Yeah I had a go. It installs malware (glb57.tmp) into your comp and you get a heap of warning boxes telling you your computer is being contacted by who knows who.
The game looked like a 16 bit converstion run on the worst emulator ever in fullscreen.
What we know about GLB57.TMP:
GLB57.TMP
AUTOMATED MALWARE PROFILE, ANALYSIS, REMOVAL AND SIGNATURE INFORMATION:
DEFINITION OF: GLB57.TMP
Safety Rating: Known Malware, do not run
Malware Family: Part of Malware group - Malware
Determination: Automatically determined using Prevx centralized heuristics
Malware Form: EXPLOIT
Protection: Prevx provides powerful security products that you can use to detect, remove and protect you from GLB57.TMP and safeguard your PC against viruses, trojans, worms, spyware, rootkits and adware
Why risk having spyware on your PC when it takes less than 2 minutes to thoroughly check it with Prevx CSI? Click here to check your PC with Prevx CSI Now.
First seen: May 11 2006 (GMT)
Last seen: May 11 2006 (GMT)
File Size: 71,680 bytes
MALWARE ASSESSMENT: PREVX 4 AXES OF EVIL METHODOLOGY1. COVERT ANALYSIS OF: GLB57.TMP
File Names Used: 53
Paths Used: 34
Common File Name: GLB57.TMP
Common Path: %TEMP%\
Vendor Information: No Vendor details specified
GLB57.TMP may use 53 or more path and file names, these are the most common:
1 :%profiles%\abe 1\local settings\temp\GLB1.TMP
2 :%PROFILES%\ADMINISTRATOR\LOCAL SETTINGS\TEMP\GLB4.TMP
3 :%PROFILES%\ADMINISTRATOR\LOCAL SETTINGS\TEMP\GLBC4.TMP
4 :%profiles%\andrew & judith\local settings\temp\GLBB6.TMP
5 :%profiles%\corrina\local settings\temp\GLB2C.TMP
6 :%profiles%\desktop\local settings\temp\GLB6E.TMP
7 :%profiles%\freedom\local settings\temp\GLBE3.TMP
8 :%profiles%\hp_administrator\local settings\temp\GLBD1.TMP
9 :%profiles%\jen & gordy\local settings\temp\GLB39.TMP
10:%profiles%\jim storey\local settings\temp\GLBBB.TMP
11:%profiles%\julien\local settings\temp\GLBB.TMP
12:%PROFILES%\KEVIN\LOCAL SETTINGS\TEMP\GLB12F.TMP
13:%profiles%\madebiyi\local settings\temp\GLBA5.TMP
14:%PROFILES%\MICHAEL\LOCAL SETTINGS\TEMP\GLB39.TMP
15:%profiles%\min\local settings\temp\GLBE
File Name Structure: Common
File and Path Structure: Suspicious, code execution from unusual location
2. RELATIONSHIP ANALYSIS OF: GLB57.TMP
Malicious Objects Created: 2 objects
Malicious Creators: None
Malware Run Keys: None
Self Persists:
Antivirus Detection: No third party antivirus detection observed
Anti-Spyware Detection: No third party anti-spyware detection observed
3. ACTIVITY ANALYSIS OF: GLB57.TMP
The following behaviors have been observed for this object:
Installs programs.
Deletes programs.
Invokes dll components.
Runs other programs.
Communicates with web sites using httpout protocols.
Changes file execution mappings.
Has outbound communications.
Creates registry entries.
Creates known malware.
4. PROPAGATION ANALYSIS OF: GLB57.TMP
Malware Group Propagation Rate: Moderate (spreading)
Malware Group: Malware
Copyright Prevx Limited 2005, 2006
Other versions of GLB57.TMP
