In the bin dropper, we can see now two resources, but the new one is never saved.
Is there an error in the code ? A second dictionary that may be necessary for this new file is used to create a filename for the first file.
Dictionary: srch, sr, search, add, addon, a
Possible filename: srchadd.dll, srchaddon.dll, srcha.dll, sradd.dll, sraddon.dll, sra.dll, searchadd.dll, searchaddon.dll, searcha.dll
Registered new infection would be (if there was no error in the dropper):
O2 - BHO: SearchAddon - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\WINDOWS\System32\random.dll
This new infection acts like a Search Hijacker:
SmitfraudFix is ready to remove the infection.
