ADW_IBRYTE
PLATFORM:
Windows
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
INFORMATION EXPOSURE:
Threat Type: Adware
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This adware may arrive bundled with malware packages as a malware component. It may be manually installed by a user.
As of this writing, the said sites are inaccessible.
TECHNICAL DETAILS
File Size:
2,610,688 bytes
File Type:
EXE
Memory Resident:
No
Initial Samples Received Date:
05 May 2015
Arrival Details
This adware may arrive bundled with malware packages as a malware component.
It may be manually installed by a user.
Download Routine
This adware accesses the following websites to download files:
- http://{BLOCKED}sions-proxy-1085035873.us-east-1.elb.amazonaws.com/impression.do/?user_id=99827062-3b3c-4104-8166-ceb556821a28&event=dotnet_version_4.0&spsource=google_pdfcreator-display-CA-336x280_gif_borders&subid=software&subid2=www.download.hr&traffic_source=google_wisedownloads&offer_id=PDFCreator
- http://{BLOCKED}ssions-proxy-1085035873.us-east-1.elb.amazonaws.com/impression.do/?user_id=99827062-3b3c-4104-8166-ceb556821a28&event=download_textarea_error&spsource=google_pdfcreator-display-CA-336x280_gif_borders&referrer=http://install2.optimum-installer.com/config/PDFCreator/offers.json?version=1.0&pid=installer&ts=2012-09-24T15:35:25.9486485Z&subid=software&subid2=www.download.hr&traffic_source=google_wisedownloads&offer_id=PDFCreator
- http://{BLOCKED}sions-proxy-1085035873.us-east-1.elb.amazonaws.com/impression.do/?user_id=99827062-3b3c-4104-8166-ceb556821a28&event=dpi_1&spsource=google_pdfcreator-display-CA-336x280_gif_borders&subid=software&subid2=www.download.hr&traffic_source=google_wisedownloads&offer_id=PDFCreator
- http://{BLOCKED}essions-proxy-1085035873.us-east-1.elb.amazonaws.com/impression.do/?user_id=99827062-3b3c-4104-8166-ceb556821a28&event=install_bad_config&spsource=google_pdfcreator-display-CA-336x280_gif_borders&referrer=http://install2.optimum-installer.com/config/PDFCreator/offers.json?version=1.0&pid=installer&ts=2012-09-24T15:35:25.9486485Z&subid=software&subid2=www.download.hr&traffic_source=google_wisedownloads&offer_id=PDFCreator
- http://{BLOCKED}pressions-proxy-1085035873.us-east-1.elb.amazonaws.com/impression.do/?user_id=99827062-3b3c-4104-8166-ceb556821a28&event=json_installer_initialize_5218&spsource=google_pdfcreator-display-CA-336x280_gif_borders&subid=software&subid2=www.download.hr&traffic_source=google_wisedownloads&offer_id=PDFCreator
- http://{BLOCKED}essions-proxy-1085035873.us-east-1.elb.amazonaws.com/impression.do/?user_id=99827062-3b3c-4104-8166-ceb556821a28&event=offer_0_accepted_&spsource=google_pdfcreator-display-CA-336x280_gif_borders&subid=software&subid2=www.download.hr&traffic_source=google_wisedownloads&offer_id=PDFCreator
- http://{BLOCKED}sions-proxy-1085035873.us-east-1.elb.amazonaws.com/impression.do/?user_id=99827062-3b3c-4104-8166-ceb556821a28&event=setup_complete&spsource=google_pdfcreator-display-CA-336x280_gif_borders&subid=software&subid2=www.download.hr&traffic_source=google_wisedownloads&offer_id=PDFCreator
- http://i{BLOCKED}ssions-proxy-1085035873.us-east-1.elb.amazonaws.com/impression.do/?user_id=99827062-3b3c-4104-8166-ceb556821a28&event=setup_run&spsource=google_pdfcreator-display-CA-336x280_gif_borders&subid=software&subid2=www.download.hr&traffic_source=google_wisedownloads&offer_id=PDFCreator
- http://i{BLOCKED}ll2.optimum-installer.com/config/PDFCreator/offers.json?version=1.0&pid=installer&ts=2012-09-24T15:35:25.9486485Z
- http://www.{BLOCKED}ownloads.com/Installer/Complete?source=google_pdfcreator-display-CA-336x280_gif_borders&reason=cancel&user_id=99827062-3b3c-4104-8166-ceb556821a28&ask=False
As of this writing, the said sites are inaccessible.
NOTES:
ADW_IBRYTE is an adware program bundled with third-party application installers. It downloads the installers from the mentioned sites and installs them.