Adware.AddLyrics

By CagedTech in Adware

Threat Scorecard

Popularity Rank:	11,122
Threat Level:	20 % (Normal)
Infected Computers:	385,301

First Seen:	February 26, 2013
Last Seen:	December 16, 2025
OS(es) Affected:	Windows

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
AVG	AddLyrics_r.OI
Panda	PUP/AdvertisingApps
McAfee	Artemis!43C0EA49FC00
Sophos	Generic PUA AE
McAfee-GW-Edition	Artemis!PUP
Kaspersky	not-a-virus:AdWare.Win32.AddLyrics.dko
CAT-QuickHeal	AdWare.AddLyrics.r6
McAfee	Artemis!A089F3BCD07C
AVG	Generic_r.XA
Antiy-AVL	Trojan/Win32.TSGeneric
McAfee	Artemis!D32E94F0505D
Ikarus	Win32.SuspectCrc
McAfee	Artemis!C21B073DD396
AVG	Generic.3E5
Ikarus	PUA.AddLyrics

SpyHunter Detects & Remove Adware.AddLyrics

File System Details

Adware.AddLyrics may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	webinstrNewH.sys	fe56abb7e2f8e279ba12e3b156edfb01	3,088
Name: webinstrNewH.sys MD5: fe56abb7e2f8e279ba12e3b156edfb01 Size: 56.99 KB (56992 bytes) Detections: 3,088 Type: System file Path: C:\Backup old pc\Program Files\ver8SpeedChecker\x86\webinstrNewH.sys Group: Malware file Last Updated: February 16, 2024
2.	webinstrNew.sys	c21b073dd39644db158a93070a6e6ea8	3,063
Name: webinstrNew.sys MD5: c21b073dd39644db158a93070a6e6ea8 Size: 50.31 KB (50312 bytes) Detections: 3,063 Type: System file Path: C:\FERNANDO GOLCALVEZ 21 09 2020\FERNANDO 07 10 2014\Program Files\ver3SpeedCheck\x86\webinstrNew.sys Group: Malware file Last Updated: November 20, 2022
3.	webTinst.sys	82e0d650c5fc3db3a709e2218a717382	2,843
Name: webTinst.sys MD5: 82e0d650c5fc3db3a709e2218a717382 Size: 43.56 KB (43560 bytes) Detections: 2,843 Type: System file Path: C:\Windows.old.000\Program Files\ver2SpeedChecker\x86\webTinst.sys Group: Malware file Last Updated: April 12, 2022
4.	webinstrNHK.sys	2774be9ff34177fc03748ab4d234df17	2,451
Name: webinstrNHK.sys MD5: 2774be9ff34177fc03748ab4d234df17 Size: 49.21 KB (49216 bytes) Detections: 2,451 Type: System file Path: C:\Windows.old.000\Program Files\ver6SpeedCheck\x86\webinstrNHK.sys Group: Malware file Last Updated: March 18, 2022
5.	webinstrh.sys	4ea2efc7a4ccd37174160e0fb0677706	2,082
Name: webinstrh.sys MD5: 4ea2efc7a4ccd37174160e0fb0677706 Size: 56.99 KB (56992 bytes) Detections: 2,082 Type: System file Path: c:\windows\system32\drivers\webinstrh.sys Group: Malware file Last Updated: August 31, 2025
6.	webinstrnhkt.sys	b0f99f135c032a816e1837a307b6776f	1,534
Name: webinstrnhkt.sys MD5: b0f99f135c032a816e1837a307b6776f Size: 43.56 KB (43560 bytes) Detections: 1,534 Type: System file Path: c:\windows\system32\drivers\webinstrnhkt.sys Group: Malware file Last Updated: September 20, 2025
7.	webinstrT.sys	d32e94f0505df666706e0939d596bc90	1,423
Name: webinstrT.sys MD5: d32e94f0505df666706e0939d596bc90 Size: 56.99 KB (56992 bytes) Detections: 1,423 Type: System file Path: C:\Program Files\ver6SpeeditUp\x86\webinstrT.sys Group: Malware file Last Updated: January 13, 2023
8.	webinstrH.sys.vir	0838b7a97de8072f59d69ffe3b0e765b	1,404
