NextUp

Kategorie: Adware und PUAs Schutz verfügbar seit:17 Jun 2014 04:05:17 (GMT)
Typ: Unspecified PUA Zuletzt aktualisiert:13 Dez 2014 04:07:31 (GMT)

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

NextUp is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of NextUp include:

Example 1

File Information

Size
595K
SHA-1
0a61d7a6ba046a4b712f33053cdd625ae85c8eac
MD5
773d5223965af306b994908719a1d191
CRC-32
b91904a8
File type
Windows executable
First seen
2014-07-09

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\3B6E683A7A45CC59BF035C9BA8C7AB9D
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\1F356F4D07FE8C483E769E4586569404
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\B69D763EB21649DA26F20618312DEE70
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\1F356F4D07FE8C483E769E4586569404
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Size
    53K
    SHA-1
    db88a832074cf222b498eef018e2b4a056456f93
    MD5
    f44363d23cd082c1a99eb91d33e1c927
    CRC-32
    1b37c2c8
    File type
    Microsoft CAB archive
    First seen
    2014-03-12
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\3B6E683A7A45CC59BF035C9BA8C7AB9D
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\B69D763EB21649DA26F20618312DEE70
Modified Files
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868
    Blob
    □□□□□□□□□□□□@□□□□□ □□0□□□C□@h□□x□pi□□□□@[□□□□□h□□□□□□□□□□□□□□□□□□□`□□□<□□□□0□□□□□□e□06□□U□□□□□□□□□□□□□@□□□□□P□□0□□P□□ □□@□□ □□P□□0□□@□□□□□@□□□□□□□□□□□@□□□□□□□□□z□@□□`□□□□□`T□□□□□□□@□□@□□ □□□□□□□□□□□□□□□□□□□@Q□□"□□□□□□□□□□□C□Pv□p□□□□□□□□@□□□□□□e□□m□□□□0□□□□□□□□□□□`□□□□□□$□□"□`□□□□□□□□□□□□□□ □□P□□□□□□□□`□□□□□□□□□□□p<□□□□0□□□□□□□□□□□□□□□□□@□□□□□□R□`□□□□□□□□P□□0□□`□□□□□□□□P□□0□□`□□□□□□□□P□□0□□`□□□□□□□□P□□0□□`□□□□□□□□P□□0□□`□□□□□□□□□□□p□□0□□`□□□□□□□□P□□0□□`□□□□□□□□P□□0□□□□□□□□□□□□□□□□□□□□□□□@6□□□□0□□□□□ □□ □□□□□□□□`□□□□□□□□p□□□□□P□□□0□□1□□0□□□□0U□@□□0□□0E□□□□□□□`□□P□□□□□□A□@d□@r□Ps□@ □□B□□&□□$□`□□P□□□□□□A□@d□@r□Ps□@ □Px□@e□ n□□l□□T□@P□□N□Pt□po□ k□□"□□ □`□□P□□0□□□A□@d□@r□Ps□@ □Px□@e□ n□□l□□C□□ □ o□□t□□□□p□□□0□□5□00□□0□@8□08□□□□□2□□0□P3□□1□□4□□3□□Z□□o□□□□□□□`□□P□□ [... 1152 intervening characters ...] `□□□□□□□□`□□0□□`□□0~□□{□p□□□@□□j□□□□□□□`□□□□□ □□□□□P□□□□□ !□□□□□C□□□□p|□□$□□□□□□□0□□□V□□1□□□□@q□□□□□□□□□□□.□□□□□□□0□□□1□□D□□□□@s□□v□□□□p□□□□□□k□□□□□L□□Z□□y□□ □□.□P□□0&□□U□ □□□□□pZ□□□□□□□□N□`□□
HTTP Requests
  • http://crl.comodoca.com/COMODOCodeSigningCA2.crl
  • http://crl.usertrust.com/AddTrustExternalCARoot.crl
  • http://crl.usertrust.com/UTN-USERFirst-Object.crl
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
DNS Requests
  • crl.comodoca.com
  • crl.usertrust.com
  • inst.nextupsw.com
  • www.download.windowsupdate.com

