PUA_APPGRAFFITI.GA
PUA.AppGraffiti (Symantec); AppGraffiti (AVware); AppGraffiti (VIPRE)
Windows

Threat Type: Potentially Unwanted Application
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This potentially unwanted application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It arrives as a component bundled with malware/grayware packages. It may be manually installed by a user.
It requires its main component to successfully perform its intended routine.
TECHNICAL DETAILS
1,220,544 bytes
EXE
06 Oct 2015
Arrival Details
This potentially unwanted application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It arrives as a component bundled with malware/grayware packages.
It may be manually installed by a user.
Autostart Technique
This potentially unwanted application adds the following registry entries to enable its automatic execution at every system startup:
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
AppGraffiti = "{malware path and filename}"
Other System Modifications
This potentially unwanted application adds the following registry keys:
HKEY_CURRENT_USER\Software\AppGraffiti
It adds the following registry entries:
HKEY_CURRENT_USER\Software\AppGraffiti
SETTRAY = "1"
HKEY_CURRENT_USER\Software\AppGraffiti
LAST_DAILYHIT = "{hex values"}
Other Details
This potentially unwanted application connects to the following possibly malicious URL:
- http://www.{BLOCKED}ffiti.com/
- http://dnl.{BLOCKED}ffiti.com/cr_config.asmx/GetGRAFFXMLENC2014
It requires its main component to successfully perform its intended routine.