Amonetize

Categoria: Adware e PUA Opzioni di protezione ora disponibili:12 mag 2013 07:08:39 (GMT)
Tipo: Unspecified PUA Ultimo aggiornamento:30 giu 2014 20:31:44 (GMT)

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Examples of Amonetize include:

Example 1

File Information

Size
330K
SHA-1
003b6f2c157463068a7a8ab9638380609b95c62e
MD5
95beb4e99d9248e5fd763957857c5b48
CRC-32
5564e3f6
File type
Windows executable
First seen
2013-11-24

Runtime Analysis

Registry Keys Created
  • HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\VersionIndependentProgID
    (Default)
    AmiBs.Installer
  • HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\ProgID
    (Default)
    AmiBs.Installer.1
  • HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\TypeLib
    (Default)
    {1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}
  • HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\LocalServer32
    ServerExecutable
    c:\test_item.exe
  • HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}\Version
    (Default)
    1.0
  • HKCR\AmiBs.Installer\CurVer
    (Default)
    AmiBs.Installer.1
  • HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}\1.0\FLAGS
    (Default)
  • HKLM\SOFTWARE\Microsoft\ESENT\Process\sample\DEBUG
    Trace Level
  • HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}\1.0\0\win32
    (Default)
    c:\test_item.exe
  • HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}\1.0
    (Default)
    InstallerLib
  • HKCR\AmiBs.Installer.1\CLSID
    (Default)
    {A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}
  • HKCR\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}\1.0\HELPDIR
    (Default)
    c:
  • HKCR\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}
    (Default)
    Installer Class
  • HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\TypeLib
    Version
    1.0
  • HKCR\AmiBs.Installer
    (Default)
    Installer Class
  • HKCR\AmiBs.Installer.1
    (Default)
    Installer Class
  • HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
    (Default)
    IBoot
  • HKCR\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
HTTP Requests
  • http://www.keenondownload.com/FailedToInstall.php
DNS Requests
  • www.keenondownload.com

Example 2

File Information

Size
339K
SHA-1
003d88a4a37af8ca59533108dabbf04d7e0e93ef
MD5
472e8409ae09a28fc4b704787ec29ddc
CRC-32
f78a2ace
File type
application/x-ms-dos-executable
First seen
2014-06-21

Runtime Analysis

Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\inethnfd
    NoRepair
    0x00000001
  • HKLM\SOFTWARE\Client
    i
    20140625165445
Processes Created
  • c:\docume~1\support\locals~1\temp\nsv4.tmp\ns5.tmp
  • c:\docume~1\support\locals~1\temp\nsv4.tmp\ns6.tmp
  • c:\docume~1\support\locals~1\temp\nsv4.tmp\ns7.tmp
  • c:\docume~1\support\locals~1\temp\nsv4.tmp\ns8.tmp
  • c:\windows\system32\installd.exe
  • c:\windows\system32\net.exe
  • c:\windows\system32\net1.exe
  • c:\windows\system32\nethtsrv.exe
  • c:\windows\system32\netupdsrv.exe

Example 3

File Information

Size
340K
SHA-1
00582b389b757bfaad1abe564b5a02581c090377
MD5
0bda9b521fa3621279afc1d905c17836
CRC-32
92bc8512
File type
application/x-ms-dos-executable
First seen
2014-06-20

Other vendor detection

Avira
ADSPY/AdSpy.Gen

Runtime Analysis

Dropped Files
  • C:\Program Files\Common Files\Config\data.xml
  • C:\Program Files\Common Files\Config\ver.xml
  • C:\Program Files\Common Files\Config\uninstinethnfd.exe
  • C:\WINDOWS\system32\netupdsrv.exe
    Size
    159K
    SHA-1
    e72da4977e507f3d80bfdfa8806480b6f7fe6f9f
    MD5
    7bca04b9b30e6fc32a8d0e2c075c6640
    CRC-32
    725ee6c6
    File type
    Windows executable
    First seen
    2014-06-25
  • C:\WINDOWS\system32\hfpapi.dll
    Size
    242K
    SHA-1
    4b83f9ab812e60380044923f848a6ef486b42d4e
    MD5
    2d62066b78e240eb26f79c1f6eb87bcd
    CRC-32
    43544400
    File type
    Windows executable
    First seen
    2014-06-25
  • C:\WINDOWS\system32\drivers\nethfdrv.sys
    Size
    48K
    SHA-1
    67ba7a0714552394c7ac791da98289b65a96aefe
    MD5
    3bddc04fa98eb1caddd22693c8f2d1ed
    CRC-32
    be8ad2a4
    File type
    application/x-ms-dos-executable
    First seen
    2014-06-25
  • C:\WINDOWS\system32\hfnapi.dll
    Size
    106K
    SHA-1
    c60fbf27251644a55db46063dcf4c6910dd89fc5
    MD5
    ddd6594551acb265788d3b50bee740b4
    CRC-32
    0b313381
    File type
    Windows executable
    First seen
    2014-06-25
  • C:\WINDOWS\system32\installd.exe
    Size
    106K
    SHA-1
    533893becf4240cef365603e90469220326029c7
    MD5
    1dd6f5da06d70a5a0b573bf5f889ade3
    CRC-32
    82c3a8d3
    File type
    Windows executable
    First seen
    2014-06-25
  • C:\WINDOWS\system32\nethtsrv.exe
    Size
    175K
    SHA-1
    c919c2d784ae22e1b98b497f358f6cccf6a84be0
    MD5
    dee918b39d17a7eeed99d08a8474b550
    CRC-32
    c6c59b9f
    File type
    Windows executable
    First seen
    2014-06-25
Registry Keys Created
  • HKLM\SOFTWARE\Client
    i
    20140625153812
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\inethnfd
    NoRepair
    0x00000001
Processes Created
  • c:\docume~1\support\locals~1\temp\nsl4.tmp\ns5.tmp
  • c:\docume~1\support\locals~1\temp\nsl4.tmp\ns6.tmp
  • c:\docume~1\support\locals~1\temp\nsl4.tmp\ns7.tmp
  • c:\docume~1\support\locals~1\temp\nsl4.tmp\ns8.tmp
  • c:\windows\system32\installd.exe
  • c:\windows\system32\net.exe
  • c:\windows\system32\net1.exe
  • c:\windows\system32\nethtsrv.exe
  • c:\windows\system32\netupdsrv.exe

scarica Prova gratuita dei prodotti Sophos
Scarica subito