SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Amonetize.EGNX
Amonetize.EGNX is an Adware. Adware, or advertising-supported software, is any software that automatically renders advertisements in order to generate revenue for its author. The advertisements may be in the user interface of the software or on a screen presented to the user during the installation process. It is usually annoying but harmless, unless it is combined with spyware or trackware.

      Process Related Changes
      It creates the following mutex(es):
      • http://mini.eastday.com/"
      • ZonesLockedCacheCounterMutex"
      • DDrawWindowListMutex"
      • CTF.Compart.MutexDefaultS-1-5-21-1078081533-842925246-854245398-1003"
      • mininews.exe-20160301"
      • DDrawDriverObjectListMutex"
      • {1B655094-FE2A-433c-A877-FF9793445069}"
      • !PrivacIE!SharedMemory!Mutex"
      • CTF.Asm.MutexDefaultS-1-5-21-1078081533-842925246-854245398-1003"
      • MSCTF.Shared.MUTEX.AL"
      • CTF.LBES.MutexDefaultS-1-5-21-1078081533-842925246-854245398-1003"
      • c:!documents and settings!admin!cookies!"
      • InternetExplorerDOMStoreQuota"
      • !BrowserEmulation!SharedMemory!Mutex"
      • c:!documents and settings!admin!local settings!history!history.ie5!"
      • MSIMGSIZECacheMutex"
      • __DDrawCheckExclMode__"
      • WininetConnectionMutex"
      • !IECompat!Mutex"
      • c:!documents and settings!admin!local settings!temporary internet files!content.ie5!"
      • {ADC7C165-842A-42f0-BD5A-86E335163ED1}"
      • MSCTF.Shared.MUTEX.AGB"
      • CTF.TMD.MutexDefaultS-1-5-21-1078081533-842925246-854245398-1003"
      • c:!documents and settings!admin!local settings!application data!microsoft!internet explorer!domstore!"
      • ZonesCounterMutex"
      • DirectSound DllMain mutex 0x00000070"
      • CTF.TimListCache.FMPDefaultS-1-5-21-1078081533-842925246-854245398-1003MUTEX.DefaultS-1-5-21-1078081533-842925246-854245398-1003"
      • ZoneAttributeCacheCounterMutex"
      • ZonesCacheCounterMutex"
      • CTF.Layouts.MutexDefaultS-1-5-21-1078081533-842925246-854245398-1003"
      • c:!documents and settings!admin!iecompatcache!"
      • __DDrawExclMode__"

      It creates the following process(es):
      • C:\DOCUME1\Admin\LOCALS1\Temp\mininews.exe
      • C:\WINDOWS\Temp\f03ff60a95c0fdf0eb8bcae4514b7d47.exe [ \c:\windows\temp\f03ff60a95c0fdf0eb8bcae4514b7d47.exe ]

      It injects malicious code into the following process(es):
      • "C:\DOCUME1\Admin\LOCALS1\Temp\mininews.exe"

      Network Activity
      We observed a large number of DNS queries, some of them are:
      • 01.imgmini.eastday.com
      • 07.imgmini.eastday.com
      • 05.imgmini.eastday.com
      • 06.imgmini.eastday.com
      • 02.imgmini.eastday.com
      • 00.imgmini.eastday.com
      • 04.imgmini.eastday.com
      • a1.alicdn.com
      • 03.imgmini.eastday.com
      • 08.imgmini.eastday.com

      It attempts to connect to the following remote servers:
      • 127.xxxxxx:1032


      Relevant Information