Amonetize

Categoria: Adware e PUA Opzioni di protezione ora disponibili:03 mar 2014 18:24:57 (GMT)
Tipo: Unspecified PUA Ultimo aggiornamento:14 lug 2015 15:06:18 (GMT)

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Examples of Amonetize include:

Example 1

File Information

Size
1.5M
SHA-1
0003a2a9fe4e9e289f160e94953e634e572c121a
MD5
1f1b021aba5151989f19d0e2f885d5c0
CRC-32
b9a82653
File type
Windows executable
First seen
2007-10-26

Example 2

File Information

Size
604K
SHA-1
0013d9585c365cd38fc433da44a1a3fa5a25a67c
MD5
e91b8cb36e388eedfcb4ba7d68494d0e
CRC-32
5d3a5b00
File type
Windows executable
First seen
2007-10-26

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\test_item.exe
Dropped Files
  • c:\Documents and Settings\test user\Desktop\Continue installation .lnk
  • c:\Documents and Settings\test user\Local Settings\Temp\test_item.exe_ADS_AlternateDataStream_Found_typelib
  • c:\Documents and Settings\test user\Local Settings\Temp\amipixel.cfg
Registry Keys Created
  • HKCR\TypeLib\{BAC6CA45-7F45-4F8E-9B21-1CA09B615AF3}\1.0
    (Default)
    InstallerLib
  • HKCR\Interface\{623E2C66-A4A9-43CC-8109-B3C317749328}\TypeLib
    Version
    1.0
  • HKCR\geodesy.forbad.1
    (Default)
    Inst Class
  • HKCR\CLSID\{2ae80279-68a0-4c0d-96b2-0c319b2afe40}\ProgID
    (Default)
    geodesy.forbad.1
  • HKCR\CLSID\{2ae80279-68a0-4c0d-96b2-0c319b2afe40}\VersionIndependentProgID
    (Default)
    geodesy.forbad
  • HKCR\CLSID\{2ae80279-68a0-4c0d-96b2-0c319b2afe40}\LocalServer32
    ServerExecutable
    c:\test_item.exe
  • HKLM\SOFTWARE\Microsoft\ESENT\Process\sample\DEBUG
    Trace Level
  • HKCR\CLSID\{2ae80279-68a0-4c0d-96b2-0c319b2afe40}\TypeLib
    (Default)
    {bac6ca45-7f45-4f8e-9b21-1ca09b615af3}
  • HKCR\geodesy.forbad\CurVer
    (Default)
    geodesy.forbad.1
  • HKCR\CLSID\{2ae80279-68a0-4c0d-96b2-0c319b2afe40}
    (Default)
    Inst Class
  • HKCR\TypeLib\{BAC6CA45-7F45-4F8E-9B21-1CA09B615AF3}\1.0\FLAGS
    (Default)
  • HKCR\geodesy.forbad.1\CLSID
    (Default)
    {2ae80279-68a0-4c0d-96b2-0c319b2afe40}
  • HKCR\CLSID\{2ae80279-68a0-4c0d-96b2-0c319b2afe40}\Version
    (Default)
    1.0
  • HKCR\TypeLib\{BAC6CA45-7F45-4F8E-9B21-1CA09B615AF3}\1.0\HELPDIR
    (Default)
    c:
  • HKCR\Interface\{623E2C66-A4A9-43CC-8109-B3C317749328}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\Interface\{623E2C66-A4A9-43CC-8109-B3C317749328}
    (Default)
    IBoot
  • HKCR\TypeLib\{BAC6CA45-7F45-4F8E-9B21-1CA09B615AF3}\1.0\0\win32
    (Default)
    c:\test_item.exe:typelib
  • HKCR\Interface\{623E2C66-A4A9-43CC-8109-B3C317749328}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\geodesy.forbad
    (Default)
    Inst Class
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    test_item.exe
HTTP Requests
  • http://cdn1.nonstopdownload.com/V20/amipb.js
  • http://cdn2.nonstopdownload.com/9ee1efd2-b9b2-403f-8f9a-5fc856fa00a3/accept.gif
  • http://cdn2.nonstopdownload.com/9ee1efd2-b9b2-403f-8f9a-5fc856fa00a3/cancel.gif
  • http://cdn2.nonstopdownload.com/9ee1efd2-b9b2-403f-8f9a-5fc856fa00a3/cancel1.gif
  • http://cdn2.nonstopdownload.com/9ee1efd2-b9b2-403f-8f9a-5fc856fa00a3/decline.gif
  • http://cdn2.nonstopdownload.com/9ee1efd2-b9b2-403f-8f9a-5fc856fa00a3/finish.gif
  • http://cdn2.nonstopdownload.com/9ee1efd2-b9b2-403f-8f9a-5fc856fa00a3/footer_img.png
  • http://cdn2.nonstopdownload.com/9ee1efd2-b9b2-403f-8f9a-5fc856fa00a3/left_image.png
  • http://cdn2.nonstopdownload.com/9ee1efd2-b9b2-403f-8f9a-5fc856fa00a3/main.css
  • http://cdn2.nonstopdownload.com/9ee1efd2-b9b2-403f-8f9a-5fc856fa00a3/next.gif
  • http://cdn2.nonstopdownload.com/9ee1efd2-b9b2-403f-8f9a-5fc856fa00a3/skip.gif
DNS Requests
  • cdn1.nonstopdownload.com
  • cdn2.nonstopdownload.com
  • www.keenondownload.com

Example 3

File Information

Size
405K
SHA-1
001e8ab076e33be0e6e72f7a8139e67ffd0dad36
MD5
0ceae2f2f57f4b8a4f82f7d06657bed0
CRC-32
4362c354
File type
Windows executable
First seen
2014-12-19

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\test_item.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\ami2.tmp.ico
  • c:\Documents and Settings\test user\Desktop\Continue installation - %appname% Installation.lnk
  • c:\Documents and Settings\test user\Local Settings\Temp\test_item.exe_ADS_AlternateDataStream_Found_typelib
  • c:\Documents and Settings\test user\Local Settings\Temp\amipixel.cfg
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\ESENT\Process\sample\DEBUG
    Trace Level
  • HKCR\TypeLib\{9CFD19DD-C432-4441-96A2-30D2ABA44DF7}\1.0\FLAGS
    (Default)
  • HKCR\busywork.trailers\CurVer
    (Default)
    busywork.trailers.1
  • HKCR\TypeLib\{9CFD19DD-C432-4441-96A2-30D2ABA44DF7}\1.0
    (Default)
    InstallerLib
  • HKCR\CLSID\{80d37b70-f699-4472-b432-b2d5fbad734b}\TypeLib
    (Default)
    {9cfd19dd-c432-4441-96a2-30d2aba44df7}
  • HKCR\TypeLib\{9CFD19DD-C432-4441-96A2-30D2ABA44DF7}\1.0\0\win32
    (Default)
    c:\test_item.exe:typelib
  • HKCR\Interface\{01726DB0-3F5E-415B-8CD0-43C2023D0D59}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\TypeLib\{9CFD19DD-C432-4441-96A2-30D2ABA44DF7}\1.0\HELPDIR
    (Default)
    c:
  • HKCR\busywork.trailers
    (Default)
    Inst Class
  • HKCR\CLSID\{80d37b70-f699-4472-b432-b2d5fbad734b}\ProgID
    (Default)
    busywork.trailers.1
  • HKCR\busywork.trailers.1\CLSID
    (Default)
    {80d37b70-f699-4472-b432-b2d5fbad734b}
  • HKCR\Interface\{01726DB0-3F5E-415B-8CD0-43C2023D0D59}
    (Default)
    IBoot
  • HKCR\CLSID\{80d37b70-f699-4472-b432-b2d5fbad734b}\LocalServer32
    ServerExecutable
    c:\test_item.exe
  • HKCR\Interface\{01726DB0-3F5E-415B-8CD0-43C2023D0D59}\TypeLib
    Version
    1.0
  • HKCR\CLSID\{80d37b70-f699-4472-b432-b2d5fbad734b}\VersionIndependentProgID
    (Default)
    busywork.trailers
  • HKCR\Interface\{01726DB0-3F5E-415B-8CD0-43C2023D0D59}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\busywork.trailers.1
    (Default)
    Inst Class
  • HKCR\CLSID\{80d37b70-f699-4472-b432-b2d5fbad734b}\Version
    (Default)
    1.0
  • HKCR\CLSID\{80d37b70-f699-4472-b432-b2d5fbad734b}
    (Default)
    Inst Class
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    test_item.exe
HTTP Requests
  • http://cdn1.continuumdownload.com/V14/amipb.js
  • http://cdn2.continuumdownload.com/f2958b2a-7357-4f94-a6f3-865aafa6e1c6/accept.gif
  • http://cdn2.continuumdownload.com/f2958b2a-7357-4f94-a6f3-865aafa6e1c6/cancel.gif
  • http://cdn2.continuumdownload.com/f2958b2a-7357-4f94-a6f3-865aafa6e1c6/cancel1.gif
  • http://cdn2.continuumdownload.com/f2958b2a-7357-4f94-a6f3-865aafa6e1c6/decline.gif
  • http://cdn2.continuumdownload.com/f2958b2a-7357-4f94-a6f3-865aafa6e1c6/footer_img.png
  • http://cdn2.continuumdownload.com/f2958b2a-7357-4f94-a6f3-865aafa6e1c6/install.gif
  • http://cdn2.continuumdownload.com/f2958b2a-7357-4f94-a6f3-865aafa6e1c6/main.css
  • http://cdn2.continuumdownload.com/f2958b2a-7357-4f94-a6f3-865aafa6e1c6/next.gif
  • http://cdn2.continuumdownload.com/f2958b2a-7357-4f94-a6f3-865aafa6e1c6/skip.gif
  • http://www.brainydownload.com/Html/6c7098b0-36ba-4d0a-96b3-472ab3b51c0d/%appimageurl%
DNS Requests
  • cdn1.continuumdownload.com
  • cdn2.continuumdownload.com
  • www.brainydownload.com

scarica Prova gratuita dei prodotti Sophos
Scarica subito