Multi-License Discount Quote

Change Region

English
Threat Database Adware Ad4Pop Ads

Ad4Pop Ads

By GoldSparrow in Adware

Threat Scorecard

Popularity Rank: 3,948
Threat Level: 80 % (High)
Infected Computers: 15,749
First Seen: June 28, 2016
Last Seen: March 14, 2026
OS(es) Affected: Windows

The Ad4Pop software is promoted a free gaming platform that hosts Adobe Flash Player games and offers users access to premium content if certain conditions are accepted. The Ad4Pop software may allow users to play premium games like Crime Buster and King of Thieves if they commit to participating in marketing surveys and allow advertisers to treat their desktop as an advertising panel. Users that are interested in the content by Ad4Pop may need to give marketers permission to post promotional images and videos on their browser. Also, Ad4Pop may require access to your social media profile to share your progress in games at Ad4pop.com and reviews on products from sponsors. Security experts classify the Ad4Pop app as an adware that may present free games as premium content and welcome users to provide their address, phone number and email. The Ad4Pop can be found in freeware packages including applications like Dolphin Deals and FB Photo Zoom.

The Ad4Pop adware may bring up a command prompt to the user and close the browsers to complete its installation. You may notice that the Ad4Pop adware has changed your search provider and homepage to Startpage.com, which is associated with a browser hijacker. The Ad4Pop adware may appear as a browser extension and inject in-text hyperlinks to items on Amazon, AliExpress and eBay. The ads by Ad4Pop may be shown on pop-up and pop-under windows as well. Security experts note that the Ad4Pop adware may load insecure pages on your screen and welcome users to log-in with their Facebook and Twitter accounts. Needless to say, you should not follow instructions by Ad4Pop because third parties could hijack your accounts. The Ad4Pop adware may install its files in the Temp directory and runs as background service. You may need to use a credible anti-spyware tool to eradicate the Ad4Pop adware and secure your OS.

