2014-03-24, 19:01
Warning!
Something seems fishie here!
My firewall is blocking installation of addon as its detected as a virus!
XBMC.LOG
Error 22 is generated as my firewall is dropping the connection
Firewall log:
Virustotal is not able to find anything wrong, however WildFire APT indeed classifies it as malware when ran in the VM sandbox
This is what it found:
Something seems fishie here!
My firewall is blocking installation of addon as its detected as a virus!
XBMC.LOG
Quote:CFileCache::Open - opening <svn/trunk/plugin.video.netflixbmc/resources/NetfliXBMC_Utility.exe> using cache
17:55:10 T:4595425280 DEBUG: CurlFile::Open(0x105e319e0) http://addonscriptorde-beta-repo.googlec...tility.exe
17:55:10 T:4595425280 ERROR: CCurlFile::FillBuffer - Failed: HTTP response code said error(22)
17:55:10 T:4595425280 NOTICE: CCurlFile::FillBuffer - Reconnect, (re)try 1
17:55:10 T:4595425280 ERROR: CCurlFile::FillBuffer - Failed: HTTP response code said error(22)
Error 22 is generated as my firewall is dropping the connection
Firewall log:
Quote:Threat Details
Threat Type virus
Threat Name Virus/Win32.WGeneric.cfdee
ID 2943361
Severity medium
Repeat Count 2
URL NetfliXBMC_Utility.exe
Pcap ID 0
Virustotal is not able to find anything wrong, however WildFire APT indeed classifies it as malware when ran in the VM sandbox
This is what it found:
Quote:Behavioral Summary
This sample was found to be malware on this virtual machine.
Behavior
Created a file in the Windows folder
Created an executable file in a user document folder
Spawned new processes
Crashed when loaded
Synthesized a keystroke or mouse click
Modified Windows registries
Changed security settings of Internet Explorer
Changed the proxy settings for Internet Explorer
Modified the network connections setting for Internet Explorer
Created or modified files
It creates a sample.exe file:
c:\documents and settings\administrator\sample.exe
C:\WINDOWS\system32\drwtsn32 -p 1556 -e 412 -g
C:\WINDOWS\system32\dwwin.exe -d C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WERdad7.dir00\manifest.txt
C:\WINDOWS\system32\dumprep.exe 1556 -dm 7 7 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WERdad7.dir00\sample.exe.hdmp 16325836412027340
C:\WINDOWS\system32\dumprep.exe 1556 -dm 7 7 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WERdad7.dir00\sample.exe.mdmp 16325836412027328
Process Activity
Child Process Action
C:\WINDOWS\system32\dumprep.exe 1556 -dm 7 7 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WERdad7.dir00\sample.exe.mdmp 16325836412027328 Create
C:\WINDOWS\system32\dumprep.exe 1556 -dm 7 7 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WERdad7.dir00\sample.exe.hdmp 16325836412027340 Create
C:\WINDOWS\system32\dwwin.exe -d C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WERdad7.dir00\manifest.txt Create
C:\WINDOWS\system32\drwtsn32 -p 1556 -e 412 -g Create
File Activity
File Action
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WERdad7.dir00\sample.exe.mdmp Create
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WERdad7.dir00\sample.exe.hdmp Create
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WERdad7.dir00\appcompat.txt Create
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WERdad7.dir00\manifest.txt Create
Registry Activity
Registry Key Value Action
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Create
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Create
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default Create
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus Create
HKEY_CURRENT_USER\NetfliXBMC_Utility Create
HKEY_LOCAL_MACHINE\Software\Microsoft\PCHealth\ErrorReporting Create
\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\ExclusionList Create
\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\InclusionList Create
\REGISTRY\USER\S-1-5-21-2052111302-1214440339-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData C:\Documents and Settings\Administrator\Application Data Set
\REGISTRY\USER\S-1-5-21-2052111302-1214440339-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files