Adware.1ClickDownload

By CagedTech in Adware

Threat Scorecard

Popularity Rank:	11,537
Threat Level:	20 % (Normal)
Infected Computers:	1,737

First Seen:	July 24, 2009
Last Seen:	January 12, 2026
OS(es) Affected:	Windows

Table of Contents

Aliases

3 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
Symantec	Downloader.MisleadApp
Microsoft	Trojan:Win32/Drastwor.A
F-Secure	Trojan-Downloader.Win32.Adload.pr

File System Details

Adware.1ClickDownload may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	Dot1XCfg.exe	6e6559f51c68d225bbf994083b37d59f	0
Name: Dot1XCfg.exe MD5: 6e6559f51c68d225bbf994083b37d59f Size: 61.44 KB (61440 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009

Analysis Report

General information

Family Name:	Adware.1ClickDownload
Signature status:	Self Signed

Known Samples

MD5: e18a14e71601cfbf01f12ca267720d37

SHA1: c3468afc2a3aa0502d0d9c067eed718e20eff427

SHA256: 9CC4E7D9E5AD3E4D6A7A0D92904D77DCC6F3FBF0979E3F7E672867C621FB4DC2

File Size: 60.32 KB, 60316 bytes

MD5: e4e03ec172f99726b7fcbf01a1e6aa0a

SHA1: 84a6bd8211e822ab5f9c588ba572215478518b27

SHA256: E0C645664F7378D3E8242666562DF926DCC99CA9C47F49954D3153D0AF9843E6

File Size: 390.62 KB, 390624 bytes

MD5: 2b557ae9cbda1e6ea5fabc3109ea2696

SHA1: cac0563285c80bd44126bdee5eb4d4c1933eeb22

SHA256: 56EBEB94A3A49ABDCBD8F6A546BC0DB6427C3A2EABE79071402106EBF3733430

File Size: 263.49 KB, 263488 bytes

MD5: 46b1618da865bcc20362fa517e633ba6

SHA1: 91d968cd26db5ed9143902bf21eed284995854a0

SHA256: 345E6DBB48555960BC9ED4D8B6981375753F791EE3200F45F75D600C32F7EE5A

File Size: 279.12 KB, 279120 bytes

MD5: b758884eb2acbf556f6b4129ce7c8a90

SHA1: 1845b395eea5bc314c051c553897e0e17e473bcb

SHA256: 738CAAEAFCBF57FEAF8417A900F395ECC28BACC8BD9A24B30AA4EA7FFB66D028

File Size: 277.54 KB, 277544 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Digital Signatures

Signer	Root	Status
Kanchana Khiandee	Thawte Code Signing CA - G2	Self Signed
Terra Firma Internet Consulting LTD	Thawte Code Signing CA - G2	Self Signed
Cool Mirage ltd.	UTN-USERFirst-Object	Root Not Trusted

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\nse47c4.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsgb123.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nslb134.tmp\bd.htm	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslb134.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna95b.tmp\bd.htm	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna95b.tmp\inetc3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna95b.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp52ef.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsu530f.tmp\bd.htm	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu530f.tmp\system.dll	Generic Write,Read Attributes

c:\users\user\appdata\local\temp\nsz47f4.tmp\load_0.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz47f4.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~nsu.tmp\au_.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144

Registry Modifications

Key::Value	Data	API Name
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Pakvivyw\AppData\Local\Temp\~nsu.tmp\Au_.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Pakvivyw\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Pakvivyw\AppData\Local\Temp\~nsu.tmp	RegNtPreCreateKey
HKLM\software\classes\appid\{c007dadd-132a-624c-088e-59ee6cf0711f}::id0	%	RegNtPreCreateKey
HKCU\software\1clickdownload::uid	319481074	RegNtPreCreateKey
HKCU\software\1clickdownload::lastinstall0	1 P2	RegNtPreCreateKey
HKCU\software\1clickdownload::lastinstall0	1""!	RegNtPreCreateKey
HKCU\software\1clickdownload::lastinstall0	1"sf	RegNtPreCreateKey
HKCU\software\1clickdownload::lastinstall0		RegNtPreCreateKey

Windows API Usage

Category	API
Process Shell Execute	CreateProcess
Network Wininet	InternetOpen

Shell Command Execution


							"C:\Users\Pakvivyw\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Adware.1ClickDownload

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

File System Details

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Digital Signatures

Digital Signatures

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Asyl Ransomware

MgBot Backdoor

Clearbridgeworks.co.in

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen

How to Fix 'macOS cannot verify that this app is...