AppRider

Categoria: Adware e PUA Opzioni di protezione ora disponibili:30 lug 2012 22.52.45 (GMT)
Tipo: Adware Ultimo aggiornamento:31 gen 2014 23.45.24 (GMT)

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Examples of AppRider include:

Example 1

File Information

Size
771K
SHA-1
000675fa73b4c76aaac0f1e2e4308493ffaad1ee
MD5
6fa44a262870f39988ae85c2e36f65e2
CRC-32
b1c52989
File type
Windows executable
First seen
2012-02-01

Runtime Analysis

Registry Keys Created
  • HKCU\Software\I Want This\Log
    WriteHelperLogFile
    0x00000000
  • HKCU\Software\I Want This
    HelperRunningVersion
    150

Example 2

File Information

Size
1.9M
SHA-1
00223a76b1c2c2b4cfe63e7989563ff3eaeb4421
MD5
92a1668f51e5c56266d961c08968c5a8
CRC-32
46e0a079
File type
Windows executable
First seen
2012-10-02

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsk4.tmp\4637_tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsk4.tmp\closebrowsers.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\Deals PluginInstaller_1349239081.log
  • c:\Documents and Settings\test user\Local Settings\Temp\nsk4.tmp\Dialer.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsk4.tmp\ExecDos.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsk4.tmp\nsislog.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsk4.tmp\md5dll.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsk4.tmp\inetc.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsk4.tmp\text.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\nsk4.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsk4.tmp\StdUtils.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsk4.tmp\nsisos.dll
  • C:\Program Files\Deals Plugin\Deals Plugin-bg.exe
  • C:\Program Files\Deals Plugin\ButtonUtil.dll
  • C:\Program Files\Deals Plugin\Deals Plugin.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\nsk4.tmp\UserInfo.dll
  • C:\Program Files\Deals Plugin\Deals Plugin.ico
  • C:\Program Files\Deals Plugin\Deals Plugin.dll
  • C:\Program Files\Deals Plugin\Deals Plugin.ini
  • C:\Program Files\Deals Plugin\Uninstall.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\nsk4.tmp\checkmachine.exe
Registry Keys Created
  • HKCU\Software\Deals Plugin\Log
    WriteBhoLogFile
    0x00000000
  • HKCU\Software\Crossrider
    215AppVerifier
    3481b5584866d9d8e0cdf1414ee07653
  • HKCR\Interface\{66666666-6666-6666-6666-660066466637}
    (Default)
    ISandBox
  • HKCR\Interface\{66666666-6666-6666-6666-660066466637}\TypeLib
    Version
    1.0
  • HKCR\Interface\{55555555-5555-5555-5555-550055465537}\TypeLib
    Version
    1.0
  • HKCR\TypeLib\{44444444-4444-4444-4444-440044464437}\1.0\FLAGS
    (Default)
  • HKCR\TypeLib\{44444444-4444-4444-4444-440044464437}\1.0
    (Default)
    CrossriderApp0004637 Type Library
  • HKCR\CLSID\{11111111-1111-1111-1111-110011461137}\TypeLib
    (Default)
    {44444444-4444-4444-4444-440044464437}
  • HKCR\CLSID\{22222222-2222-2222-2222-220022462237}\TypeLib
    (Default)
    {44444444-4444-4444-4444-440044464437}
  • HKCU\Software\Deals Plugin
    ActiveAppId
  • HKCR\TypeLib\{44444444-4444-4444-4444-440044464437}\1.0\HELPDIR
    (Default)
    C:\Program Files\Deals Plugin
  • HKCR\Interface\{55555555-5555-5555-5555-550055465537}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\CLSID\{22222222-2222-2222-2222-220022462237}
    (Default)
    CrossriderApp0004637.Sandbox
  • HKCR\CLSID\{11111111-1111-1111-1111-110011461137}
    (Default)
    Deals Plugin
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011461137}
    NoExplorer
    0x00000001
  • HKCR\CrossriderApp0004637.BHO\CLSID
    (Default)
    {11111111-1111-1111-1111-110011461137}
  • HKCR\CLSID\{11111111-1111-1111-1111-110011461137}\InprocServer32
    ThreadingModel
    Apartment
  • HKCR\TypeLib\{44444444-4444-4444-4444-440044464437}\1.0\0\win32
    (Default)
    C:\Program Files\Deals Plugin\Deals Plugin.dll
  • HKCR\CrossriderApp0004637.BHO.1\CLSID
    (Default)
    {11111111-1111-1111-1111-110011461137}
  • HKCR\Interface\{55555555-5555-5555-5555-550055465537}
    (Default)
    ICrossriderBHO
  • HKCR\CrossriderApp0004637.Sandbox\CLSID
    (Default)
    {22222222-2222-2222-2222-220022462237}
  • HKCR\CrossriderApp0004637.Sandbox\CurVer
    (Default)
    CrossriderApp0004637.Sandbox
  • HKCR\Interface\{66666666-6666-6666-6666-660066466637}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\CrossriderApp0004637.BHO.1
    (Default)
    CrossriderApp0004637
  • HKCR\CLSID\{22222222-2222-2222-2222-220022462237}\VersionIndependentProgID
    (Default)
    CrossriderApp0004637.Sandbox
  • HKCR\CrossriderApp0004637.BHO
    (Default)
    CrossriderApp0004637
  • HKCR\CLSID\{11111111-1111-1111-1111-110011461137}\VersionIndependentProgID
    (Default)
    CrossriderApp0004637
  • HKCR\CrossriderApp0004637.Sandbox.1
    (Default)
    CrossriderApp0004637.Sandbox
  • HKCR\CLSID\{11111111-1111-1111-1111-110011461137}\ProgID
    (Default)
    CrossriderApp0004637.BHO.1
  • HKCR\CrossriderApp0004637.BHO\CurVer
    (Default)
    CrossriderApp0004637
  • HKCR\CLSID\{22222222-2222-2222-2222-220022462237}\InprocServer32
    ThreadingModel
    Apartment
  • HKCR\CLSID\{22222222-2222-2222-2222-220022462237}\ProgID
    (Default)
    CrossriderApp0004637.Sandbox.1
  • HKCR\Interface\{55555555-5555-5555-5555-550055465537}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\CrossriderApp0004637.Sandbox.1\CLSID
    (Default)
    {22222222-2222-2222-2222-220022462237}
  • HKCR\CrossriderApp0004637.Sandbox
    (Default)
    CrossriderApp0004637.Sandbox
  • HKCR\Interface\{66666666-6666-6666-6666-660066466637}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
Processes Created
  • c:\docume~1\support\locals~1\temp\nsk4.tmp\checkmachine.exe
  • c:\docume~1\support\locals~1\temp\nsk4.tmp\closebrowsers.exe
  • c:\windows\system32\regsvr32.exe
HTTP Requests
  • http://stats.crossrider.com/installer.gif
  • http://www.install-trk.com/installer-run/46769111EE1D4C01B903A9206F61322DIE/3481b5584866d9d8e0cdf1414ee07653/xriderexe/1348467910/
DNS Requests
  • stats.crossrider.com
  • www.install-trk.com

Example 3

File Information

Size
329K
SHA-1
00294a9c8f83cedd66a774b9f9fb6e4108792923
MD5
8a70b28969276a99f0bd07301ca4c6b7
CRC-32
d57dbaf3
File type
Windows executable
First seen
2012-02-13

Runtime Analysis

Registry Keys Created
  • HKCU\Software\I Want This
    HelperRunningVersion
    147

scarica Prova gratuita dei prodotti Sophos
Scarica subito