Starware Description

Starware is an Internet Explorer toolbar presented as having specialized search functions and a pop-up blocker. While this is debatable, Starware has some additional hidden functions, such as displaying pop-up advertisements and redirecting search queries to its sponsor websites.

Type: Browser Helper Object

Automatic Detection of Starware

Starware Technical Report

As new Starware details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following Starware files with its MD5s were created in the system:

Starware has typically the following processes in memory:

• starware44.exe
• sinstaller.exe
• Starware_305[1].exe
• Starware305Uninstall.exe
• Starware316.dll
• Starware386.dll
• Starware337Uninstall.exe
• widgets725.exe
• starware_305.exe
• starware.dll
• starware[1].exe
• Starware358Uninstall.exe
• Starware381.dll
• Starware347Uninstall.exe
• starwareuninstall.exe
• starware43.exe
• 9cc045af42.exe
• Starware305.dll
• Starware358.dll
• Starware316Uninstall.exe
• jokester.dll

Starware created the following directories, files, paths:

• %ProgramFiles%\Starware347
• %ProgramFiles%\Starware337
• %ProgramFiles%\Starware316
• %AppData%\Starware337
• %ProgramFiles%\Starware358
• %AllUsersProfile%\Application Data\Starware337

Starware creates the following registry entries:

• 7bed0340-176b-44bc-915e-c21c1dd6f617
• HKEY_CURRENT_USER\software\starware
• SOFTWARE\Microsoft\Internet Explorer\Toolbar\D49E9D35-254C-4c6a-9D17-95018D228FF5
• 45A4902E-4479-4EAE-A186-8D0F7E4C78DE
• 4C1CAACF-1788-4613-A840-6BD943D4EE95
• 5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e
• 1962c5bc-e475-465b-823b-133e711bceb9
• Microsoft\Internet Explorer\Explorer Bars\9A7D6AD2-0881-451F-BB27-F5E2EE2C5B14
• 551b0e74-b796-4c1e-a321-59e4672f9614
• Software\Microsoft\Internet Explorer\Toolbar\b7015c83-786f-46cf-940b-c65b867a1ddf
• 2a69f099-cb84-4aa5-96ec-fc657b88b384
• 5cd6c2f9-c142-40dd-9ec9-43e8b4386807
• 0AC7B413-C45B-4654-BADE-26061575A2AF
• C94D0190-978F-46C8-B48B-339362176ED8
• 2d51d869-c36b-42bd-ae68-0a81bc771fa5
• d49e9d35-254c-4c6a-9d17-95018d228ff5
• Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\D49E9D35-254C-4C6A-9D17-95018D228FF5
• Microsoft\Windows\CurrentVersion\App Management\ARPCache\Starware
• Starware305
• 9FB3908C-6565-4CB0-95F8-E9F85258723C
• Starware358
• e550dc77-ef3b-474f-b59c-b3e2aa1fa6a5
• Microsoft\Windows\CurrentVersion\App Management\ARPCache\Starware316
• Software\Microsoft\Internet Explorer\Toolbar\2a69f099-cb84-4aa5-96ec-fc657b88b384
• Software\Microsoft\Internet Explorer\Explorer Bars\5cd6c2f9-c142-40dd-9ec9-43e8b4386807
• 5238187c-f69c-460d-bff7-2a8f9203dc93
• 85A616EE-142C-4D52-9F45-C469964E109E
• Jokester.Prank.1
• Starware337
• HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\starware
• ca356d79-679b-4b4c-8e49-5af97014f4c1
• HKEY_CURRENT_USER\software\starware\options
• Starware
• SOFTWARE\Microsoft\Internet Explorer\Toolbar\9FB3908C-6565-4CB0-95F8-E9F85258723C
• 9A7D6AD2-0881-451F-BB27-F5E2EE2C5B14
• SOFTWARE\Microsoft\Internet Explorer\Toolbar\1962c5bc-e475-465b-823b-133e711bceb9
• ab3dfa03-f743-4302-81dd-c370bffeca23
• Starware316
• ebf25b1a-5576-450f-82d8-075c0ba75556
• Software\Microsoft\Internet Explorer\Explorer Bars\5238187c-f69c-460d-bff7-2a8f9203dc93
• b7015c83-786f-46cf-940b-c65b867a1ddf
• Starware347
• Jokester.Prank
• Microsoft\Windows\CurrentVersion\App Management\ARPCache\Starware347

Important Article Disclaimer