Systweak Spyware Library
Systweak Spyware Library text
More than 21875 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Adware.Astabar Analysis Report
Threat Submitted On: 6/12/2007 6:23:21 AM
Threat Analysed On: 6/12/2007 11:23:21 AM
Threat Updated On: 1/27/2011 12:10:58 PM
Type : Adware
Symptoms of Astabar
  • Displays porn/abusive content or intrusive third-party advertisements.
  • Shows deceptive or false warning.
  • Generates advertisement even when the program is not running
  • Synchronously installs other bundled program.
  • The program can places unwanted adverts on computer screen.
Information
Alias : AdWare.Win32.Astabar.a
Md5 Hash : [724e02c538e98978c5b9c053742959e2]
File Size : (409604 bytes)

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: [randomname].exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
0ddc6e2f1d5ac2cdd837bafe0ab2c759 ( 409623 bytes)
149502b8786df0e382611ac31d6eacb6 ( 409600 bytes)
1e4f61ec2ca9d99586e00177e3883021 ( 409625 bytes)
34f5e801dfab2ff1fd0c8520fcf5eae2 ( 409606 bytes)
724e02c538e98978c5b9c053742959e2 ( 409604 bytes)
9b4aa24316dbbac8b2fd369fb5b596e4 ( 409622 bytes)
c1f66353185d6ce2ce91fbd89c778797 ( 409624 bytes)
e1a064b72484780f159504b89288b430 ( 292819 bytes)
ef3a9b5bf0b03440f8fd5bd8280f2247 ( 409617 bytes)
Creates the following child process(s) on execution:

%programfiles%\internet explorer\iexplore.exe %programfiles%\internet explorer\iexplore.exe

services.exe

Creates the Following MUTEX(s) on user's System:-
shell.cmrupidllist
{69364682-1744-4315-ae65-18c5741b3f04}
{8269cf0d-348a-464b-87a1-c6b259477dcc}
{b78de3f9-009d-4176-8a23-912c6d5de9e5}
raspbfile
global\winlogon: logon userprofilemapping mutex
ctf.lbes.mutexdefaults-1-5-21-2298102545-2043133298-3556070412-1005
ctf.compart.mutexdefaults-1-5-21-2298102545-2043133298-3556070412-1005
ctf.asm.mutexdefaults-1-5-21-2298102545-2043133298-3556070412-1005
ctf.layouts.mutexdefaults-1-5-21-2298102545-2043133298-3556070412-1005
ctf.tmd.mutexdefaults-1-5-21-2298102545-2043133298-3556070412-1005
Tries To Connect's to the following IP Address(s) through UDP(User DataGram Protocal) :-

NOTE:

1. %workingdir% Refers to the current directory in which user is working.

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.


Microsoft Gold Certified Partner

© Systweak Inc., 1999-2011 All rights reserved.