ADW_BROWSEFOX.B
Adware.BrowseFox.BU (Bitdefender); AdWare.Win32.Yotoon.szt (Kaspersky); Trojan.Win32.Generic!BT (Sunbelt)
Windows
Tipo de malware
Adware
Destructivo?
No
Cifrado
In the Wild:
Sí
Resumen y descripción
Detalles técnicos
Técnica de inicio automático
Agrega las siguientes entradas de registro para permitir su ejecución automática cada vez que se inicia el sistema:
HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\
InprocServer32
@ = "{malware path}\{malware name}.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32
@ = "{malware path}\{malware name}.dll"
Otras modificaciones del sistema
Agrega las siguientes entradas de registro como parte de la rutina de instalación:
HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52
HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\
InprocServer32
HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\
Programmable
HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\
TypeLib
HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\
Version
HKEY_CLASSES_ROOT\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
HKEY_CLASSES_ROOT\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\
ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\
ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\
TypeLib
HKEY_CLASSES_ROOT\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
HKEY_CLASSES_ROOT\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\
ProxyStubClsid
HKEY_CLASSES_ROOT\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\
ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\
TypeLib
HKEY_CLASSES_ROOT\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
HKEY_CLASSES_ROOT\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\
1.0
HKEY_CLASSES_ROOT\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\
1.0\0
HKEY_CLASSES_ROOT\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\
1.0\0\win32
HKEY_CLASSES_ROOT\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\
1.0\FLAGS
HKEY_CLASSES_ROOT\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\
1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\
0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\
0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\
0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\
FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\
HELPDIR
Agrega las siguientes entradas de registro:
HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Default = "Manager Class"
HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\
InprocServer32
ThreadingModel = "Apartment"
HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\
TypeLib
Default = "{hex values}"
HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\
Version
Default = "1.0"
HKEY_CLASSES_ROOT\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Default = "IManager"
HKEY_CLASSES_ROOT\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\
ProxyStubClsid
Default = "{hex values}"
HKEY_CLASSES_ROOT\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\
ProxyStubClsid32
Default = "{hex values}"
HKEY_CLASSES_ROOT\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\
TypeLib
Default = "{hex values}"
HKEY_CLASSES_ROOT\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\
TypeLib
Version = "1.0"
HKEY_CLASSES_ROOT\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Default = "IMdt"
HKEY_CLASSES_ROOT\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\
ProxyStubClsid
Default` = "{hex values}"
HKEY_CLASSES_ROOT\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\
ProxyStubClsid32
Default = "{hex values}"
HKEY_CLASSES_ROOT\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\
TypeLib
Default = "{hex values}"
HKEY_CLASSES_ROOT\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\
TypeLib
Version = "1.0"
HKEY_CLASSES_ROOT\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\
1.0
Default = "XTLSLib"
HKEY_CLASSES_ROOT\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\
1.0\0\win32
Default = "{malware path}\{malware name}.dll"
HKEY_CLASSES_ROOT\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\
1.0\FLAGS
Default = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Default = "Manager Class"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32
ThreadingModel = "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\TypeLib
Default = "{hex values}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\Version
Default = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Default = "IManager"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\ProxyStubClsid
Default = "{hex values}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\ProxyStubClsid32
Default = "{hex values}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\TypeLib
Default = "{hex values}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Default = "IMdt"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\ProxyStubClsid
Default = "{hex values}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\ProxyStubClsid32
Default = "{hex values}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\TypeLib
Default = "{hex values}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0
Default = "XTLSLib"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\
0\win32
Default = "{malware path}\{malware name}.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\
FLAGS
Default = "0"