Name: webinstrH.sys.vir MD5: 0838b7a97de8072f59d69ffe3b0e765b Size: 64.23 KB (64232 bytes) Detections: 1,404 Path: C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver0BlockAndSurf\x64\webinstrH.sys.vir Group: Malware file Last Updated: July 15, 2022
9.	webinstrNHKT.sys.vir	1712807a9c919fd1da58640ffb97d7c0	1,394
Name: webinstrNHKT.sys.vir MD5: 1712807a9c919fd1da58640ffb97d7c0 Size: 49.21 KB (49216 bytes) Detections: 1,394 Path: %SYSTEMDRIVE%\AdwCleaner\Quarantine\C\Program Files\ver1BlockAndSurf\x86\webinstrNHKT.sys.vir Group: Malware file Last Updated: November 9, 2023
10.	webTinstMKTN.sys.vir	545b5ddae4305cbd52b8909806e5517e	1,018
Name: webTinstMKTN.sys.vir MD5: 545b5ddae4305cbd52b8909806e5517e Size: 50.8 KB (50800 bytes) Detections: 1,018 Path: %SYSTEMDRIVE%\AdwCleaner\Quarantine\C\Windows\System32\drivers\webTinstMKTN.sys.vir Group: Malware file Last Updated: February 26, 2025
11.	LyricsTabyY161.exe	8c02778765ad8a134b5a413c41c2ab77	76
Name: LyricsTabyY161.exe MD5: 8c02778765ad8a134b5a413c41c2ab77 Size: 144.38 KB (144384 bytes) Detections: 76 Type: Executable File Path: %PROGRAMFILES%\LyricsTab-soft Group: Malware file Last Updated: August 16, 2017
12.	LyricsTaby.exe	c8e092fb35c243f9cf9c7fa0302c2892	76
Name: LyricsTaby.exe MD5: c8e092fb35c243f9cf9c7fa0302c2892 Size: 77.31 KB (77312 bytes) Detections: 76 Type: Executable File Path: %PROGRAMFILES%\LyricsTab-soft Group: Malware file Last Updated: August 16, 2017
13.	LyricsTabPUE.exe	e72106bf925e283d263ccb1cb3206c66	49
Name: LyricsTabPUE.exe MD5: e72106bf925e283d263ccb1cb3206c66 Size: 365.05 KB (365056 bytes) Detections: 49 Type: Executable File Path: %PROGRAMFILES%\LyricsTab-soft Group: Malware file Last Updated: August 16, 2017
14.	show-passwordh.exe	f45a4b01a673ceb3a7e5c41c19759ac4	17
Name: show-passwordh.exe MD5: f45a4b01a673ceb3a7e5c41c19759ac4 Size: 77.31 KB (77312 bytes) Detections: 17 Type: Executable File Path: c:\program files (x86)\show-password-soft Group: Malware file Last Updated: July 26, 2020
15.	ElectroLyrics-1-helper.exe	ffbd082e18d9f8812c099669c32657c5	15
Name: ElectroLyrics-1-helper.exe MD5: ffbd082e18d9f8812c099669c32657c5 Size: 311.29 KB (311296 bytes) Detections: 15 Type: Executable File Path: %PROGRAMFILES%\ElectroLyrics-1 Group: Malware file Last Updated: January 23, 2023
16.	Uninstall.exe	6b950e3d09444514cece252108550fc3	8
Name: Uninstall.exe MD5: 6b950e3d09444514cece252108550fc3 Size: 173.47 KB (173471 bytes) Detections: 8 Type: Executable File Path: %PROGRAMFILES(x86)%\bLyrics Group: Malware file Last Updated: August 18, 2017
17.	di6LyricsArtN22.exe	a68b46ebfaf878746da50277271021f0	2
Name: di6LyricsArtN22.exe MD5: a68b46ebfaf878746da50277271021f0 Size: 480.25 KB (480256 bytes) Detections: 2 Type: Executable File Path: %PROGRAMFILES%\di5LyricsArt Group: Malware file Last Updated: July 29, 2017
18.	AddLyrics.dll	16351160c73346b3cbdf424e06fc4ea3	2
Name: AddLyrics.dll MD5: 16351160c73346b3cbdf424e06fc4ea3 Size: 20B (20 bytes) Detections: 2 Type: Dynamic link library Path: %PROGRAMFILES%\AddLyrics Group: Malware file Last Updated: March 23, 2016
