Home / malwarePDF  

PUA:Win32/Amonetize


First posted on 04 July 2016.
Source: Microsoft

Aliases :

There are no other names known for PUA:Win32/Amonetize.

Explanation :

Installation

This application can be downloaded from websites that offer third-party software downloads. For example, we have seen it downloaded from:

  • easysafedownload.com
  • download1030.mediafire.com
  • download671.mediafire.com
  • download690.mediafire.com
  • download2164.mediafire.com


We have seen this application use the following file names:
  • KMSPico.iso
  • archive.rar.exe
  • myAC.ex
  • Launcher__6601_il4765.exe
  • Windows 7 Activator__12215_il267347_26.exe
  • myAC.exe
  • 开始游戏.exe
  • Extractor.rar
  • AVOX__7934_il1989.exe


It can be digitally signed by the following vendors:
  • Amonetize ltd.
  • Fenix-amp LTD
  • Smart Stail Solyushns, TOV
  • Wilmaonline LTD.
  • 杭州凤侠网络科技有限公司


We have seen this application using product names such as:
  • Installer
  • nethfdrv
  • Eldorado
  • Launcher
  • win32exe


This application communicates with domains such as:
  • www.egloodx.tech
  • www.proguiananlithometer.online
  • lessactua.space
  • www.continuumdownload.com
  • down.flighyu.space


For example:
  • www.egloodx.tech/info.php?
  • www.egloodx.tech/help.php?
  • lessactua.space/?


Payload

Exhibits suspicious behaviors

We have observed this application exhibit the following potentially unwanted behavior on PCs:
  • Injects into other processes on your system
  • Changes your browser's default homepage settings
  • Changes your browser's default new tab page settings
  • Changes your browser's shortcuts - often this can be used to take over your homepage by adding command-line arguments that change how the page is loaded
  • Registers a Layered Service Provider (LSP) to intercept network traffic - this is commonly used to inject ads into your browsers
  • Injects code into your browsers - this suspicious behavior is often used to bypass firewall settings or to change how your browser works


Installs other programs

We have seen this application install other software on your PC. Some of these applications might be bundled during the installation process and not intended to be installed. We have seen it installing programs such as:
  • AppHelper
  • SnapDo
  • Caster
  • 游侠日历2
  • Search module
  • OpenAL
  • qksee
  • System Healer
  • Sound+


This description was published using automated analysis.

Last update 04 July 2016

 

TOP

Malware :