Home / malwarePDF  

Adware:Win32/Kremiumad


First posted on 19 February 2013.
Source: Microsoft

Aliases :

Adware:Win32/Kremiumad is also known as Adware.Adpopup (Symantec), PUP.z!po (McAfee), TR/Spy.Banker.Gen (Avira), W32/Banker.GDLD (Norman).

Explanation :



Adware:Win32/Kremiumad may be installed from the program's website.

The program may install itself with any of the following names (note that this list is not exhaustive):

  • adbrowser
  • adhelp
  • adsmap
  • adssup
  • clickpang
  • findkey
  • premiumad
  • prime
  • primead
  • topsearch


Installation

When run, the installer for Adware:Win32/Kremiumad installs the following files to the folder "%ProgramFiles%\<program name>":

  • <program name>.exe
  • uninstall_<name>.exe


Where <program name> includes the following:

  • adbrowser
  • adhelp
  • adsmap
  • adssup
  • clickpang
  • findkey
  • premiumad
  • prime
  • primead
  • topsearch


Note: %ProgramFiles% refers to a variable location that is determined by the malware by querying the operating system. The default location for the Program Files folder for Windows 2000, XP, 2003, Vista, 7, and 8 is "C:\Program Files".

Adware:Win32/Kremiumad modifies the following registry entry to ensure that its copy runs at each Windows start:

In subkey: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Sets value: "<program name>.exe"
With data: "%ProgramFiles%\<program name>\<program name>.exe"

In subkey: HKLM\Software\<name>
Sets value: "version"
With data: "mz."

Adware:Win32/Kremiumad creates an installation entry in the Programs and Features section of the Control Panel. Running this uninstaller may remove some or all of the files related to Adware:Win32/Kremiumad from your computer.

Execution

Once installed, Adware:Win32/Kremiumad displays pop-up ads to you as you browse the Internet.

Adware:Win32/Kremiumad can perform the following tasks on your computer:

  • Request instructions on how it should deliver ads or monitor your browsing behavior
  • Monitor your browsing activities and any keywords you enter into certain websites
  • Display pop-up ads
  • Gather information about your computer and network, such as your computer's MAC address (a number that physically identifies your computer), IP address, and the version of Adware:Win32/Kremiumad installed on your computer
  • Download and run other files, such as updates to the program




Analysis by Methusela Cebrian Ferrer

Last update 19 February 2013

 

TOP

Malware :