19.	128.dll	f8151683310be2896883079071e6e51f	2
Name: 128.dll MD5: f8151683310be2896883079071e6e51f Size: 134.65 KB (134656 bytes) Detections: 2 Type: Dynamic link library Path: %PROGRAMFILES%\LyricsNotes Group: Malware file Last Updated: August 11, 2017
20.	webTinstMKTN.sys	3a5e5dc16b59de998b7ef770c4a26a85	2
Name: webTinstMKTN.sys MD5: 3a5e5dc16b59de998b7ef770c4a26a85 Size: 14.04 KB (14040 bytes) Detections: 2 Type: System file Path: \??\C:\Windows\system32\Drivers Group: Malware file Last Updated: June 10, 2017
21.	A2ElectroLyricsr14.exe	74336377c5d2e8d2772b4056a89c829c	1
Name: A2ElectroLyricsr14.exe MD5: 74336377c5d2e8d2772b4056a89c829c Size: 423.42 KB (423424 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES(x86)%\ver4ElectroLyrics Group: Malware file Last Updated: September 14, 2016
22.	175.dll	97afe33381b0f411045152f87529c9e6	1
Name: 175.dll MD5: 97afe33381b0f411045152f87529c9e6 Size: 192 KB (192000 bytes) Detections: 1 Type: Dynamic link library Path: %PROGRAMFILES%\ver7LyricsArt Group: Malware file Last Updated: July 29, 2017
23.	LyricsParty155.exe	080d0c14cf938d908212847fa61ef212	1
Name: LyricsParty155.exe MD5: 080d0c14cf938d908212847fa61ef212 Size: 180.22 KB (180224 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES(x86)%\LyricsParty Group: Malware file Last Updated: September 14, 2016
24.	webTinstMK.sys	cdbd731c9d7e882464ab815f3694ec40	1
Name: webTinstMK.sys MD5: cdbd731c9d7e882464ab815f3694ec40 Size: 50.8 KB (50800 bytes) Detections: 1 Type: System file Path: \??\C:\WINDOWS\system32\Drivers Group: Malware file Last Updated: April 9, 2016
25.	l6ElectroLyricsO05.exe	f0db79bf3ed5f10fa2ba85c6eb5c8e97	1
Name: l6ElectroLyricsO05.exe MD5: f0db79bf3ed5f10fa2ba85c6eb5c8e97 Size: 423.42 KB (423424 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES%\ver4ElectroLyrics Group: Malware file Last Updated: September 14, 2016
26.	120.dll	65fb64d8b08781ab1fa6928f7894f1ac	1
Name: 120.dll MD5: 65fb64d8b08781ab1fa6928f7894f1ac Size: 185.85 KB (185856 bytes) Detections: 1 Type: Dynamic link library Path: %PROGRAMFILES%\LyricsNotes Group: Malware file Last Updated: August 11, 2017
27.	w7ElectroLyricsBb175.exe	8d4f4f59a51ed8f67f436e055bd0efe1	1
Name: w7ElectroLyricsBb175.exe MD5: 8d4f4f59a51ed8f67f436e055bd0efe1 Size: 161.28 KB (161280 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES(x86)%\ver4ElectroLyrics Group: Malware file Last Updated: September 14, 2016
28.	S2ElectroLyricsp.exe	20c11cfedb2ccb4783a6561f99698370	1
Name: S2ElectroLyricsp.exe MD5: 20c11cfedb2ccb4783a6561f99698370 Size: 101.37 KB (101376 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES(x86)%\ver4ElectroLyrics Group: Malware file Last Updated: September 14, 2016
29.	LprtyUP.exe	d0992437b0afe72f0958dd863ef1964a	1
Name: LprtyUP.exe MD5: d0992437b0afe72f0958dd863ef1964a Size: 229.88 KB (229888 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES%\LyricsParty Group: Malware file Last Updated: September 14, 2016

