Ads By Quiz Games
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 6,050 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 20,542 |
| First Seen: | June 8, 2015 |
| Last Seen: | April 17, 2026 |
| OS(es) Affected: | Windows |
Quiz Games is a browser add-on, compatible with most modern Windows-based browsers. This browser add-on is promoted as a helpful tool to enhance your online experience. In reality, Quiz Games is nothing more than another advertisement platform. Quiz Games is distributed via the popular and polarizing practice of software bundles. In most cases, users are oblivious to the fact that additional software has been installed on their machine. Once on the computer, Quiz Games will attach itself to your browser(s) and start peddling advertisements. Soon enough, your browsing sessions will be filled with ads and pop-ups, promoting a variety of products. The ads promoted by Quiz Games may expose your computer to threats. Suffice to say, clicking on any ads promoted by Quiz Games is an ill-advised idea. Furthermore, Quiz Games may modify your browser settings, replacing your homepage and default search engine. The search engine queries display skewed data, favoring sponsored links and advertisements. Due to its propagation method, low utility and potentially dangerous habits, Quiz Games is classified as a PUP (Potentially Unwanted Program) with adware capabilities. If you detect Quiz Games on your computer and you do not want its features, you should take action to remove it.
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Coinminer.GI |
|---|---|
| Signature status: | Root Not Trusted |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
0f77adf00868a8855ba7dcf77c2b3405
SHA1:
f1839571b044595db5d22ac3b38d9c37feaba3c2
SHA256:
671700BDB178CD7E4DAD430ABEA98B8D0B9EE4FE9484061AF3D5C530C687CFB6
File Size:
9.62 MB, 9616048 bytes
|
|
MD5:
17b2a49c7ddaf9878ce3e3f0d6441dc4
SHA1:
52e7504eb3ebd0274ad220b95c74ab11637913c8
SHA256:
B44F71BC08CE78208F9AA2CDFD9C4E076707E7343BC04F88C3D86110627A76B3
File Size:
3.41 MB, 3413424 bytes
|
|
MD5:
690fec0ea622cc80812d084cba820a46
SHA1:
89f70ab15f2f9858ddf5bf935d8a36cf3eea4a8e
SHA256:
949CF4F396941D4E50DB08907C5BF6F736F47A16AAF4E2A83BAC3EE773A334E7
File Size:
9.62 MB, 9616056 bytes
|
|
MD5:
c4a38fb5dc43a3be2d2efcc6161a501f
SHA1:
860085f6b4e6251a51210e903eff626e120f8804
SHA256:
476E5347786D12010EB6B51EA20F0F380F26F4788A5C120CD8152D3F6B144D39
File Size:
9.98 MB, 9975296 bytes
|
|
MD5:
5034469cd52a3c6152cca52b6b6b1c32
SHA1:
3a0d1b557eb0d54f8980e7ae1d54102e4a4b1fab
SHA256:
064C7E26838D0D433808B3E960E9140CA4BF400008644E2B93229A51DE8966F0
File Size:
9.62 MB, 9615864 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have exports table
- File doesn't have security information
- File has TLS information
- File is 64-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name | Ubisoft |
| File Description |
|
| File Version | 3.0.2.12 |
| Internal Name |
|
| Legal Copyright |
|
| Original Filename |
|
| Product Name | Ubisoft Streaming Application |
| Product Version |
|
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| Lavasoft Software Canada Inc. | Entrust Root Certification Authority - G2 | Hash Mismatch |
| UBISOFT ENTERTAINMENT INC. | Microsoft Identity Verification Root Certificate Authority 2020 | Root Not Trusted |
File Traits
- No Version Info
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 30,913 |
|---|---|
| Potentially Malicious Blocks: | 34 |
| Whitelisted Blocks: | 24,737 |
| Unknown Blocks: | 6,142 |
Visual Map
? - Unknown Block
x - Potentially Malicious Block
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| Service Control |
|
| Network Winsock2 |
|
