Win32/AdWare.ConvertAd [Threat Name] go to Threat
Win32/Adware.ConvertAd.FG [Threat Variant Name]
| Category | adware |
| Size | 488985 B |
Short description
Win32/Adware.ConvertAd.FG is a adware used for delivery of unsolicited advertisements. The adware is usually a part of other malware.
Installation
When executed, the adware creates the following files:
- %localappdata%\%variable1%\uninstall.exe (80130 B)
- %localappdata%\%variable1%\%variable2%.tmp (274155 B, Win32/Adware.ConvertAd.FG)
- %localappdata%\%variable1%\%variable3%.exe (242688 B, Win32/Adware.ConvertAd.FG)
The adware executes the following files:
- %localappdata%\%variable1%\%variable2%.tmp /ch=%variable4% /fd=%appdata%\%uuid%
- %localappdata%\%variable1%\%variable3%.exe /ch=%variable4%
A string with variable content is used instead of %variable1-4% .
In order to be executed on every system start, the adware sets the following Registry entry:
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- "WinCheck" = "%localappdata%\%variable1%\%variable3%.exe"
The following Registry entries are set:
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\wincheck]
- "DisplayName" = "Jammed Paper Tray"
- "UninstallString" = "%localappdata%\%variable1%\uninstall.exe"
- "Publisher" = "Jammed Paper Tray"
- "DisplayVersion" = "1.0.0.0"
- "Channel" = "%variable4%"
- "DisplayIcon" = "%localappdata%\%variable1%\%variable3%.exe"
Information stealing
The adware collects sensitive information when the user browses certain web sites.
The following programs are affected:
- Google Chrome
- Internet Explorer
- Mozilla Firefox
The adware attempts to send gathered information to a remote machine.
Other information
The adware acquires data and commands from a remote computer or the Internet.
The adware contains a list of (4) URLs. The HTTP protocol is used.
The adware displays dialogs within the Internet browser with various advertisements.