More files

Registry Details

Adware.AddLyrics may create the following registry entry or registry entries:

CLSID

{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}

Regexp file mask

%LOCALAPPDATA%\AddLyrics.exe

%WINDIR%\system32\Drivers\webinstrNew.sys

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\AddLyrics

Software\AppDataLow\Software\AddLyrics

Software\AppDataLow\Software\SuperLyrics-1

SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\AddLyrics-bg.exe

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\AddLyrics-bg.exe

SYSTEM\ControlSet001\Enum\Root\LEGACY_WEBTINSTMKTN84

SYSTEM\ControlSet001\services\webTinstMKTN84

SYSTEM\ControlSet002\Enum\Root\LEGACY_WEBTINSTMKTN84

SYSTEM\ControlSet002\services\webTinstMKTN84

SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WEBTINSTMKTN84

SYSTEM\CurrentControlSet\services\webTinstMKTN84

Directories

Adware.AddLyrics may create the following directory or directories:

%LOCALAPPDATA%\AddLyrics

%PROGRAMFILES%\AddLyrics

%PROGRAMFILES%\Auto-Lyrics

%PROGRAMFILES%\CoolLyrics

%PROGRAMFILES%\DealsCompare

%PROGRAMFILES%\EZLyrics

%PROGRAMFILES%\GetLyrics

%PROGRAMFILES%\Lyrics-Show

%PROGRAMFILES%\LyricsBD

%PROGRAMFILES%\LyricsDroid

%PROGRAMFILES%\LyricsPlus

%PROGRAMFILES%\Lyrics_Fan

%PROGRAMFILES%\M-Lyrics

%PROGRAMFILES%\Show-Lyrics

%PROGRAMFILES%\Super_Lyrics

%PROGRAMFILES%\XingHaoLyrics

%PROGRAMFILES%\bLyrics

%PROGRAMFILES%\coolwords corp

%PROGRAMFILES%\show-password-soft

%PROGRAMFILES(x86)%\AddLyrics

%PROGRAMFILES(x86)%\Auto-Lyrics

%PROGRAMFILES(x86)%\Cool-Lyrics

%PROGRAMFILES(x86)%\CoolLyrics

%PROGRAMFILES(x86)%\DealsCompare

%PROGRAMFILES(x86)%\EZLyrics

%PROGRAMFILES(x86)%\GetLyrics

%PROGRAMFILES(x86)%\LyricSearch

%PROGRAMFILES(x86)%\Lyrics-Show

%PROGRAMFILES(x86)%\LyricsBD

%PROGRAMFILES(x86)%\LyricsDroid

%PROGRAMFILES(x86)%\LyricsPlus

%PROGRAMFILES(x86)%\LyricsWatch

%PROGRAMFILES(x86)%\Lyrics_Fan

%PROGRAMFILES(x86)%\M-Lyrics

%PROGRAMFILES(x86)%\MLyrics

%PROGRAMFILES(x86)%\Show-Lyrics

%PROGRAMFILES(x86)%\Super_Lyrics

%PROGRAMFILES(x86)%\XingHaoLyrics

%PROGRAMFILES(x86)%\bLyrics

%PROGRAMFILES(x86)%\coolwords corp

%PROGRAMFILES(x86)%\find-a-deal

%PROGRAMFILES(x86)%\show-password-soft

%UserProfile%\Local Settings\Application Data\AddLyrics

Analysis Report

General information

Family Name:	Adware.AddLyrics
Signature status:	Root Not Trusted

Known Samples

MD5: a3777abb3124b81f6f8119f8125e138f

SHA1: 6a8312e2a7d49e786e0aef7512eb58f227dee3f4

File Size: 112.38 KB, 112384 bytes

MD5: c319acce7f5b8accdfc2bf7f5f2042dc

SHA1: a2854b11b9da7f8132f19e575e080d8e09a8dbab

SHA256: D258B9DD372C5AD5218A591A06469E52701A9A16F94D8BDC7859224AD1D5C15E

File Size: 745.98 KB, 745984 bytes

MD5: 11649169b4b87e379a8acba9c19114f5

SHA1: 725999c2d4ace814a0380c2dd0afa08bf646318a

SHA256: 153C5362AA678BB4174441D063787301A89D78151A385CCCC0EA566B97363D3B

File Size: 906.38 KB, 906376 bytes

MD5: e7310c1404d2c1327958e4877f643c36

SHA1: ae72d80022471dd698040cd668b2acfba36ebd70

SHA256: 016D7DF8B76B3E2F6FF1C52075141235ED3862A652C71CF0B06E18AA86DC617D

File Size: 403.44 KB, 403440 bytes

MD5: 7890f5025ee6d9c4f31ba0310e96b763

SHA1: cd1958d40a78d7437cbfcb6d6b11f4bed3e2eac7

SHA256: 831289914708B95FDC8A7ED84D02591E2AC07F47EF5D2F261ED639F9D8D010F9

File Size: 197.63 KB, 197632 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
