Home / malwarePDF  

SoftwareBundler:MSIL/Dotdoads


First posted on 28 November 2014.
Source: Microsoft

Aliases :

There are no other names known for SoftwareBundler:MSIL/Dotdoads.

Explanation :

Threat behavior

Installation
This threat can create files on your PC, including:

  • %TEMP%\launcher.exe
  • %TEMP%\upliyer.exe
  • %USERPROFILE%\local settings\temporary internet files\content.ie5\ah2d4t2z\6[1].exe
  • c:\a\thfszhara1.exe


Behavior


Installs adware

We have seen this threat try to install Adware:MSIL/Dotdoads.

Connects to a remote host

We have seen this threat connect to a remote host, including:
  • www.leadingdownload.com using port 80
  • cpadna1.com using port 80
  • dotdo.net using port 80
Malware can connect to a remote host to:
  • Check for an Internet connection.
  • Download and run files (including updates or other malware).
  • Report a new infection to its author.
  • Receive configuration or other data.
  • Receive instructions from a malicious hacker.
  • Search for your PC location.
  • Upload information taken from your PC.
  • Validate a digital certificate.


We have seen this threat access online content, including:

  • 6.exe
This malware description was published using automated analysis of file SHA1 e0bff04f44d90d8288dcc9955d307dcff6cc70b1. Symptoms

The following can indicate that you have this threat on your PC:

  • You see these files:
    • %TEMP%\launcher.exe
    • %TEMP%\upliyer.exe
    • %USERPROFILE%\local settings\temporary internet files\content.ie5\ah2d4t2z\6[1].exe
    • c:\a\thfszhara1.exe

Last update 28 November 2014

 

TOP

Malware :