ADW_SEARCHSUITE.GA
December 11, 2014
ALIASES:
not-a-virus:WebToolbar.Win64.SearchSuite.d (Kaspersky), a variant of Win32/Toolbar.SearchSuite.Q (ESET)
PLATFORM:
Windows
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
INFORMATION EXPOSURE:

Threat Type: Adware
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This adware requires its main component to successfully perform its intended routine.
TECHNICAL DETAILS
Tamaño del archivo Varies
Tipo de archivo DLL
Fecha de recepción de las muestras iniciales 10 Dec 2014
Arrival Details
This malware arrives via the following means:
- as a DLL bundled in SearchSuite package
Other Details
This adware connects to the following possibly malicious URL:
- http://dts.search.{BLOCKED}k.com/sr?l=dis&o=APN10645&qsrc=2870&apn_dtid=BND{sysid}&apn_ptnrs=LVD2-DTX&apn_uid={uid}&gct=dns&gc=1&appid={appid}&sysid={sysid}&sver=3&q=
- http://dts.search.{BLOCKED}k.com/sr?src=crb&gct=ds&appid={appid}&systemid={sysid}&v={value}-{uc}&apn_uid={uid}&apn_dtid=BND{sysid}&o=APN10645&apn_ptnrs=AG6&q=
- http://dts.search.{BLOCKED}k.com/sr?src=ffb&gct=ds&appid={appid}&systemid={sysid}&v={value}-{uc}&apn_dtid=BND{sysid}&apn_ptnrs=AG6&apn_uid={uid}&o=APN10645&q=
- http://dts.search.{BLOCKED}k.com/sr?src=ieb&gct=ds&appid={appid}&systemid={sysid}&v={value}-{uc}&apn_uid={uid}&apn_dtid=BND{sysid}&o=APN10645&apn_ptnrs=AG6&q=
- http://www.search.{BLOCKED}k.com/?o=APN10645A&gct=hp&d={sysid}-{appid}&v={value}-{uc}&t=4
- http://www.search.{BLOCKED}k.com/suggest.php?src=ieb&gct=ds&appid={appid}&systemid={sysid}&v={value}-{uc}&apn_uid={uid}&apn_dtid=BND{sysid}&o=APN10645&apn_ptnrs=AG6&qu=
- http://www.search.{BLOCKED}k.com?o=APN10645A&gct=hp&d={sysid}-{appid}&v={value}-{uc}&t=4&tag=newtab
It requires its main component to successfully perform its intended routine.
NOTES:
This adware's export functions are used by the main component DatamngrCoordinator.