Home / malwarePDF  

SoftwareBundler:Win32/Prepscram!rfn


First posted on 07 December 2016.
Source: Microsoft

Aliases :

There are no other names known for SoftwareBundler:Win32/Prepscram!rfn.

Explanation :

Arrival and Installation

This threat is distributed via web pages that you might inadvertently visit when looking for something else. These pages vary considerably, but they always encourage you to download a file.

The downloaded file is often an ISO image file. In some cases, the downloaded file may be an archive (for example, .zip file) that contains an ISO image file. Still in other cases the ISO image file is contained in a tar file downloaded from web pages that also encourage you to download WinRAR to extract the file.



When the ISO image file is opened, Windows mounts it as a new CD/DVD drive.



Payload

Installs malicious or unwanted software


This software bundler may install additional applications during installation. In most cases, the additional applications are displayed in the installer UI, although in some cases, it installs additional programs without disclosing them.



We have seen this threat install unwanted software including BrowserModifier:Win32/Sasquor, BrowserModifier:Win32/Soctuseer, and BrowserModifier:Win32/Flowsurf.





Analysis by Hamish O'Dea

Last update 07 December 2016

 

TOP