Adware

Adware.Dropper.108 (file analysis)

Malware Removal

The Adware.Dropper.108 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Adware.Dropper.108 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Enumerates user accounts on the system
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Steals private information from local Internet browsers
  • Overwrites multiple files with zero bytes (hex 00) indicative of a wiper

How to determine Adware.Dropper.108?



File Info:

name: 71554938FD747DEBA78A.mlw
path: /opt/CAPEv2/storage/binaries/896abd113a44c5843160e97a874dbe690fd65173156f78cd9736fe52e896d489
crc32: 52FD581B
md5: 71554938fd747deba78a180c5f96a44c
sha1: 073b27015edd1dc794e652b2089ab335972f719c
sha256: 896abd113a44c5843160e97a874dbe690fd65173156f78cd9736fe52e896d489
sha512: 9849c231e9ddc6c59cd0df7266554f78e4bd359200e52f1ae0329b11fa553371a6e45a839dde1a73719ff3087734b0cb8621887936850f86f5b124140035377a
ssdeep: 12288:bla+M1uWCOrvP6wObKIEB83zCmL6kHJb9gDDGRbMyx8CLmoF8RWVKK7WUVyOCYwF:5a+M1uWbvjIO6fft9G9KJVTXwc+eG
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1821512237188D9BBC6C0693498AFEF80E29FF8591C3229B33322C7199E7E5158475D97
sha3_384: 60b547fb1acb5518de6f29ed51186b87f90d47b35a2561bf57c939671d027851907b9aede57a29d9c02f2c4da71879b5
ep_bytes: 6a5c6890ae4100e8ee100000895ddc89
timestamp: 2014-08-23 19:50:56


Version Info:

CompanyName: Setup
FileDescription: Setup
FileVersion: 2.5.0.0
InternalName: Setup
LegalCopyright: Copyright (c) 2014
OriginalFilename: Setup
ProductName: Setup
ProductVersion: 2.5.0.0
Translation: 0x041d 0x0000

Adware.Dropper.108 also known as:

BkavW32.AIDetect.malware2
MicroWorld-eScanGen:Variant.Adware.Dropper.108
FireEyeGeneric.mg.71554938fd747deb
CAT-QuickHealPua.Agent.21070
ALYacGen:Variant.Adware.Dropper.108
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusUnwanted-Program ( 0040f93f1 )
K7GWAdware ( 004eba201 )
Cybereasonmalicious.8fd747
BitDefenderThetaGen:NN.ZexaF.34742.4q0@aewKpyei
VirITTrojan.Win32.Crossrider.BTZX
CyrenW32/A-7d4ab2e9!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Adware.MultiPlug.BU
BaiduWin32.Adware.Generic.as
ClamAVWin.Trojan.Agent-1211781
Kasperskynot-a-virus:AdWare.Win32.Otezinu.babv
BitDefenderGen:Variant.Adware.Dropper.108
NANO-AntivirusTrojan.Win32.Adond.debtmi
SUPERAntiSpywarePUP.MultiPlug/Variant
APEXMalicious
TencentMalware.Win32.Gencirc.10b4aec8
Ad-AwareGen:Variant.Adware.Dropper.108
SophosMultiPlug (PUA)
ComodoApplication.Win32.Multiplug.R@58n3s2
DrWebTrojan.Crossrider.31093
ZillyaTrojan.Adond.Win32.103
McAfee-GW-EditionBehavesLike.Win32.Generic.dc
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Adware.Dropper.108 (B)
IkarusTrojan.Win32.Sisproc
GDataGen:Variant.Adware.Dropper.108
JiangminAdWare/MegaSearch.qcb
AviraTR/Kryptik.opox
MAXmalware (ai score=61)
ZoneAlarmnot-a-virus:AdWare.Win32.Otezinu.babv
MicrosoftTrojan:Win32/Sabsik.EN.B!ml
CynetMalicious (score: 100)
AhnLab-V3PUP/Win32.Generic.R117392
Acronissuspicious
McAfeeMultiPlug
TACHYONTrojan-Clicker/W32.Otezinu.921600
VBA32BScope.Trojan.Crossrider
MalwarebytesPUP.Optional.BundleInstaller
AvastWin32:MultiPlug-AAS [PUP]
RisingTrojan.Generic@AI.100 (RDMK:+DboDjMR2dTcM+Fs1Uxyuw)
YandexPUA.MultiPlug!7BU65R31BgY
SentinelOneStatic AI – Malicious PE
MaxSecurenot-a-virus:.AdWare.MultiPlug.nbjq
FortinetAdware/MultiPlug
AVGWin32:MultiPlug-AAS [PUP]
PandaTrj/Genetic.gen
CrowdStrikewin/grayware_confidence_100% (W)

How to remove Adware.Dropper.108?

Adware.Dropper.108 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment