Adware PUA

NSIS:Adware-WT [PUP] (file analysis)

Malware Removal

The NSIS:Adware-WT [PUP] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What NSIS:Adware-WT [PUP] virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Scheduled file move on reboot detected
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Attempts to modify proxy settings
  • Creates a copy of itself

How to determine NSIS:Adware-WT [PUP]?



File Info:

name: E3B669F0BBB541B03DC5.mlw
path: /opt/CAPEv2/storage/binaries/245e3e80b0dd43e4b34f74422c19c4e37e7d219f79ccab3b351d45f837db9223
crc32: 97968EAC
md5: e3b669f0bbb541b03dc52b5f3ec5d243
sha1: 03a9db26aeff1a086b0729d5c9a9fedf86c46763
sha256: 245e3e80b0dd43e4b34f74422c19c4e37e7d219f79ccab3b351d45f837db9223
sha512: 0f03e432aee1c1bb1a65469dd9f92c817ec71bbd476516684aecfdaff40dcf1915f99bb04c5ab02b4bbf25d1e1ecc8beab8331901e31b59ac5e244aef56c2202
ssdeep: 3072:kgXdZt9P6D3XJXceASMrOW+q/etDx21NtBcp+jnYrPo4sk:ke34RmSMrTEtt2NB6+szP
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CCC3F10666C199B7D9F603301A73E73EF7FAD3D9064567274BA02FEEAE521438908253
sha3_384: 584ee8b1cdd01596553bec1d868cd1192bf4fd7cc8f565d69bdb579fa294b482d66524fbb9210cc7d4e1f324e1540070
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2009-12-05 22:50:52


Version Info:

Comments: 
CompanyName:  
FileDescription: install
FileVersion: 1.0.0.0
LegalCopyright: (C) 2014
LegalTrademarks:  
ProductName: 
ProductVersion: 1.0.0.0
Translation: 0x0000 0x04e4

NSIS:Adware-WT [PUP] also known as:

BkavW32.AIDetect.malware2
LionicAdware.NSIS.ConvertAd.2!c
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader23.18983
MicroWorld-eScanAdware.GenericKD.38133857
FireEyeAdware.GenericKD.38133857
ALYacAdware.GenericKD.38133857
CylanceUnsafe
SangforAdware.Win32.ConvertAd.1
K7AntiVirusTrojan ( 004b0e451 )
AlibabaAdWare:Win32/ConvertAd.ed605aad
K7GWTrojan ( 004b0e451 )
SymantecTrojan.Gen.2
ESET-NOD32Win32/Adware.ConvertAd.AQ
TrendMicro-HouseCallTROJ_GEN.R002H0CKS21
Kasperskynot-a-virus:HEUR:AdWare.NSIS.ConvertAd.heur
BitDefenderAdware.GenericKD.38133857
SUPERAntiSpywareAdware.VOPackage/Variant
AvastNSIS:Adware-WT [PUP]
TencentNsis.Adware.Convertad.Akos
Ad-AwareAdware.GenericKD.38133857
EmsisoftAdware.GenericKD.38133857 (B)
BaiduNSIS.Adware.XXPackage.a
VIPREConvertAd
McAfee-GW-EditionBehavesLike.Win32.AdwareDotDo.cc
SophosGeneric PUA AD (PUA)
GDataAdware.GenericKD.38133857
JiangminAdWare.ConvertAd.agng
AviraADWARE/ConvertAd.Gen7
Antiy-AVLTrojan/Generic.ASMalwNS.29E7
GridinsoftRansom.Win32.Gen.sa
ViRobotAdware.Convertad.118524
MicrosoftProgram:Win32/Wacapew.C!ml
CynetMalicious (score: 99)
AhnLab-V3PUP/Win32.ConvertAd.R229006
McAfeeArtemis!E3B669F0BBB5
MAXmalware (ai score=66)
MalwarebytesAdware.ConvertAd
APEXMalicious
SentinelOneStatic AI – Suspicious PE
WebrootPua.Vopackage
AVGNSIS:Adware-WT [PUP]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove NSIS:Adware-WT [PUP]?

NSIS:Adware-WT [PUP] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment