Win32/AdWare.LoadMoney [Threat Name]

Detection created2014-06-13
World activity peak 2015-02-01 (1.47 %)
Short description

Win32/Adware.LoadMoney is a adware designed to deliver various adware/potentially unwanted applications to the user's systems.


The adware does not create any copies of itself.

Information stealing

The following information is collected:

  • information about the operating system and system settings
  • the list of installed software
  • unique identifier of infected computer
  • file system type
  • installed antivirus software
  • name, version of default Internet browser
  • files and Registry entries

The adware attempts to send gathered information to a remote machine.

Other information

The adware acquires data and commands from a remote computer or the Internet.

The adware contains a URL address. The HTTP protocol is used.

The network communication with remote computer/server is encrypted.

It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • to install and to execute of applications
  • create Registry entries
  • create files
  • change the home page of web browser

The adware may display the following messages:

The adware may display the following dialog windows:

The adware can open the following URLs:

  • http://%remotec&cserverurl%/get_json?stb=%variable1%&did=%variable2%&ext_partner_id=&file_id=%variable3%
  • http://%remotec&cserverurl%/get_json?stb=%variable1%&did=%variable2%&ext_partner_id=&file_id=%variable3%&delay=%delay%

A variable numerical value is used instead of %variable1%, %variable2%, %variable3% .

Executable file containing Win32/Adware.LoadMoney may be digitally signed.

Please enable Javascript to ensure correct displaying of this content and refresh this page.