Kraddare

Categoría: Programas no deseados Protección disponible desde:19 nov 2015 08:21:31 (GMT)
Tipo: Adware Última actualización:10 jun 2016 09:10:39 (GMT)

Download Descargue nuestra herramienta gratuita para la eliminación de virus - Encuentre las amenazas no detectadas por su antivirus

Examples of Kraddare include:

Example 1

File Information

Size
409K
SHA-1
0059209c6cf8d7550e0e79d29e46ccdf8f794b08
MD5
c67584a9a2de896e844e3797cb578a13
CRC-32
83ac677b
File type
Windows executable
First seen
2014-05-28

Runtime Analysis

HTTP Requests
  • http://www.mousecontrolservice.com/mcs/config.php
DNS Requests
  • www.mousecontrolservice.com

Example 2

File Information

Size
1.2M
SHA-1
0170d430715df2b73bee3587d695ff964e3d0d29
MD5
b00fdadbf90608d2d765df27ce4d7159
CRC-32
75c4c90f
File type
Windows executable
First seen
2016-02-25

Runtime Analysis

Dropped Files
  • C:\Program Files\Skywidget\skywidget.exe
  • C:\Program Files\Skywidget\skywidget.dll
  • C:\Program Files\Skywidget\skywidgeter.exe
  • C:\Program Files\Skywidget\skywidgeted.exe
  • C:\Program Files\Skywidget\skywidgets.exe
  • C:\Program Files\Skywidget\uninstall.exe
    Size
    86K
    SHA-1
    a08452db2a33816ee9a939bc27c32e5762a04bbe
    MD5
    ca9f517e0e1588d62df17227d1473bff
    CRC-32
    7f8f7a69
    File type
    Windows executable
    First seen
    2016-02-25
  • C:\Program Files\Skywidget\skywidget_sajulove_new.dll
    Size
    652K
    SHA-1
    299a19f2d4dcf67c965d24b37cda61c8a86a2c19
    MD5
    054f750dc2359f6d63d0a8f8415640cd
    CRC-32
    f36c8f75
    File type
    Windows executable
    First seen
    2015-06-08
Registry Keys Created
  • HKCU\Software\honorzone
    verupsw
    20150608
  • HKCU\Software\searchlinenc
    verupsw
    20150608
  • HKCR\TypeLib\{C92B1604-4D70-41DF-8DFF-E7BBC6C59CFD}\1.0\FLAGS
    (Default)
  • HKCR\CLSID\{5AC6C4E6-9E10-4D22-A4D8-8C371C1FD6E2}\TypeLib
    (Default)
    {C92B1604-4D70-41DF-8DFF-E7BBC6C59CFD}
  • HKCR\CLSID\{5AC6C4E6-9E10-4D22-A4D8-8C371C1FD6E2}\VersionIndependentProgID
    (Default)
    skywidget.skywidget_Obj
  • HKCR\TypeLib\{C92B1604-4D70-41DF-8DFF-E7BBC6C59CFD}\1.0\HELPDIR
    (Default)
  • HKCR\Interface\{FC6D9FF6-5B26-4607-9D1E-02699F83265C}\TypeLib
    Version
    1.0
  • HKCU\Software\skwgt
    cid
    skywidget_top
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Skywidget uninstall
    DisplayIcon
    "C:\Program Files\Skywidget\uninstall.exe"
  • HKCR\TypeLib\{C92B1604-4D70-41DF-8DFF-E7BBC6C59CFD}\1.0
    (Default)
    skywidget 1.0 □□□ □□□□□□□
  • HKCR\Interface\{FC6D9FF6-5B26-4607-9D1E-02699F83265C}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\CLSID\{5AC6C4E6-9E10-4D22-A4D8-8C371C1FD6E2}
    AppID
    {E4A7A183-E1E4-4B6C-8801-8D787E32A01A}
  • HKCR\TypeLib\{C92B1604-4D70-41DF-8DFF-E7BBC6C59CFD}\1.0\0\win32
    (Default)
    C:\Program Files\Skywidget\skywidget.dll
  • HKCR\skywidget.skywidget_Obj
    (Default)
    skywidget_Obj Class
  • HKCU\Software\skwgt\sdata
    skwgtdcinfo
    20160225
  • HKCR\AppID\skywidget.DLL
    AppID
    {E4A7A183-E1E4-4B6C-8801-8D787E32A01A}
  • HKCR\skywidget.skywidget_Obj\CurVer
    (Default)
    skywidget.skywidget_Obj.1
  • HKCR\CLSID\{5AC6C4E6-9E10-4D22-A4D8-8C371C1FD6E2}\ProgID
    (Default)
    skywidget.skywidget_Obj.1
  • HKCR\Interface\{FC6D9FF6-5B26-4607-9D1E-02699F83265C}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\skywidget.skywidget_Obj\CLSID
    (Default)
    {5AC6C4E6-9E10-4D22-A4D8-8C371C1FD6E2}
  • HKCR\skywidget.skywidget_Obj.1
    (Default)
    skywidget_Obj Class
  • HKCR\CLSID\{5AC6C4E6-9E10-4D22-A4D8-8C371C1FD6E2}\InprocServer32
    ThreadingModel
    Apartment
  • HKCU\Software\skwgt\Intbar
    interver
    20150403
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AC6C4E6-9E10-4D22-A4D8-8C371C1FD6E2}
    NoExplorer
    0x00000001
  • HKCR\skywidget.skywidget_Obj.1\CLSID
    (Default)
    {5AC6C4E6-9E10-4D22-A4D8-8C371C1FD6E2}
  • HKCR\AppID\{E4A7A183-E1E4-4B6C-8801-8D787E32A01A}
    (Default)
    skywidget
  • HKCR\Interface\{FC6D9FF6-5B26-4607-9D1E-02699F83265C}
    (Default)
    Iskywidget_Obj
  • HKCU\Software\skwgt\tu
    verup
    20150608
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Skywidgettos
    "C:\Program Files\Skywidget\skywidgeter.exe" Runcmd
Processes Created
  • c:\program files\skywidget\skywidget.exe
  • c:\program files\skywidget\skywidgeted.exe
  • c:\program files\skywidget\skywidgeter.exe
  • c:\program files\skywidget\skywidgets.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://admko.freebind.co.kr/cnt/
  • http://admre.ooabook.com/cnt/
  • http://down.skywidget.co.kr/update/admko/check/skywidget/update/skywidget.php
  • http://down.skywidget.co.kr/update/no/skywidgeter.php
  • http://down.skywidget.co.kr/update/search/check/skywidget/update/skywidget.php
  • http://part.i-shopping.co.kr/cnt/index_pre.php
  • http://part.skywidget.co.kr/cnt/index.php
  • http://part.skywidget.co.kr/skywidget/update/ad/skywidget/inst.php
  • http://t.openpotservice.com/AppTag/TagCnt_xe2.asp
DNS Requests
  • admko.freebind.co.kr
  • admre.ooabook.com
  • down.skywidget.co.kr
  • part.i-shopping.co.kr
  • part.skywidget.co.kr
  • t.openpotservice.com

Example 3

File Information

Size
411K
SHA-1
020835e85f86562ba0278190f145b898941157ca
MD5
e3cfd7010f74adc4dc5d3b9915f482fa
CRC-32
9a840305
File type
Windows executable
First seen
2015-11-10

descargar Pruebe los productos de Sophos totalmente gratis
Descargue una evaluación gratuita