AdGazelle

AdGazelle is a name used by many security applications to specify an adware infection that may appear as a Browser Helper Object, an add-on, and a browser extension. The AdGazelle adware is designed to present you with an abundance of ads in your web browser and might prevent you from comfortable Internet browsing. Adware developers deploy AdGazelle by using freeware installers as vessels, and you may want to be more careful the next time you install a free application via the "Express' or 'Typical' option. Additionally, the AdGazelle adware may not feature secure content and clicks on ads by AdGazelle may lead you to harmful websites and low-quality online shops. Security experts remind web surfers that visiting unsafe web locations grants hackers the opportunity to exploit vulnerabilities in your web browser. You might want to use a reputable anti-malware solution to remove the AdGazelle adware from your system.

Table of Contents

Toggle

Analysis Report

General information

Family Name:	Adware.AdGazelle
Signature status:	Self Signed

Known Samples

i

Known Samples

This section lists other file samples believed to be associated with this family.

MD5: 1762b99fba41dbbfa0b658656635cd5e SHA1: f49486f4fd3cc3162176d0e08f9620e0ac676864 SHA256: AA246C75AF360A1940D4CEFA7DA7D3AB11F8106A0456AEAFEF99BE2700CF922B File Size: 754.32 KB, 754320 bytes

MD5: 546d1020dbc0db37d1ac9ddfa8791acc SHA1: 49329ec59fe9bdeb6f9070243497a79cd239a151 SHA256: 7B030878DC9E0DEDBA81587CAA77BAACE5F0DD1382A0D5144A3B78CEE67B0E9D File Size: 641.30 KB, 641304 bytes

MD5: df8cee41b710315633e98d2f37151df7 SHA1: 13f54d22845bfc85bcaf53d6a9e00aa3fcc392f6 SHA256: AAA8E38A6644BA08DC88A1D0C358E094692CF043F9914E357987AC80F66E2D6A File Size: 980.26 KB, 980256 bytes

Windows Portable Executable Attributes

i

Windows Portable Executable Attributes

This section lists file attributes found within family samples. These attributes are extracted from the files’ Windows PE (Portable Executable) specification and various system flags. Portable Executable Attributes give malware researchers insight into a file’s functionality, executable details, platform and runtime environment.

• File doesn't have "Rich" header
• File doesn't have debug information
• File doesn't have exports table
• File doesn't have relocations information
• File has TLS information
• File is 32-bit executable
• File is either console or GUI application
• File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
• File is Native application (NOT .NET application)
• File is not packed

Show More

• IMAGE_FILE_DLL is not set inside PE header (Executable)
• IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

i

File Icons

This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.

Windows PE Version Information

i

Windows PE Version Information

This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.

Name	Value
Comments	This installation was built with Inno Setup.
Company Name	Program
File Description	Internet Setup
Legal Copyright	Soft
Product Name	Internet
Product Version	2.4

Digital Signatures

i

Digital Signatures

This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.

Signer	Root	Status
Downloadious	GlobalSign CodeSigning CA - G2	Self Signed

Files Modified

i

Files Modified

This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.

File	Attributes
c:\users\user\appdata\local\temp\nsb4c88.tmp\__306138a56d98409ea1bf53c2ce43f79b_lib.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb4c88.tmp\__306138a56d98409ea1bf53c2ce43f79b_vlib.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb4c88.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb4c88.tmp\modern-header.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb4c88.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb4c88.tmp\modern-wizard.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsb4c88.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg6873.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl4c77.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsq6872.tmp	Generic Write,Read Attributes

Show More

c:\users\user\appdata\local\temp\nss517a.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss517b.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss517c.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss60de.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsw6884.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy60ff.tmp\__687c16fd28074547a7d45042734e34c4_lib.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy60ff.tmp\__687c16fd28074547a7d45042734e34c4_vlib.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy60ff.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy60ff.tmp\modern-header.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy60ff.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy60ff.tmp\modern-wizard.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsy60ff.tmp\system.dll	Generic Write,Read Attributes

Windows API Usage

i

Windows API Usage

This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.

Category	API
Network Winsock2	WSAStartup
Network Wininet	InternetOpen InternetSetOption
Network Winsock	closesocket freeaddrinfo getaddrinfo socket
User Data Access	GetComputerName