Home / malwarePDF  

Adware:Win32/BrowserShop


First posted on 17 December 2014.
Source: Microsoft

Aliases :

There are no other names known for Adware:Win32/BrowserShop.

Explanation :

Threat behavior

Installation
This threat can create files on your PC, including:

  • %ProgramFiles%\birowser shop\z7eiujxtp.dll
  • %ProgramFiles%\birowser shop\z7eiujxtp.x64.dll
  • \birowser shop\4uhfhavajm.exe


Payload
Displays ads that you can't control

This program can show you extra ads. These ads can appear:

  • In your web browser: such as search helpers, hover links, and banner ads.
  • Outside of your web browser: such as pop ups, balloon ads, and toast notifications.


These advertisements would not be shown if this program wasn't installed on your PC.

Creates an uninstaller



This threat can create an uninstaller by modifying the registry. For example:

In subkey: HKLM\software\microsoft\windows\currentversion\uninstall\{ad11dade-c597-45d9-d8c5-1d2eb0b89613}

Sets value: "UninstallString"
With data: ""\birowser shop\4uhfhavajm.exe" /s /n /i:"executecommands;uninstallcommands" "%ALLUSERSPROFILE%\application data\birowser shop\4uhfhavajm.exe""



Additional information

Creates a mutex

This threat can create a mutex on your PC. For example:

  • Global\{60430AFC-AA55-41bd-94C6-E2020CE1C711}


It might use this mutex as an infection marker to prevent more than one copy of the threat running on your PC.

This malware description was published using automated analysis of file SHA1 18ac5fb8b8a5962d3af8d7a3e1936f4ac482a04e. Symptoms

The following can indicate that you have this threat on your PC:

  • You see these files:
    • %ProgramFiles%\birowser shop\z7eiujxtp.dll
    • %ProgramFiles%\birowser shop\z7eiujxtp.x64.dll
    • \birowser shop\4uhfhavajm.exe
  • You see registry modifications such as:
    • In subkey: HKLM\software\microsoft\windows\currentversion\uninstall\{ad11dade-c597-45d9-d8c5-1d2eb0b89613}
      Sets value: "UninstallString"
      With data: ""\birowser shop\4uhfhavajm.exe" /s /n /i:"executecommands;uninstallcommands" "%ALLUSERSPROFILE%\application data\birowser shop\4uhfhavajm.exe""

  • You see a mutex such as:
    • Global\{60430AFC-AA55-41bd-94C6-E2020CE1C711}

Last update 17 December 2014

 

TOP