Adware.IStartSurf

Forum for analysis and discussion about malware.
Post Reply
hackr8
Posts: 25
Joined: Fri Dec 21, 2018 1:50 pm
Contact:

Adware.IStartSurf

Post by hackr8 » Fri Mar 08, 2019 5:33 pm

I downloaded this sample from a site I was redirected to while googling. The file has unusual structure.
Can somebody try analyzing this? Thanks.
Virustotal: https://www.virustotal.com/#/file/e9b4b ... 0f5c535d4d
You do not have the required permissions to view the files attached to this post.
My forum: hackrhouse.freeforums.net

Fedor22
Posts: 56
Joined: Sun Dec 03, 2017 5:50 pm
Location: Russian Federation

Re: Adware.IStartSurf

Post by Fedor22 » Fri Mar 08, 2019 6:22 pm

hackr8 wrote:
Fri Mar 08, 2019 5:33 pm
I downloaded this sample from a site I was redirected to while googling. The file has unusual structure.
Can somebody try analyzing this? Thanks.
Virustotal: https://www.virustotal.com/#/file/e9b4b ... 0f5c535d4d
It's Prepscram software bundler. It also connects to spam site and IP adress:

Code: Select all

hxxp://one.mountaincanvas.pw/offer.php?affId=1278&trackingId=406532207&instId=731&ho_trackingid=HO406532207&cc=GR&sb=x86&wv=7sp1&db=InternetExplorer&uac=1&cid=5d979308c3b6ea5ad7e984e628c8cac1&v=3&net=4.6.01055&ie=8%2e0%2e7601%2e17514&res=1280x720&osd=519&kid=hqmrb21b2e3h2r5cac9 (hxxp://143.204.208.37)
https://www.virustotal.com/#/url/c4807a ... /detection
https://www.virustotal.com/#/ip-address/143.204.208.37

Post Reply