ALIASES:

not-a-virus:WebToolbar.Win64.SearchSuite.d (Kaspersky), a variant of Win32/Toolbar.SearchSuite.Q (ESET)

 PLATFORM:

Windows

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Adware

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This adware requires its main component to successfully perform its intended routine.

  TECHNICAL DETAILS

Tamaño del archivo Varies
Tipo de archivo DLL
Fecha de recepción de las muestras iniciales 10 Dec 2014

Arrival Details

This malware arrives via the following means:

  • as a DLL bundled in SearchSuite package

Other Details

This adware connects to the following possibly malicious URL:

  • http://dts.search.{BLOCKED}k.com/sr?l=dis&o=APN10645&qsrc=2870&apn_dtid=BND{sysid}&apn_ptnrs=LVD2-DTX&apn_uid={uid}&gct=dns&gc=1&appid={appid}&sysid={sysid}&sver=3&q=
  • http://dts.search.{BLOCKED}k.com/sr?src=crb&gct=ds&appid={appid}&systemid={sysid}&v={value}-{uc}&apn_uid={uid}&apn_dtid=BND{sysid}&o=APN10645&apn_ptnrs=AG6&q=
  • http://dts.search.{BLOCKED}k.com/sr?src=ffb&gct=ds&appid={appid}&systemid={sysid}&v={value}-{uc}&apn_dtid=BND{sysid}&apn_ptnrs=AG6&apn_uid={uid}&o=APN10645&q=
  • http://dts.search.{BLOCKED}k.com/sr?src=ieb&gct=ds&appid={appid}&systemid={sysid}&v={value}-{uc}&apn_uid={uid}&apn_dtid=BND{sysid}&o=APN10645&apn_ptnrs=AG6&q=
  • http://www.search.{BLOCKED}k.com/?o=APN10645A&gct=hp&d={sysid}-{appid}&v={value}-{uc}&t=4
  • http://www.search.{BLOCKED}k.com/suggest.php?src=ieb&gct=ds&appid={appid}&systemid={sysid}&v={value}-{uc}&apn_uid={uid}&apn_dtid=BND{sysid}&o=APN10645&apn_ptnrs=AG6&qu=
  • http://www.search.{BLOCKED}k.com?o=APN10645A&gct=hp&d={sysid}-{appid}&v={value}-{uc}&t=4&tag=newtab

It requires its main component to successfully perform its intended routine.

NOTES:

This adware's export functions are used by the main component DatamngrCoordinator.