Categories: Adware

Adware.Dropper (A) information

The Adware.Dropper (A) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Adware.Dropper (A) virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (2 unique times)
Creates RWX memory
Reads data out of its own binary image
Drops a binary and executes it
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Uses Windows utilities for basic functionality
Tries to suspend Cuckoo threads to prevent logging of malicious activity
Tries to unhook or modify Windows functions monitored by Cuckoo
Installs itself for autorun at Windows startup
Anomalous binary characteristics

Related domains:

fget-career.com

www.qq5.com

css.jipinfeiche.cn

How to determine Adware.Dropper (A)?


File Info:
crc32: 42CD6BBCmd5: b95f7b489e3bd33835c2d65f6dcbad6bname: dongwuyuanlianliankan.exesha1: ede17110467c850d8d433a46242116a054d756absha256: 25de9ca404542b9dcd2934158372de2c1d1ac46ed6051a0a3e9a7e0596eb2bebsha512: fae1c1ea3981eeede1462b6e8eeaeee0ed5f2fd00f32cb09e945c9c151a1178534276cc21e731a98635559e07875f4c492621eb3fb95294c57c32e4e4d4aa815ssdeep: 393216:ugK912kjK4VXNI/6HVrqQcPmsmUjY6mLcDvg0Bv:ugKP2p4V968rqr/YpYD40xtype: PE32 executable (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
Version Info:
LegalCopyright: (C)ProductName: FileVersion: FileDescription: Producer shdTranslation: 0x0804 0x04e4

Adware.Dropper (A) also known as:

DrWeb	Adware.Searcher.1222
FireEye	Generic.mg.b95f7b489e3bd338
CAT-QuickHeal	W32.Ramnit.A
McAfee	Artemis!B95F7B489E3B
Cylance	Unsafe
K7AntiVirus	Trojan ( 0050b64b1 )
BitDefender	Win32.Ramnit
K7GW	Trojan ( 0050b64b1 )
Cybereason	malicious.89e3bd
TrendMicro	PE_RAMNIT.H
BitDefenderTheta	AI:FileInfector.EAEEA7850C
Cyren	W32/Ramnit.B!Generic
APEX	Malicious
Avast	Win32:RmnDrp
ClamAV	Win.Trojan.Ramnit-1847
GData	Trojan.GenericKD.32774127
Kaspersky	Virus.Win32.Nimnul.a
Alibaba	Virus:Win32/Nimnul.9b998201
NANO-Antivirus	Virus.Win32.Ramnit.eslalb
AegisLab	Virus.Win32.Nimnul.n!c
Rising	Virus.Ramnit!1.9AA5 (CLASSIC:bWQ1On/VOxVBpt0f0udvDQJDAX4)
Sophos	Mal/Agent-AUG
F-Secure	Malware.W32/Ramnit.CD
Baidu	Multi.Threats.InArchive
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.BadFile.rc
Trapmine	malicious.high.ml.score
Emsisoft	Adware.Dropper (A)
Ikarus	Virus.Ramnit
F-Prot	W32/Ramnit.B!Generic
Jiangmin	Win32/PatchFile.et
MaxSecure	Virus.Nimnul.A
Avira	W32/Ramnit.CD
Endgame	malicious (high confidence)
Arcabit	Win32.Ramnit
ZoneAlarm	Virus.Win32.Nimnul.a
Microsoft	Virus:Win32/Ramnit.A
Acronis	suspicious
VBA32	Virus.Win32.Nimnul.a
MAX	malware (ai score=100)
Malwarebytes	Trojan.ChinAd
Zoner	Trojan.Win32.Ramnit.23698
ESET-NOD32	a variant of NSIS/TrojanDropper.Agent.BT
TrendMicro-HouseCall	PE_RAMNIT.H
Tencent	Win32.Virus.Nimnul.Pftf
SentinelOne	DFI – Suspicious PE
Fortinet	W32/Agent.BT!tr
Webroot	W32.Malware.Heur
AVG	Win32:RmnDrp
CrowdStrike	win/malicious_confidence_70% (W)
Qihoo-360	Win32/Virus.IM.0e1