SecurityHome.eu BrowserModifier:Win32/Prifou

Home / malware PDF

BrowserModifier:Win32/Prifou

First posted on 10 August 2016.
Source: Microsoft
Aliases :
There are no other names known for BrowserModifier:Win32/Prifou.
Explanation :
Installation

This browser modifier can be installed on your PC when you download other software from third-party websites.

Payload

Displays advertisements

This threat displays advertisements while you browse. Ads have the attribution name "Price Fountain".

Example of ads:

This threat uses 2 ways in displaying ads:

1. It adds a browser add-on that it automatically enables (see example screenshot below).

2. It uses rundll32.exe to execute a DLL to inject ads to the browser.

Adds scheduled tasks

This threat adds scheduled tasks to automatically execute, and, check and download updates.

Example of scheduled tasks it creates:

Find out more about how and why we identify unwanted software.

Analysis by James Patrick Dee
Last update 10 August 2016

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20