Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Aureate

Overview

Threat Risk LOW LOW
Destructivity Unknown UNKNOWN
Payload Download malware, compromise system security
Detection files published 02 Oct 2005 03:00:00
Description created 22 Apr 2010 01:50:00
Description updated 22 Apr 2010 01:50:00
Malware type ADWARE
Alias Adware.Aureate (Symantec)
Aureate (Sophos)
Spyware:Win32/Aureate (Microsoft)
not-a-virus:AdWare.Win32.Aureate ( Kaspersky)
Spreading mechanism EMAIL
UNKNOWN
Summary

W32/Aureate

Spreading

W32/Aureate may be installed as part of the installation for other software, such as adware supported shareware or freeware applications downloaded from the internet. W32/Aureate includes functionality to access the internet and communicate with a remote server via HTTP. W32/Aureate is an advertising program that displays banner ads and sends user information to a central server at [Removed].

Payload Details

n/a

Analysis

[ DetectionInfo ] * Filename: C:\Documents and Settings\norman\Desktop\NETANT~1.EXE. * Sandbox name: . * Signature name: NOT_SCANNED. * Compressed: NO. * TLS hooks: NO. * Executable type: Application. * Executable file structure: OK. * Filetype: PE_I386. [ General information ] * File length: 881824 bytes. * MD5 hash: 37132bd9106c433448277cad719d7de8. * Packer detection: Wise Installer Stub. [ Changes to filesystem ] * Creates file C:\WINDOWS\TEMP\GLC0500.tmp. * Overwrites file C:\WINDOWS\TEMP\GLC0500.tmp. * Creates file C:\WINDOWS\TEMP\GLJ6798.tmp. * Overwrites file C:\WINDOWS\TEMP\GLJ6798.tmp. [ Process/window information ] * Creates a window with name " ". * Creates a window with name "NetAnts 1.21 Installation".

Removal

n/a


Last Updated: 12 Nov 2015 11:06:15