Example 2

File Information

Size
595K
SHA-1
13465ca0596d033a0e4ea477b0fe488839d8e9cb
MD5
fc7357fbc9ab760040eef97b36c4467b
CRC-32
71877b8e
File type
Windows executable
First seen
2014-06-07

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\1F356F4D07FE8C483E769E4586569404
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\3B6E683A7A45CC59BF035C9BA8C7AB9D
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\B69D763EB21649DA26F20618312DEE70
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Size
    53K
    SHA-1
    db88a832074cf222b498eef018e2b4a056456f93
    MD5
    f44363d23cd082c1a99eb91d33e1c927
    CRC-32
    1b37c2c8
    File type
    Microsoft CAB archive
    First seen
    2014-03-12
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\1F356F4D07FE8C483E769E4586569404
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\3B6E683A7A45CC59BF035C9BA8C7AB9D
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\B69D763EB21649DA26F20618312DEE70
Modified Files
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868
    Blob
    □□□□□□□□□□□□@□□□□□ □□0□□□C□@h□□x□pi□□□□@[□□□□□h□□□□□□□□□□□□□□□□□□□`□□□<□□□□0□□□□□□e□06□□U□□□□□□□□□□□□□@□□□□□P□□0□□P□□ □□@□□ □□P□□0□□@□□□□□@□□□□□□□□□□□@□□□□□□□□□z□@□□`□□□□□`T□□□□□□□@□□@□□ □□□□□□□□□□□□□□□□□□□@Q□□"□□□□□□□□□□□C□Pv□p□□□□□□□□@□□□□□□e□□m□□□□0□□□□□□□□□□□`□□□□□□$□□"□`□□□□□□□□□□□□□□ □□P□□□□□□□□`□□□□□□□□□□□p<□□□□0□□□□□□□□□□□□□□□□□@□□□□□□R□`□□□□□□□□P□□0□□`□□□□□□□□P□□0□□`□□□□□□□□P□□0□□`□□□□□□□□P□□0□□`□□□□□□□□P□□0□□`□□□□□□□□□□□p□□0□□`□□□□□□□□P□□0□□`□□□□□□□□P□□0□□□□□□□□□□□□□□□□□□□□□□□@6□□□□0□□□□□ □□ □□□□□□□□`□□□□□□□□p□□□□□P□□□0□□1□□0□□□□0U□@□□0□□0E□□□□□□□`□□P□□□□□□A□@d□@r□Ps□@ □□B□□&□□$□`□□P□□□□□□A□@d□@r□Ps□@ □Px□@e□ n□□l□□T□@P□□N□Pt□po□ k□□"□□ □`□□P□□0□□□A□@d□@r□Ps□@ □Px□@e□ n□□l□□C□□ □ o□□t□□□□p□□□0□□5□00□□0□@8□08□□□□□2□□0□P3□□1□□4□□3□□Z□□o□□□□□□□`□□P□□ [... 1152 intervening characters ...] `□□□□□□□□`□□0□□`□□0~□□{□p□□□@□□j□□□□□□□`□□□□□ □□□□□P□□□□□ !□□□□□C□□□□p|□□$□□□□□□□0□□□V□□1□□□□@q□□□□□□□□□□□.□□□□□□□0□□□1□□D□□□□@s□□v□□□□p□□□□□□k□□□□□L□□Z□□y□□ □□.□P□□0&□□U□ □□□□□pZ□□□□□□□□N□`□□
HTTP Requests
  • http://crl.comodoca.com/COMODOCodeSigningCA2.crl
  • http://crl.usertrust.com/AddTrustExternalCARoot.crl
  • http://crl.usertrust.com/UTN-USERFirst-Object.crl
  • http://inst.nextupsw.com/a/878433C5-39F1-4FBF-8D3E-FB9426F868E8/
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
DNS Requests
  • crl.comodoca.com
  • crl.usertrust.com
  • inst.nextupsw.com
  • www.download.windowsupdate.com

