PUA

About “PUAAdvertising:Win32/ShopHome” infection

Malware Removal

The PUAAdvertising:Win32/ShopHome is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PUAAdvertising:Win32/ShopHome virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Scheduled file move on reboot detected
  • Presents an Authenticode digital signature
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Collects information about installed applications
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Uses suspicious command line tools or Windows utilities

How to determine PUAAdvertising:Win32/ShopHome?



File Info:

name: A0ADA54026176D4C8D32.mlw
path: /opt/CAPEv2/storage/binaries/23058da6db24b04801fb2aec2b0516bce42ff47a69d3e92d74f6da2d633ebc6a
crc32: 2ED1ED6A
md5: a0ada54026176d4c8d324b792c86f1f0
sha1: 29384172ca092fb32e139c8d723c5b932b6728ef
sha256: 23058da6db24b04801fb2aec2b0516bce42ff47a69d3e92d74f6da2d633ebc6a
sha512: ab967914d0d66902d7276618e45853ae99ee47974cc0b0cbd20ba04b520b1a6bd1141cf9a17c0b22b405641ba25d37adf9f921c6a63f610184cbbdd06478a66b
ssdeep: 6144:Di3asTIPExWUZnT357pyC2V28877ZG2CPRgAXql39tMx24XfXhSVZ1L+UoRDaeyg:O3tSExlv29pgA6l38xlpSN9uE+JH
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D8F4903E3590C86BE61526B0D978CAF0B964BE30CD115983FF843ED8BEB5B9095025BD
sha3_384: db3d7095381e87c582df575c210a77763ed37cb9969be2333bb821798ba74f82c9c792d672479f42d34e8446d1a57b61
ep_bytes: 558bec6aff689018420068bcbc410064
timestamp: 2010-02-22 17:39:25


Version Info:

Comments: 
CompanyName: 
FileDescription: 
FileVersion: 5, 1, 0, 0
InternalName: 
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: 
PrivateBuild: 
ProductName: 
ProductVersion: 5, 1, 0, 0
SpecialBuild: 
Translation: 0x0409 0x04b0

PUAAdvertising:Win32/ShopHome also known as:

LionicRiskware.Win32.Sahat.1!c
Elasticmalicious (high confidence)
FireEyeGeneric.mg.a0ada54026176d4c
CAT-QuickHealPUA.Sahat.S18083
CylanceUnsafe
ZillyaAdware.Sahat.Win32.94
SangforSuspicious.Win32.Save.a
K7AntiVirusRiskware ( 0040eff71 )
K7GWRiskware ( 0040eff71 )
CyrenW32/SahPopup.A2.gen!Eldorado
SymantecPUA.ShopAtHome
TrendMicro-HouseCallTROJ_GEN.R002C0OKS21
Paloaltogeneric.ml
ClamAVWin.Adware.ShopAtHome-2
Kasperskynot-a-virus:WebToolbar.Win32.Sahat.ex
NANO-AntivirusRiskware.Win32.Sahat.wbbsc
SUPERAntiSpywareTrojan.Agent/Gen-Sahat
SophosSAHAgent Installer (PUA)
ComodoApplication.Win32.iBryte.P@529j3r
DrWebAdware.Bho.3787
TrendMicroTROJ_GEN.R002C0OKS21
McAfee-GW-EditionArtemis!PUP
SentinelOneStatic AI – Malicious PE
EmsisoftApplication.Toolbar (A)
APEXMalicious
GDataWin32.Adware.ShopAtHome.A
JiangminAdware/Sahat.l
AviraADWARE/iBryte.JH.1
Antiy-AVLTrojan/Generic.ASBOL.2897
GridinsoftRansom.Win32.Gen.sa
MicrosoftPUAAdvertising:Win32/ShopHome
CynetMalicious (score: 100)
AhnLab-V3PUP/Win32.ShopAtHome.R32596
McAfeeArtemis!A0ADA5402617
VBA32WebToolbar.Sahat
RisingTrojan.Generic@ML.100 (RDMK:PwwR5tHtX0OJgjwovBDAkA)
IkarusAdWare.Sahat
MaxSecurenot-a-virus:.Webtoolbar.Sahat.fb
FortinetRiskware/ShopAtHomeSelect
WebrootW32.Adware.Gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove PUAAdvertising:Win32/ShopHome?

PUAAdvertising:Win32/ShopHome removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment