Home / malwarePDF  

PUA:Win32/Toptools


First posted on 13 October 2019.
Source: Microsoft

Aliases :

PUA:Win32/Toptools is also known as not-a-virus:AdWare.Win32.ExtCrome.xxm, PUP-FTV, a variant of Win32/Toptools.D potentially unwanted applicati, nbiz, ADW_KRADDARE, Gen:Variant.Adware.Sidetab.1, PUA.FormatFactory.

Explanation :

Installation

This application can be downloaded from websites that offer third-party software downloads. For example, we have seen it downloaded from:

download.toptools100.com dl3.vessoft.com ggemdol.com www.ggemdol.com bezprogramm.net

We have seen this application use the following file names:

FFSetup3.8.0.0.exe FFSetup3.7.5.0.exe FFSetup3.7.0.0.exe CatchVideo_mini-Baixaki_Br_IBD_banner.exe FFSetup3.9.0.0.exe formatfactory-3-6-0-0-multi-win.exe FFSetup3.7.0.1.exe formatfactory_3-8-0-0_fr_223920.exe FFSetup3.6.0.0.exe

It can be digitally signed by the following vendors:

ShenZhen Enode Techology co,.Ltd chen jun hao MEIXIAN XIE Beijing Zhihuimen Techology co,.Ltd nbiz Ltd.

We have seen this application using product names such as:

FormatFactory The Desktop Weather weather Application Format Factory WeatherE Dynamic Link Library

This application communicates with domains such as:

weather.toptools100.com download.hightech100.net www.360tools.org update.pcfreetime.com www.picosmos.net

For example:

weather.toptools100.com/weather? download.hightech100.net/weather_animate/sunny_D382E6F57DBF655F960B97B2D0A3BC4B.zip download.hightech100.net/weather_animate/clear_E8E6D5EBCB235F2F694637FB0E34307D.zip Payload

Exhibits suspicious behaviors

We have observed this application exhibit the following potentially unwanted behavior on PCs:

Injects into other processes on your system Changes the Google Chrome secure preferences - this behavior is commonly associated with tampering with the default homepage or search provider in Chrome

Installs other programs

We have seen this application install other software on your PC. Some of these applications might be bundled during the installation process and not intended to be installed. We have seen it installing programs such as:

The Desktop Weather 2.0.1.11332 FormatFactory 3.9.0.1 Advanced Calendar 2.0.0.11380 Tools Update Platform Advanced ScreenSnapshotTool 1.1.0.11130 PicosmosTools 1.5.1.0 Catch Video Baidu Browser InbToolN

This description was published using automated analysis.

Last update 13 October 2019

 

TOP

Malware :