Home / malwarePDF  

Adware:Win32/ZoomyLib


First posted on 15 February 2019.
Source: Microsoft

Aliases :

Adware:Win32/ZoomyLib is also known as LyricsGizm, PennyBee, PennyBeePro, ZoomifyApp, Zoomify, ZoomPic.

Explanation :

Installation

This program can be bundled with some third-party software installation programs. Below is an example of an application that installs this program:

We have seen this program use the following names:

LyricsGizm PennyBee PennyBeePro  ZoomifyApp Zoomify  ZoomPic

It can add files under any of the following folders:

%ALLUSERSPROFILE% pennybee %ALLUSERSPROFILE% pennybeepro2 %ALLUSERSPROFILE% lyricsgizm %ALLUSERSPROFILE% lyricsgizm2 %ALLUSERSPROFILE% zoomify2 %ALLUSERSPROFILE% zoomify_29 %ALLUSERSPROFILE%makulitsidwe %APPDATA% LocalLowpennybee  %APPDATA% LocalLowpennybeepro %APPDATA% LocalLowlyricsgizm %APPDATA% LocalLowzoompic %APPDATA% LocalLowzoomify %ProgramData% PennyBee %ProgramData% PennyBeePro %ProgramData% pennybeepro2 %ProgramData% zoomify2 %ProgramData% zoomify_29 %ProgramData% makulitsidwe

We have seen it use the following file names:

coz32host.exe coz64host.exe cozaghost.exe cozahost.exe  cozahost.exe cozhost.exe cozwdhost.exe cozwhost.exe dgapi.js dgmain.js dgmain_app_bg.js dgmain_app_cs.js jquery4toolbar.js logo.ico lyricsgizm.exe lyricsgizmd32.exe lyricsgizml32.dll lyricsgizml32.exe lyricsgizml64.dll lyricsgizml64.exe lyricsgizmutil.dll lyricsgizmutil32.dll pennybee.exe pennybeepro.exe pennybeeprod32.exe pennybeeprol32.dll pennybeeprol32.exe pennybeeprol64.dll pennybeeprol64.exe pennybeeproutil32.dll pennybeeutil.dll Uninstaller.exe utils.exe wlyricsgizmd.exe wpennybeeprod.exe zoomify.xpi zoomify32.dll zoomify64.dll zoomifyL32.dll zoomifyL64.dll zoomifyutil32.dll zoompic.xpi zoompicL32.dll zoompicL64.dll zoompicutil32.dll

The malware adds itself as a service with  one of the following names:

cozhost cozwhost zoomify wzoomifyd lyricsgizm wlyricsgizmd pennybee pennybeepro wpennybeed

The program creates an installation entry in the Programs and Features section of the Control Panel.

Behavior

Displays advertisements

This program displays advertisements to you as you browse the Internet. You wouldn't see these advertisements if this program wasn't installed. For example:

This program can also bypass your firewall.  

Analysis by James Dee

Last update 15 February 2019

 

TOP

Malware :