Home / malware PUA:Win32/ShopperPro
First posted on 15 February 2019.
Source: MicrosoftAliases :
PUA:Win32/ShopperPro is also known as not-a-virus:AdWare.Win32.Shopper.adw, ShopperPro, a variant of Win32/SBWatchman.D potentially unwanted applica, Goobzo, ADW_SHOPPER.A, PE:Malware.Adload!6.1D9D, Application.Agent.FX, PUA.Goobzo.
Explanation :
Installation
This application can be downloaded from websites that offer third-party software downloads. For example, we have seen it downloaded from:
d1ih5upz66zwom.cloudfront.net
We have seen this application use the following file names:
dap10i_da59dcd4eb_setup.exe dap10i_52a9497887_setup.exe dap10i_392976d6f2_setup.exe internet_browser_setup.exe dap10i_1cc1da74a6_setup.exe dap10i_ds_setup.exe ytai_ytareg_setup.exe imsysplayer_spfileop_setup.exe internet_browser_setup (1).exe
It can be digitally signed by the following vendors:
Goobzo LTD ytdownloader (Goobzo Ltd) Shopper-Pro (GOOBZO LTD) Goobzo Ltd ProShopper (GOOBZO LTD)
We have seen this application using product names such as:
Update Helper YouTube Accelerator Video Download and Convert JsDriver iWebar
This application communicates with domains such as:
online.goobzo.com rep.youtubeaccelerator.com www.sysplayer.com update.srvstatsdata.com update.ffmpeg-update.com
For example:
online.GOOBZO.com/online/update.aspx? rep.youtubeaccelerator.com/app/ping.ashx? online.GOOBZO.com/online/Report.aspx Payload
Installs other programs
We have seen this application install other software on your PC. Some of these applications might be bundled during the installation process and not intended to be installed. We have seen it installing programs such as:
YouTube Accelerator Weather Chickn ContentPush
This description was published using automated analysis.Last update 15 February 2019