Example 3

File Information

Size
597K
SHA-1
134e9e9ce39d6efb7e80bb3689cb528ae6559658
MD5
84cc6adcbe1d64521a04bd118b2dee27
CRC-32
a5432781
File type
Windows executable
First seen
2014-07-26

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\3B6E683A7A45CC59BF035C9BA8C7AB9D
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\B69D763EB21649DA26F20618312DEE70
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\B69D763EB21649DA26F20618312DEE70
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\1F356F4D07FE8C483E769E4586569404
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Size
    53K
    SHA-1
    db88a832074cf222b498eef018e2b4a056456f93
    MD5
    f44363d23cd082c1a99eb91d33e1c927
    CRC-32
    1b37c2c8
    File type
    Microsoft CAB archive
    First seen
    2014-03-12
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\3B6E683A7A45CC59BF035C9BA8C7AB9D
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\1F356F4D07FE8C483E769E4586569404
Modified Files
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868
    Blob
    □□□□□□□□□□□□@□□□□□ □□0□□□C□@h□□x□pi□□□□@[□□□□□h□□□□□□□□□□□□□□□□□□□`□□□<□□□□0□□□□□□e□06□□U□□□□□□□□□□□□□@□□□□□P□□0□□P□□ □□@□□ □□P□□0□□@□□□□□@□□□□□□□□□□□@□□□□□□□□□z□@□□`□□□□□`T□□□□□□□@□□@□□ □□□□□□□□□□□□□□□□□□□@Q□□"□□□□□□□□□□□C□Pv□p□□□□□□□□@□□□□□□e□□m□□□□0□□□□□□□□□□□`□□□□□□$□□"□`□□□□□□□□□□□□□□ □□P□□□□□□□□`□□□□□□□□□□□p<□□□□0□□□□□□□□□□□□□□□□□@□□□□□□R□`□□□□□□□□P□□0□□`□□□□□□□□P□□0□□`□□□□□□□□P□□0□□`□□□□□□□□P□□0□□`□□□□□□□□P□□0□□`□□□□□□□□□□□p□□0□□`□□□□□□□□P□□0□□`□□□□□□□□P□□0□□□□□□□□□□□□□□□□□□□□□□□@6□□□□0□□□□□ □□ □□□□□□□□`□□□□□□□□p□□□□□P□□□0□□1□□0□□□□0U□@□□0□□0E□□□□□□□`□□P□□□□□□A□@d□@r□Ps□@ □□B□□&□□$□`□□P□□□□□□A□@d□@r□Ps□@ □Px□@e□ n□□l□□T□@P□□N□Pt□po□ k□□"□□ □`□□P□□0□□□A□@d□@r□Ps□@ □Px□@e□ n□□l□□C□□ □ o□□t□□□□p□□□0□□5□00□□0□@8□08□□□□□2□□0□P3□□1□□4□□3□□Z□□o□□□□□□□`□□P□□ [... 1152 intervening characters ...] `□□□□□□□□`□□0□□`□□0~□□{□p□□□@□□j□□□□□□□`□□□□□ □□□□□P□□□□□ !□□□□□C□□□□p|□□$□□□□□□□0□□□V□□1□□□□@q□□□□□□□□□□□.□□□□□□□0□□□1□□D□□□□@s□□v□□□□p□□□□□□k□□□□□L□□Z□□y□□ □□.□P□□0&□□U□ □□□□□pZ□□□□□□□□N□`□□
HTTP Requests
  • http://crl.comodoca.com/COMODOCodeSigningCA2.crl
  • http://crl.usertrust.com/AddTrustExternalCARoot.crl
  • http://crl.usertrust.com/UTN-USERFirst-Object.crl
  • http://inst.nextupsw.com/a/10289880-8AFF-0836-C052-251D973C9AA4/
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
DNS Requests
  • crl.comodoca.com
  • crl.usertrust.com
  • inst.nextupsw.com
  • www.download.windowsupdate.com

Download Sophos Produkte kostenlos testen
Jetzt downloaden