Adware.Siggen.25123

Technical Information

To ensure autorun and distribution

Modifies the following registry keys

[<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'FlyswatDesktop' = '"%ProgramFiles(x86)%\Flyswat\flydesk.exe"'

Modifies file system

Creates the following files

%TEMP%\rarsfx0\flydesk.exe
%APPDATA%\flyswat\fsstc\miniband-images\flyswatoff.gif
%APPDATA%\flyswat\fsstc\miniband-images\flyswatoff-hover.gif
%APPDATA%\flyswat\fsstc\miniband-images\flyswatoff-click.gif
%APPDATA%\flyswat\fsstc\miniband-images\boat.gif
%APPDATA%\flyswat\fsstc\miniband-images\go.gif
%APPDATA%\flyswat\fsstc\popup-images\vert-top-logo.gif
%APPDATA%\flyswat\fsstc\popup-images\vert-top-bg.gif
%APPDATA%\flyswat\fsstc\popup-images\vert-bottom-bg.gif
%APPDATA%\flyswat\fsstc\popup-images\popup-top-loading.gif
%APPDATA%\flyswat\fsstc\miniband-images\flyswaton-hover.gif
%APPDATA%\flyswat\fsstc\popup-images\popup-tab.gif
%APPDATA%\flyswat\fsstc\popup-images\popup-tab-bg.gif
%APPDATA%\flyswat\fsstc\popup-images\popup-bottom-rounded.gif
%APPDATA%\flyswat\fsstc\popup-images\popup-bottom-promo.gif
%APPDATA%\flyswat\fsstc\popup-images\popup-bottom-loading.gif
%APPDATA%\flyswat\fsstc\popup-images\plus-blue.gif
%APPDATA%\flyswat\fsstc\popup-images\plus-blue-hover.gif
%APPDATA%\flyswat\fsstc\popup-images\popup-top-rounded.gif
%APPDATA%\flyswat\fsstc\popup-images\minus-black-hover.gif
%APPDATA%\flyswat\fsstc\miniband-images\flyswaton.gif
%APPDATA%\flyswat\fsstc\images\underline.gif
%APPDATA%\flyswat\fsstc\images\imgunderlineonclick.gif
%APPDATA%\flyswat\fsstc\images\imgunderlinehighlight.gif
%APPDATA%\flyswat\fsstc\images\imgunderline.gif
%APPDATA%\flyswat\fsstc\miniband-images\fly.gif
%APPDATA%\flyswat\fsstc\miniband-images\submitsearch.gif
%APPDATA%\flyswat\fsstc\miniband-images\submitsearch-hover.gif
%APPDATA%\flyswat\fsstc\miniband-images\submitsearch-click.gif
%APPDATA%\flyswat\fsstc\popup-images\minus-blue.gif
%APPDATA%\flyswat\fsstc\miniband-images\flyswaton-click.gif
%APPDATA%\flyswat\fsstc\miniband-images\search-click.gif
%APPDATA%\flyswat\fsstc\miniband-images\options.gif
%APPDATA%\flyswat\fsstc\miniband-images\options-hover.gif
%APPDATA%\flyswat\fsstc\miniband-images\options-click.gif
%APPDATA%\flyswat\fsstc\miniband-images\helpmenu.gif
%APPDATA%\flyswat\fsstc\miniband-images\helpmenu-hover.gif
%APPDATA%\flyswat\fsstc\miniband-images\helpmenu-click.gif
%APPDATA%\flyswat\fsstc\miniband-images\go-hover.gif
%APPDATA%\flyswat\fsstc\miniband-images\search-hover.gif
%APPDATA%\flyswat\fsstc\miniband-images\go-click.gif
%APPDATA%\flyswat\fsstc\popup-images\minus-blue-hover.gif
%APPDATA%\flyswat\fsstc\popup-images\boat-anim.gif
%APPDATA%\flyswat\fsstc\popup-images\scrollup.gif
%TEMP%\rarsfx0\ui.cab
%ProgramFiles(x86)%\flyswat\set5f36.tmp
%ProgramFiles(x86)%\flyswat\set5f16.tmp
%ProgramFiles(x86)%\flyswat\set5ef6.tmp
%ProgramFiles(x86)%\flyswat\set5ee5.tmp
%ProgramFiles(x86)%\flyswat\set5ec5.tmp
%ProgramFiles(x86)%\flyswat\set5eb4.tmp
%ProgramFiles(x86)%\flyswat\set5e85.tmp
%APPDATA%\flyswat\fsstc\images\underlinehighlight.gif
%WINDIR%\fssetup.dll
%TEMP%\rarsfx0\setup.exe
%TEMP%\rarsfx0\psapi.dll
%TEMP%\rarsfx0\options.inp
%TEMP%\rarsfx0\fssetup.dll
%TEMP%\rarsfx0\fsinstall.ini
%TEMP%\rarsfx0\flyswat.inf
%TEMP%\rarsfx0\flylib.dll
%TEMP%\rarsfx0\flydsk.dll
%ProgramFiles(x86)%\flyswat\set5e74.tmp
%APPDATA%\flyswat\fsstc\miniband-images\search.gif
%WINDIR%\fsuninst.exe
%APPDATA%\flyswat\fsstc\ui.cab
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\flyswat\uninstall flyswat.lnk
%APPDATA%\flyswat\fsstc\popup-images\scrollup-disabled.gif
%APPDATA%\flyswat\fsstc\popup-images\scrollup-click.gif
%APPDATA%\flyswat\fsstc\popup-images\scrolldown.gif
%APPDATA%\flyswat\fsstc\popup-images\scrolldown-disabled.gif
%APPDATA%\flyswat\fsstc\popup-images\scrolldown-click.gif
%APPDATA%\flyswat\fsstc\popup-images\popup-loadingfly.gif
%APPDATA%\flyswat\fsstc\popup-images\plus-black.gif
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\flyswat\flyswat desktop.lnk
%APPDATA%\flyswat\fsstc\popup-images\plus-black-hover.gif
%WINDIR%\fsinstall.ini
%APPDATA%\flyswat\fsstc\miniband.html
%APPDATA%\flyswat\fsstc\flystylesearch.html
%APPDATA%\flyswat\fsstc\flystylepopup.html
%APPDATA%\flyswat\fsstc\flystyleall.html
%APPDATA%\flyswat\fsstc\desktop.html
%APPDATA%\flyswat\fsstc\desktop-loading.html
%APPDATA%\flyswat\fsstc\style_ck
%APPDATA%\flyswat\fsstc\popup-images\minus-black.gif
%APPDATA%\flyswat\fsstc\images\underlineonclick.gif

