ADW_SEARCHSUITE.GA
December 11, 2014
ALIASES:
not-a-virus:WebToolbar.Win64.SearchSuite.d (Kaspersky), a variant of Win32/Toolbar.SearchSuite.Q (ESET)
PLATFORM:
Windows
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
INFORMATION EXPOSURE:
Threat Type: Adware
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This adware requires its main component to successfully perform its intended routine.
TECHNICAL DETAILS
File Size:
Varies
File Type:
DLL
Initial Samples Received Date:
10 Dec 2014
Arrival Details
This malware arrives via the following means:
- as a DLL bundled in SearchSuite package
Other Details
This adware connects to the following possibly malicious URL:
- http://dts.search.{BLOCKED}k.com/sr?l=dis&o=APN10645&qsrc=2870&apn_dtid=BND{sysid}&apn_ptnrs=LVD2-DTX&apn_uid={uid}&gct=dns&gc=1&appid={appid}&sysid={sysid}&sver=3&q=
- http://dts.search.{BLOCKED}k.com/sr?src=crb&gct=ds&appid={appid}&systemid={sysid}&v={value}-{uc}&apn_uid={uid}&apn_dtid=BND{sysid}&o=APN10645&apn_ptnrs=AG6&q=
- http://dts.search.{BLOCKED}k.com/sr?src=ffb&gct=ds&appid={appid}&systemid={sysid}&v={value}-{uc}&apn_dtid=BND{sysid}&apn_ptnrs=AG6&apn_uid={uid}&o=APN10645&q=
- http://dts.search.{BLOCKED}k.com/sr?src=ieb&gct=ds&appid={appid}&systemid={sysid}&v={value}-{uc}&apn_uid={uid}&apn_dtid=BND{sysid}&o=APN10645&apn_ptnrs=AG6&q=
- http://www.search.{BLOCKED}k.com/?o=APN10645A&gct=hp&d={sysid}-{appid}&v={value}-{uc}&t=4
- http://www.search.{BLOCKED}k.com/suggest.php?src=ieb&gct=ds&appid={appid}&systemid={sysid}&v={value}-{uc}&apn_uid={uid}&apn_dtid=BND{sysid}&o=APN10645&apn_ptnrs=AG6&qu=
- http://www.search.{BLOCKED}k.com?o=APN10645A&gct=hp&d={sysid}-{appid}&v={value}-{uc}&t=4&tag=newtab
It requires its main component to successfully perform its intended routine.
NOTES:
This adware's export functions are used by the main component DatamngrCoordinator.