NSIS:Adware-DR [Adw] (file analysis)

The NSIS:Adware-DR [Adw] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What NSIS:Adware-DR [Adw] virus can do?

Creates RWX memory
A process attempted to delay the analysis task.
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
Reads data out of its own binary image
Drops a binary and executes it
Authenticode signature is invalid
Attempts to modify proxy settings

Related domains:

wpad.local-net

track.bndle.com

cdn01.bcdn.info

How to determine NSIS:Adware-DR [Adw]?


File Info:
name: 9382DCFA84F728DDCBD5.mlw
path: /opt/CAPEv2/storage/binaries/123921c0a250377f62a009935d94b3d1325e0fdb22a441be426b06ecd884d192
crc32: B49362ED
md5: 9382dcfa84f728ddcbd57626e20f4140
sha1: 7c4fd80bf28a11b66c4f36a017c13378afe042f6
sha256: 123921c0a250377f62a009935d94b3d1325e0fdb22a441be426b06ecd884d192
sha512: 2c65da3e6d1a136948282442d5956e1bf3109c563720f1ea53dbff58775325f1aa01aa0624e123dbeb2a8a00319eae6a7a0f3c201f3d03389296da8b8dcb7bdb
ssdeep: 12288:x6yRG6QiGtCnKNMIcvNrSQ45pXscbIWwor68e0:cyz5wJMfNSQ45pXscbGo6s
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11EA4227C61D9C563CA71FB3241FE5332DBB56E492A5021DB8B72BFE58831086DF221A4
sha3_384: 8badfdb598c727a49914a0c8bb623813211cb346b16d4d54695d73d78d43476acb9a8795f3a33d323ff3077127b14477
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2009-12-05 22:50:46

Version Info:
Comments: vGrabber setup
CompanyName: http://vgrabber.org
FileDescription: vGrabber setup
FileVersion: 1.14
LegalCopyright: © http://vgrabber.org (vGrabberWR_C48US_Single_Conduit)
ProductName: vGrabber
Translation: 0x0409 0x0000

NSIS:Adware-DR [Adw] also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Adware.GenericKD.38128797
FireEye	Adware.GenericKD.38128797
ALYac	Adware.GenericKD.38128797
Cylance	Unsafe
VIPRE	Bundlore (fs)
K7AntiVirus	Trojan-Downloader ( 00473e581 )
Alibaba	TrojanDownloader:Win32/Ezula.66c4dd2a
K7GW	Trojan-Downloader ( 00473e581 )
ESET-NOD32	multiple detections
APEX	Malicious
Kaspersky	not-a-virus:HEUR:Downloader.Win32.Agent.gen
BitDefender	Adware.GenericKD.38128797
NANO-Antivirus	Riskware.Nsis.Adw.dorcdr
SUPERAntiSpyware	PUP.InstallCore/Variant
Avast	NSIS:Adware-DR [Adw]
Tencent	Trojan.Win32.BitCoinMiner.la
Ad-Aware	Adware.GenericKD.38128797
Sophos	vGrabber (PUA)
Comodo	Malware@#3ppjlm5v07rvo
DrWeb	Adware.Downware.113
TrendMicro	TROJ_GEN.R002C0PKQ21
McAfee-GW-Edition	BehavesLike.Win32.Downloader.gc
Emsisoft	Adware.GenericKD.38128797 (B)
SentinelOne	Static AI – Suspicious PE
GData	Adware.GenericKD.38128797
Webroot	W32.Adware.Vgrabber
Antiy-AVL	Trojan/Generic.ASMalwNS.BA4
Kingsoft	Win32.Troj.Undef.(kcloud)
Gridinsoft	Ransom.Win32.Wacatac.sa
Microsoft	Program:Win32/Wacapew.C!ml
Cynet	Malicious (score: 100)
McAfee	Generic PUP.jy
VBA32	suspected of Trojan.Downloader.gen
Malwarebytes	PUP.Optional.BundleInstaller.VG
TrendMicro-HouseCall	TROJ_GEN.R002C0PKQ21
Fortinet	Riskware/Bundlore
AVG	NSIS:Adware-DR [Adw]
Panda	Generic Malware
CrowdStrike	win/malicious_confidence_60% (D)

How to remove NSIS:Adware-DR [Adw]?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

NSIS:Adware-DR [Adw] (file analysis)