Deletes the following files

%TEMP%\rarsfx0\flydesk.exe
%TEMP%\rarsfx0\flydsk.dll
%TEMP%\rarsfx0\flylib.dll
%TEMP%\rarsfx0\flyswat.inf
%TEMP%\rarsfx0\fsinstall.ini
%TEMP%\rarsfx0\fssetup.dll
%TEMP%\rarsfx0\options.inp
%TEMP%\rarsfx0\psapi.dll
%TEMP%\rarsfx0\setup.exe
%TEMP%\rarsfx0\ui.cab

Moves the following files

from %ProgramFiles(x86)%\flyswat\set5e74.tmp to %ProgramFiles(x86)%\flyswat\setup.exe
from %ProgramFiles(x86)%\flyswat\set5e85.tmp to %ProgramFiles(x86)%\flyswat\flylib.dll
from %ProgramFiles(x86)%\flyswat\set5eb4.tmp to %ProgramFiles(x86)%\flyswat\flydesk.exe
from %ProgramFiles(x86)%\flyswat\set5ec5.tmp to %ProgramFiles(x86)%\flyswat\flydsk.dll
from %ProgramFiles(x86)%\flyswat\set5ee5.tmp to %ProgramFiles(x86)%\flyswat\psapi.dll
from %ProgramFiles(x86)%\flyswat\set5ef6.tmp to %ProgramFiles(x86)%\flyswat\fsinstall.ini
from %ProgramFiles(x86)%\flyswat\set5f16.tmp to %ProgramFiles(x86)%\flyswat\fssetup.dll
from %ProgramFiles(x86)%\flyswat\set5f36.tmp to %ProgramFiles(x86)%\flyswat\ui.cab

Network activity

UDP

DNS ASK st###.#est.flyswat.com

Miscellaneous

Searches for the following windows

ClassName: 'MS_AutodialMonitor' WindowName: ''
ClassName: 'MS_WebCheckMonitor' WindowName: ''

Creates and executes the following

'%TEMP%\rarsfx0\setup.exe' --silent
'%ProgramFiles(x86)%\flyswat\flydesk.exe'

Tecnologías

Términos

Formación y educación

Mitos

Technical Information

Curing recommendations

Free trial