Home / malwarePDF  

Adware:Win32/Adpeak


First posted on 30 January 2014.
Source: Microsoft

Aliases :

There are no other names known for Adware:Win32/Adpeak.

Explanation :

Threat behavior

Installation

Adware:Win32/Adpeak can be downloaded from the program's website or bundled with some third-party software installation programs.

It creates the following files in %ProgramFiles%\ScorpionSaver:

  • background.js
  • bootstrap.js
  • bootstrap.js.old
  • CustomActionInstall
  • CustomActionUninstall
  • ff_addonkit_page-mod.js
  • ff_addonkit_private-browsing.js
  • ff_addonkit_request.js
  • ff_addonkit_windows.js
  • ff_addon_runner.js
  • ff_base_api-utils.js
  • ff_base_base64.js
  • ff_base_byte-streams.js
  • ff_base_collection.js
  • ff_base_content.js
  • ff_base_cortex.js
  • ff_base_cuddlefish.js
  • ff_base_deprecate.js
  • ff_base_environment.js
  • ff_base_errors.js
  • ff_base_events.js
  • ff_base_file.js
  • ff_base_functional.js
  • ff_base_globals.js
  • ff_base_heritage.js
  • ff_base_hidden-frame.js
  • ff_base_light-traits.js
  • ff_base_list.js
  • ff_base_loader.js
  • ff_base_match-pattern.js
  • ff_base_memory.js
  • ff_base_namespace.js
  • ff_base_observer-service.js
  • ff_base_plain-text-console.js
  • ff_base_preferences-service.js
  • ff_base_promise.js
  • ff_base_querystring.js
  • ff_base_runtime.js
  • ff_base_sandbox.js
  • ff_base_self.js
  • ff_base_system.js
  • ff_base_text-streams.js
  • ff_base_timer.js
  • ff_base_traceback.js
  • ff_base_traits.js
  • ff_base_unload.js
  • ff_base_url.js
  • ff_base_uuid.js
  • ff_base_window-utils.js
  • ff_base_xhr.js
  • ff_base_xpcom.js
  • ff_base_xul-app.js
  • ff_bootstrap.js
  • ff_content_content-proxy.js
  • ff_content_content-worker.js
  • ff_content_loader.js
  • ff_content_symbiont.js
  • ff_content_worker.js
  • ff_dom_events.js
  • ff_events_assembler.js
  • ff_event_core.js
  • ff_event_target.js
  • ff_harness-options.json
  • ff_icon.png
  • ff_icon64.png
  • ff_install.rdf
  • ff_l10n_core.js
  • ff_l10n_html.js
  • ff_l10n_loader.js
  • ff_l10n_locale.js
  • ff_l10n_prefs.js
  • ff_locales.json
  • ff_main.js
  • ff_main.js.old
  • ff_prefs.js
  • ff_privatebrowsing_utils.js
  • ff_system_events.js
  • ff_tabs_events.js
  • ff_tabs_observer.js
  • ff_tabs_tab.js
  • ff_tabs_utils.js
  • ff_traits_core.js
  • ff_utils_data.js
  • ff_utils_object.js
  • ff_utils_registry.js
  • ff_utils_thumbnail.js
  • ff_windows_dom.js
  • ff_windows_loader.js
  • ff_windows_observer.js
  • ff_windows_tabs.js
  • ff_window_utils.js
  • icon128.png
  • icon16.png
  • icon32.png
  • icon48.png
  • icon64.png
  • icon8.png
  • IECore.dll
  • LevelQualityWatcher32.exe
  • LevelQualityWatcher64.exe
  • manifest.json
  • marcopolo.js
  • Microsoft.Deployment.WindowsInstaller.dll
  • Microsoft.Deployment.WindowsInstaller.xml
  • SendJson.dll


It also creates the following registry entries:

  • HKEY_CURRENT_USER\Software\ScorpionSaver
  • HKEY_CURRENT_USER\Software\Adpeak, Inc.
  • HKEY_LOCAL_MACHINE\Software\Classes\clsid\{10AD2C61-0898-4348-8600-14A342F22AC3}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}


Behavior

Adware:Win32/Adpeak show you extra ads as you browse the Internet, without telling you where these ads are coming from. They might look like this:





Analysis by Aaron Hulett

Symptoms

The following could indicate that you have this program on your PC:

  • You have this file:

    %ProgramFiles%\ScorpionSaver
  • You see these entries or keys in your registry:

    HKEY_CURRENT_USER\Software\ScorpionSaver
    HKEY_CURRENT_USER\Software\Adpeak, Inc.
    HKEY_LOCAL_MACHINE\Software\Classes\clsid\{10AD2C61-0898-4348-8600-14A342F22AC3}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
  • You see ads like these:




Last update 30 January 2014

 

TOP

Malware :