Amonetize

Category: Adware and PUAs Protection available since:16 Jun 2015 05:03:58 (GMT)
Type: Unspecified PUA Last Updated:16 Jun 2015 05:03:58 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Amonetize include:

Example 1

File Information

Size
405K
SHA-1
001e8ab076e33be0e6e72f7a8139e67ffd0dad36
MD5
0ceae2f2f57f4b8a4f82f7d06657bed0
CRC-32
4362c354
File type
Windows executable
First seen
2014-12-19

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\test_item.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\ami2.tmp.ico
  • c:\Documents and Settings\test user\Desktop\Continue installation - %appname% Installation.lnk
  • c:\Documents and Settings\test user\Local Settings\Temp\test_item.exe_ADS_AlternateDataStream_Found_typelib
  • c:\Documents and Settings\test user\Local Settings\Temp\amipixel.cfg
Registry Keys Created
  • HKCR\TypeLib\{9CFD19DD-C432-4441-96A2-30D2ABA44DF7}\1.0\0\win32
    (Default)
    c:\test_item.exe:typelib
  • HKCR\CLSID\{80d37b70-f699-4472-b432-b2d5fbad734b}
    (Default)
    Inst Class
  • HKCR\busywork.trailers.1
    (Default)
    Inst Class
  • HKCR\TypeLib\{9CFD19DD-C432-4441-96A2-30D2ABA44DF7}\1.0\HELPDIR
    (Default)
    c:
  • HKCR\CLSID\{80d37b70-f699-4472-b432-b2d5fbad734b}\VersionIndependentProgID
    (Default)
    busywork.trailers
  • HKCR\Interface\{01726DB0-3F5E-415B-8CD0-43C2023D0D59}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\CLSID\{80d37b70-f699-4472-b432-b2d5fbad734b}\TypeLib
    (Default)
    {9cfd19dd-c432-4441-96a2-30d2aba44df7}
  • HKCR\TypeLib\{9CFD19DD-C432-4441-96A2-30D2ABA44DF7}\1.0
    (Default)
    InstallerLib
  • HKLM\SOFTWARE\Microsoft\ESENT\Process\sample\DEBUG
    Trace Level
  • HKCR\TypeLib\{9CFD19DD-C432-4441-96A2-30D2ABA44DF7}\1.0\FLAGS
    (Default)
  • HKCR\CLSID\{80d37b70-f699-4472-b432-b2d5fbad734b}\Version
    (Default)
    1.0
  • HKCR\busywork.trailers
    (Default)
    Inst Class
  • HKCR\Interface\{01726DB0-3F5E-415B-8CD0-43C2023D0D59}
    (Default)
    IBoot
  • HKCR\Interface\{01726DB0-3F5E-415B-8CD0-43C2023D0D59}\TypeLib
    Version
    1.0
  • HKCR\Interface\{01726DB0-3F5E-415B-8CD0-43C2023D0D59}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\busywork.trailers\CurVer
    (Default)
    busywork.trailers.1
  • HKCR\busywork.trailers.1\CLSID
    (Default)
    {80d37b70-f699-4472-b432-b2d5fbad734b}
  • HKCR\CLSID\{80d37b70-f699-4472-b432-b2d5fbad734b}\LocalServer32
    ServerExecutable
    c:\test_item.exe
  • HKCR\CLSID\{80d37b70-f699-4472-b432-b2d5fbad734b}\ProgID
    (Default)
    busywork.trailers.1
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    test_item.exe
HTTP Requests
  • http://cdn1.continuumdownload.com/V14/amipb.js
  • http://cdn2.continuumdownload.com/f2958b2a-7357-4f94-a6f3-865aafa6e1c6/accept.gif
  • http://cdn2.continuumdownload.com/f2958b2a-7357-4f94-a6f3-865aafa6e1c6/cancel.gif
  • http://cdn2.continuumdownload.com/f2958b2a-7357-4f94-a6f3-865aafa6e1c6/cancel1.gif
  • http://cdn2.continuumdownload.com/f2958b2a-7357-4f94-a6f3-865aafa6e1c6/decline.gif
  • http://cdn2.continuumdownload.com/f2958b2a-7357-4f94-a6f3-865aafa6e1c6/footer_img.png
  • http://cdn2.continuumdownload.com/f2958b2a-7357-4f94-a6f3-865aafa6e1c6/install.gif
  • http://cdn2.continuumdownload.com/f2958b2a-7357-4f94-a6f3-865aafa6e1c6/main.css
  • http://cdn2.continuumdownload.com/f2958b2a-7357-4f94-a6f3-865aafa6e1c6/next.gif
  • http://cdn2.continuumdownload.com/f2958b2a-7357-4f94-a6f3-865aafa6e1c6/skip.gif
  • http://www.brainydownload.com/Html/6c7098b0-36ba-4d0a-96b3-472ab3b51c0d/%appimageurl%
DNS Requests
  • cdn1.continuumdownload.com
  • cdn2.continuumdownload.com
  • www.brainydownload.com

Example 2

File Information

Size
339K
SHA-1
003d88a4a37af8ca59533108dabbf04d7e0e93ef
MD5
472e8409ae09a28fc4b704787ec29ddc
CRC-32
f78a2ace
File type
Windows executable
First seen
2014-06-21

Runtime Analysis

Registry Keys Created
  • HKLM\SOFTWARE\Client
    i
    20140625165445
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\inethnfd
    NoRepair
    0x00000001
Processes Created
  • c:\docume~1\support\locals~1\temp\nsv4.tmp\ns5.tmp
  • c:\docume~1\support\locals~1\temp\nsv4.tmp\ns6.tmp
  • c:\docume~1\support\locals~1\temp\nsv4.tmp\ns7.tmp
  • c:\docume~1\support\locals~1\temp\nsv4.tmp\ns8.tmp
  • c:\windows\system32\installd.exe
  • c:\windows\system32\net.exe
  • c:\windows\system32\net1.exe
  • c:\windows\system32\nethtsrv.exe
  • c:\windows\system32\netupdsrv.exe

Example 3

File Information

Size
180K
SHA-1
0047f3cea9085e253ae7d7a046fbd367a71fd0ca
MD5
c2ff0ae8580c78d613059ba0ee05e0b3
CRC-32
1ffbc3eb
File type
Windows executable
First seen
2015-01-13

download Try Sophos products for free
Download now