Analysis Report

General information

Family Name: Trojan.Agent.LA
Signature status: No Signature

Known Samples

MD5: dba67c011f3ffb5382677f97411f3447
SHA1: d0dd98788015bc383ae9a6b5e610b34888e7ed22
File Size: 985.74 KB, 985744 bytes
MD5: 3519bfc62d61a6f4e1dcb8fd7f51dd5a
SHA1: 43f04afe0b2d3a30018b58f22ae4998fed2591fd
SHA256: A052C14B38604840EBF28D6CA753A6020C8B4C54EB3F1C1A0020E6507FEBAC15
File Size: 2.93 MB, 2925864 bytes
MD5: de0553c095bda6c7ef2250d2b3342ef7
SHA1: ba20508fc823aae7ce61ec977eb5ba007e2643a9
SHA256: E7B5EBE8E67C251930158F8DFF2F0167135550C5E99EB3FFE47C4038356D3DFE
File Size: 9.20 MB, 9202408 bytes
MD5: 08f5d1c64fc0455bf680e96df41f16ec
SHA1: c27ad3ac3223bd609d7f0c3b4851c8b1dcb02e70
SHA256: 008C59646FAFA9349F2E68F398EA1C8FA3938EDB92CEF5F0ECD5F59EC4514DD2
File Size: 82.25 KB, 82248 bytes
MD5: 656df209d1ca06367d6d8a44619dca51
SHA1: a1d5637d5c60e86aa9174f9b702b5154e20948f9
SHA256: 54FA9E00B43D1D804EEBCFCA7464DC7B2BAE6B97698FFC42B744B6916C954D1C
File Size: 2.51 MB, 2511360 bytes
Show More
MD5: be7ab27654856d513b9600320795fc5b
SHA1: 56809caecafc2f424766f18a0944e3123029efa5
SHA256: EAB06D7902BAD1C8971369B7633F8A179AEE9092E35FB54D33C21969681F902D
File Size: 241.42 KB, 241419 bytes
MD5: 228c16e1bf39dc9b24a0985cc5e96f2c
SHA1: 3404926f4712cf6812474de18d90b9bcf47a1287
SHA256: E563207991B032083B99386C8BD3230C8EC0B5F3CD43D3CEB0A4B3E206A1832F
File Size: 154.70 KB, 154696 bytes
MD5: 30f8d39e0dbf226478f99c063dc742b6
SHA1: 7d53dd3ee83517ad5bc314de75656dc715bf74e2
SHA256: 4EF17388317C1529CBB6BF292F3A915CE838DC277B53C5CCAC02063E5C5796D4
File Size: 33.96 KB, 33960 bytes
MD5: a6d4e23d74f62eb0bf88c9b723dfa805
SHA1: 64138f8927d5078ae5f6a1be2e3e36b7a0ca232f
SHA256: 9D730F8488B2AF473AFCAB8DB56FEC834C8ECD7EE676C228D6BC17E53CC8659C
File Size: 81.92 KB, 81920 bytes
MD5: 8b571cfdbc8c3b21afb1318e0546e9e5
SHA1: 86673e655d3ff3c715967a657ff25e39cb3c50c9
SHA256: FB549C35288A43984B2734D8AD4DF9916680EDB0A82C71C2BB0FAA36261DE129
File Size: 1.35 MB, 1348679 bytes
MD5: 8ee571910aac564a76b1eb978fc918e6
SHA1: 74d4cb76dcce7ceac3d99e7e1cdeeab43ce01bf1
SHA256: F0965AAB99BADDAA16A0044C7DB00DB97C91270681AC34A56DDFBEE290520F96
File Size: 143.17 KB, 143168 bytes
MD5: 381f669e1f467790c9f5e07aa9c14507
SHA1: f96aaf1b28112cfa46a2571cf3ee59c59e2091c1
SHA256: 4AA76B9B0C9646BA7F41D174359C862BF3912153628BEEB240DE43159C2A1799
File Size: 3.89 MB, 3886176 bytes
MD5: a03318e29884fc7a0c559114cfa4c3d4
SHA1: 364bfd5fc51793219573b7a51e521c574ded7069
SHA256: 47DC43297D386CF30B67DF280D5D0C9DEE810D63B54D8E25CEF4F7D3CE1A1184
File Size: 7.43 MB, 7429120 bytes
MD5: 971111a8743dd24ec4973888a4cf036a
SHA1: cd115e5737849017f3e0d73bee279c326a0fb2b6
SHA256: 3FA497D25076B9F767D7B22EA8849D863CAD766A7634E67CF4C97314051C0770
File Size: 426.70 KB, 426702 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
Comments This Launcher uses Sciter Engine (http://sciter.com/), copyright Terra Informatica Software, Inc.
Company Name
  • Blizzard Entertainment
  • Gaijin
  • iAnywhere Solutions, Inc.
  • Macromedia, Inc.
  • Microsoft Corporation
  • philandro Software GmbH
  • XZ
File Description
  • Adaptive Server Anywhere Database Engine
  • Age of Empires II HD
  • AnyDesk
  • Battle․net
  • Flash Player 5.0 r30
  • Gaijin Smart Launcher
  • Office Source Engine
  • Player
  • PrinterTool Module
  • Setup/Uninstall
Show More
  • Setup Installer
File Version
  • 51.1052.0.0
  • 15.0.4454.1000
  • 10.0.30319.1 built by: RTMRel
  • 9.1.40.0
  • 8.0.3.5594
  • 5.7.INT
  • 5.2.1.0
  • 5,0,30,0
  • 2.43.0.15419
  • 1.0.3.51
Show More
  • 1, 0, 48, 05
  • 1, 0, 0, 1
Full Copyright
  • Copyright © 1989-2004 Sybase, Inc. Portions Copyright © 2002-2004, iAnywhere Solutions, Inc. All rights reserved. All unpublished rights reserved.
Internal Name
  • age2_x1.exe
  • Battle.net
  • dbeng8
  • Flash
  • Gaijin Smart Launcher
  • ld
  • ose
  • PrinterTool
  • Setup.exe
Legal Copyright
  • (C) 2019 philandro Software GmbH
  • Copyright (C) 2019
  • Copyright 2015
  • Copyright © 1989-2004 Sybase, Inc. Portions Copyright © 2002-2004, iAnywhere Solutions, Inc. All rights reserved. All unpublished rights reserved.
  • Copyright © 1996-2000 Macromedia, Inc.
  • Copyright © Microsoft Corp. 2012-2013
  • © 2012-2024 Blizzard Entertainment Inc.
  • © Gaijin Games KFT
  • © Microsoft Corporation. All rights reserved.
Legal Trademarks
  • Flash
  • Sybase is a trademark of Sybase, Inc.
Legal Trademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
Legal Trademarks2 Windows® is a registered trademark of Microsoft Corporation.
Original Filename
  • age2_x1.exe
  • Battle.net.exe
  • dbeng8
  • Launcher
  • ld
  • ose.exe
  • PrinterTool.exe
  • SetupUI.exe
  • SwFlsh32.exe
Product Name
  • age2_x1
  • AnyDesk
  • Battle.net
  • CrossoutLauncher
  • Flash 5.0
  • Microsoft® .NET Framework
  • Office Source Engine
  • Player
  • PrinterTool Module
  • Sybase Adaptive Server Anywhere
Product Version
  • 15.0.4454.1000
  • 10.0.30319.1
  • 9.1.40.0
  • 8.0.3.5594
  • 5.7.INT
  • 5.2
  • 5,0,30,0
  • 2.43.0.15419
  • 1.0.3.51
  • 1, 0, 48, 05
Show More
  • 1, 0, 0, 1

Digital Signatures

Signer Root Status
Valve Corp. DigiCert Trusted Root G4 Hash Mismatch

File Traits

  • 2+ executable sections
  • HighEntropy
  • imgui
  • Inno
  • Installer Manifest
  • Installer Version
  • No Version Info
  • packed
  • upx
  • UPX!
Show More
  • VirtualQueryEx
  • x86

Block Information

Total Blocks: 658
Potentially Malicious Blocks: 8
Whitelisted Blocks: 649
Unknown Blocks: 1

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 x x x 0 x x x x 0 x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.M
  • Dropper.Delf.CD
  • Expiro.DA
  • Expiro.ID
  • Expiro.KA
Show More
  • Luder.C
  • Rozena.AX
  • Rozena.H

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKLM\software\classes\shockwaveflash.shockwaveflash\shell\open\command:: c:\users\user\downloads\cd115e5737849017f3e0d73bee279c326a0fb2b6_0000426702 %1 RegNtPreCreateKey
HKLM\software\classes\shockwaveflash.shockwaveflash\defaulticon:: c:\users\user\downloads\cd115e5737849017f3e0d73bee279c326a0fb2b6_0000426702,1 RegNtPreCreateKey
HKLM\software\classes\.swf:: ShockwaveFlash.ShockwaveFlash RegNtPreCreateKey
HKLM\software\classes\.spl:: ShockwaveFlash.ShockwaveFlash RegNtPreCreateKey

Windows API Usage

Category API
Network Winhttp
  • WinHttpOpen
Service Control
  • StartServiceCtrlDispatcher

Trending

Most Viewed

Loading...