SecurityHome.eu Adware:Win32/Pirrit

Home / malware PDF

Adware:Win32/Pirrit

First posted on 15 February 2019.
Source: Microsoft
Aliases :
There are no other names known for Adware:Win32/Pirrit.
Explanation :
Installation

We have seen this program being installed to the following locations:

%APPDATA% LocalPirritSuggestor %APPDATA% Local<32 hex value>, for example, %APPDATA%Local1ac9cee2c246c57c842ae7e18ee24749

Its installer can look like the following:

Behavior

This program can show you additional advertisements as you browse the Internet. They can look like the following examples:

Inline ads:

Mouse-over ads:

Image-related ads:

Bottom slide-up ads:

Bottom banner ads:

New-tab ads:

Overwriting existing ads:

Changes your proxy settings

This threat can also change your web browser proxy settings. In Internet Explorer, the new setting can look like this:

It creates an extension in Firefox that can look like this:

Analysis by Michael Johnson
Last update 15 February 2019

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20