Systweak Spyware Library
Systweak Spyware Library text
More than 815338 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Adware.180Solutions.ah Analysis Report
Threat Level:
Threat Submitted On: 5/10/2007 3:22:27 PM
Threat Analysed On: 5/10/2007 8:22:27 PM
Type : Adware
Alias : AdWare.Win32.180Solutions.ah [Kaspersky Labs] [Symantec] [McAfee]
Md5 Hash : [ e8db135738dc165d708d7177808c216b ]
File Size : (83079 bytes)
Description:
Adware programs secretly embed themselves on the victim’s computer, hijack the browsi

180Solutions.ah

Adware.180Solutions.ah
shows some basic symptoms on execution which are as follows:-
  • Displays porn/abusive content or intrusive third-party advertisements.
    •
  • Shows deceptive or false warning.
    •
  • Generates advertisement even when the program is not running
    •
  • Synchronously installs other bundled program.
    •
  • The program can places unwanted adverts on computer screen.
    •

    Here are the Technical findings of our analysis team after analyzing this malware in detail :-

    Loads The following DLL(s)[Dynamic Link Library] when this malware is executed :-

    %windir%\system32\ntdll.dll

    %windir%\system32\kernel32.dll

    %windir%\system32\advapi32.dll

    %windir%\system32\rpcrt4.dll

    %windir%\system32\gdi32.dll

    %windir%\system32\user32.dll

    %windir%\system32\ole32.dll

    %windir%\system32\msvcrt.dll

    %windir%\system32\oleaut32.dll

    %windir%\system32\version.dll

    %windir%\system32\vsmvhk.dll

    %windir%\system32\wsock32.dll

    %windir%\system32\ws2_32.dll

    %windir%\system32\ws2help.dll

    %windir%\system32\comctl32.dll

    %windir%\system32\pstorec.dll

    %windir%\system32\atl.dll

    %windir%\system32\wship6.dll

    %windir%\system32\secur32.dll

    kernel32.dll

    advapi32.dll

    gdi32.dll

    ole32.dll

    oleaut32.dll

    user32.dll

    version.dll

    %workingdir%\[random name].exe

    shell32.dll

    shlwapi.dll

    advapi32.dll

    kernel32.dll

    comctl32.dll

    wininet.dll

    rasapi32.dll

    rtutils.dll

    shell32.dll

    userenv.dll

    netapi32.dll

    Creates the following child process(s) on execution:

    services.exe

    Creates the Following MUTEX(s) on user's System:-
    180client stub multiple instance lock
    filewritemutex
    backupfilewritemutex
    raspbfile
    Tries To Connect to The Following Urls:-
    Http_Version :http/1.1
    64.94.137.121/versionconfig.aspx?did=7168&ver=2.1.0.1&brand=zango&os=5.1.2600.2
    Microsoft Gold Certified Partner

    © Systweak Inc., 1999-2009 All rights reserved.