Prevx Research Division
SPLASH.EXE
WormFree PC Cleanup from Webroot
Use Webroot SecureAnywhere to remove SPLASH.EXE.
"Just when you thought it couldn't get any better or faster. The Webroot scanning engine is 'high octane' with a hidden nitrous oxide system. Bravo!!!" W. Lodzinski, SecureAnywhere User
Associated Malware Groups
The unsafe files using this name are associated with the malware groups:
- Worm
- Malicious Software
File Behavior
SPLASH.EXE has been seen to perform the following behavior:
- Executes a Process
- Can communicate with other computer systems using HTTP protocols
- Registers a Dynamic Link Library File
- Adds products to the system registry
- Enables the system to use a Communications Proxy Server
- Downloads hidden code from covert web sites
- This process creates other processes on disk
- This Process Deletes Other Processes From Disk
- Uses DNS to retrieve the IP address for web sites
- Visits web sites on your PC without you knowing
SPLASH.EXE has been the subject of the following behavior:
- Created as a process on disk
- Executed as a Process
- Deleted as a process from disk
- Downloaded from covert web sites without the user knowing
- Copied to multiple locations on the system
Country Of Origin
The filename SPLASH.EXE was first seen on Jun 11 2007 in the following geographical regions of the Webroot community:
- Taiwan on Jun 11 2007
- Spain on Jun 11 2007
- Egypt on Mar 14 2008
- Saudi Arabia on Mar 14 2008
- Iraq on Nov 23 2009
- Turkey on May 22 2012
File Name Aliases
SPLASH.EXE can also use the following file names:
- DEEPCHECKWORK./SPLASH.EXE
- 70405022.EXE
- 10433617.DAT
- 55588019.EXE
- 03325205.DAT
- 15656575.EXE
Filesizes
The following file size has been seen:
- 238,143 bytes
- 1,216,512 bytes
- 241,664 bytes
- 40,960 bytes
- 16,896 bytes
- 17,408 bytes
File Type
The filename SPLASH.EXE refers to many versions of an executable program.
File Activity
One or more files with the name SPLASH.EXE creates, deletes, copies or moves the following files and folders:
- Opens/modifes c:\autoexec.bat
- Creates c:\documents and settings\user\application data\microsoft\cryptneturlcache\metadata\904590238400AD963F77FAAAADC9BAB5
- Creates c:\documents and settings\user\application data\microsoft\cryptneturlcache\content\904590238400AD963F77FAAAADC9BAB5
Network Activity
One or more files with the name SPLASH.EXE performs the following network events:
- DNS Lookup203.66.122.37 cblupdate.chinesegamer.net
Website Activity
One or more files with the name SPLASH.EXE interacts with the following web sites and pages. Web addresses have been deliberately modified to prevent unintentional use.
- cblupdate .chinesegamer .net:5977 / version / dellist
- cblupdate .chinesegamer .net:5977 / version / version
- cblupdate .chinesegamer .net:5977 / patch
- cblupdate .chinesegamer .net:5977 / patch / filelist .200810161402 .zip
- cblupdate .chinesegamer .net:5977 / patch / Splash .exe .03220913 .zip
- TCP:127.0.0.1:1086 Port:24
- Port 80 IP:131.107.115.28
- TCP:203.66.122.37:5977 Port:23
- TCP:203.66.122.37:5977 Port:23
Help the Webroot Community to fight cyber crime
We are always looking for ways to improve the quality and speed of research to help us protect you from malicious software and cyber crime.
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.