Home / malware PUA:Win32/Prepscram
First posted on 07 December 2016.
Source: MicrosoftAliases :
There are no other names known for PUA:Win32/Prepscram.
Explanation :
Arrival and Installation
This threat is distributed via web pages that you might inadvertently visit when looking for something else. These pages vary considerably, but they always encourage you to download a file.
The downloaded file is often an ISO image file. In some cases, the downloaded file may be an archive (for example, .zip file) that contains an ISO image file. Still in other cases the ISO image file is contained in a tar file downloaded from web pages that also encourage you to download WinRAR to extract the file.
When the ISO image file is opened, Windows mounts it as a new CD/DVD drive.
Payload
Installs malicious or unwanted software
This software bundler may install additional applications during installation. In most cases, the additional applications are displayed in the installer UI, although in some cases, it installs additional programs without disclosing them.
We have seen this threat install unwanted software including BrowserModifier:Win32/Sasquor, BrowserModifier:Win32/Soctuseer, and BrowserModifier:Win32/Flowsurf.
Analysis by Hamish O'DeaLast update 07 December 2016