215
2007-2010
2007-2010
2007-2010
2007-2010
CatalinaUpdate.exe_636:
.text
.text
`.data
`.data
.text/DE
.text/DE
@.rsrc
@.rsrc
@.reloc
@.reloc
SHELL32.dll
SHELL32.dll
USER32.dll
USER32.dll
SHLWAPI.dll
SHLWAPI.dll
WINTRUST.dll
WINTRUST.dll
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
operator
operator
CatalinaUpdate_unsigned.pdb
CatalinaUpdate_unsigned.pdb
RegOpenKeyExW
RegOpenKeyExW
ADVAPI32.dll
ADVAPI32.dll
KERNEL32.dll
KERNEL32.dll
ole32.dll
ole32.dll
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
publicKeyToken="6595b64144ccf1df"
###7777_{
###7777_{
###____777
###____777
###````87{
###````87{
3 3$3(3,30343~3
3 3$3(3,30343~3
5 5$5(5,5
5 5$5(5,5
?$?(?,?4?
?$?(?,?4?
= =$=@=`=
= =$=@=`=
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\CatalinaUpdate.exe
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\CatalinaUpdate.exe
KERNEL32.DLL
KERNEL32.DLL
mscoree.dll
mscoree.dll
goopdate.dll
goopdate.dll
CatalinaUpdate.exe
CatalinaUpdate.exe
Software\CatalinaGroup\Update\Clients\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}
Software\CatalinaGroup\Update\Clients\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}
1.3.25.215
1.3.25.215
2007-2010
2007-2010
2007-2010
2007-2010
CatalinaUpdate.exe_1976:
.text
.text
`.data
`.data
.text/DE
.text/DE
@.rsrc
@.rsrc
@.reloc
@.reloc
SHELL32.dll
SHELL32.dll
USER32.dll
USER32.dll
SHLWAPI.dll
SHLWAPI.dll
WINTRUST.dll
WINTRUST.dll
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
operator
operator
CatalinaUpdate_unsigned.pdb
CatalinaUpdate_unsigned.pdb
RegOpenKeyExW
RegOpenKeyExW
ADVAPI32.dll
ADVAPI32.dll
KERNEL32.dll
KERNEL32.dll
ole32.dll
ole32.dll
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
publicKeyToken="6595b64144ccf1df"
###7777_{
###7777_{
###____777
###____777
###````87{
###````87{
3 3$3(3,30343~3
3 3$3(3,30343~3
5 5$5(5,5
5 5$5(5,5
?$?(?,?4?
?$?(?,?4?
= =$=@=`=
= =$=@=`=
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\CatalinaUpdate.exe
%Documents and Settings%\%current user%\Local Settings\Application Data\CatalinaGroup\Update\CatalinaUpdate.exe
KERNEL32.DLL
KERNEL32.DLL
mscoree.dll
mscoree.dll
goopdate.dll
goopdate.dll
CatalinaUpdate.exe
CatalinaUpdate.exe
Software\CatalinaGroup\Update\Clients\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}
Software\CatalinaGroup\Update\Clients\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}
1.3.25.215
1.3.25.215
2007-2010
2007-2010
2007-2010
2007-2010