Skip navigation.

IE-Browser Help Object with Firefox and Opera references



I just uploaded a BHO (MD5: 322ab91452d2af1db1f5ae6d0f6db39e) which was installed by a dropper (MD5: 89563767600b8edd219bc70883516abe) which was executed by the latest Quicktime-Exploit.

I am no RE expert but while analyzing the BHO I found a reference to Opera and Firefox. The main purpose seems to be collecting passwords an sending them to this address: hxxp://

Can anyone please have a look and tell me what the IE BHO tries to accomplish with Opera and Firefox?

Thanks in advance,

Hi,Very interesting BHO.

Very interesting BHO. Can you unveil your findings till now? I'll try to RE too. Thank you. Can't make the dropper download his files yet (VMware and VirtualBox, I'll try Bochs or QEMU though).