File Description	CheckMeUp
File Version	1 . 1 . 0 . 0
Internal Name	CheckMeUp
Legal Copyright	Copyright (C) 2014
Original Filename	CheckMeUp.exe
Product Name	CheckMeUp
Product Version	1 . 1 . 0 . 0

Digital Signatures

Signer	Root	Status
Meta Installer LLC	Go Daddy Class 2 Certification Authority	Root Not Trusted
Meta Installer LLC	Meta Installer LLC	Root Not Trusted
Meta Installer LLC	Starfield Class 2 Certification Authority	Root Not Trusted

File Traits

HighEntropy
No Version Info
x86

Block Information

Total Blocks:	596
Potentially Malicious Blocks:	17
Whitelisted Blocks:	539
Unknown Blocks:	40

Visual Map

? ? ? ? 0 ? 0 ? ? ? ? ? ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? x x x x x ? ? x x x 0 x x ? 0 0 0 0 x ? x 0 ? ? ? x 0 ? 0 ? ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 ? ? ? ? 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 1 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 2 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 2 2 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

KillMBR.XE
Superweb.CA

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\installer_java_portuguese.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\installer_java_portuguese.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsb270d.tmp\installeronekit.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsmfd06.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsmfd06.tmp\nsurl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsmfd06.tmp\nsurl.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsr1063.tmp\headerleft.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr1063.tmp\metainstallerlicense_de.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr1063.tmp\metainstallerlicense_en.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr1063.tmp\metainstallerlicense_es.txt	Generic Write,Read Attributes

c:\users\user\appdata\local\temp\nsr1063.tmp\metainstallerlicense_fr.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr1063.tmp\metainstallerlicense_it.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr1063.tmp\metainstallerlicense_nl.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr1063.tmp\metainstallerlicense_pt.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr1063.tmp\modern-header.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr1063.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr1063.tmp\nsarray.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr1063.tmp\nsdialogs.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr1063.tmp\nsisdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr1063.tmp\nsrichedit.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr1063.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx1084.tmp	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Quhkxibs\AppData\Local\Temp\nsmFD06.tmp\	RegNtPreCreateKey

Windows API Usage

Category	API
Network Wininet	InternetOpen InternetOpenUrl InternetSetOption
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	CreateProcess
Anti Debug	IsDebuggerPresent
User Data Access	GetUserObjectInformation
Network Winsock2	WSAStartup
Network Winsock	closesocket connect inet_addr socket

Shell Command Execution


							C:\Users\Quhkxibs\AppData\Local\Temp\installer_java_Portuguese.exe

Adware.AddLyrics

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove Adware.AddLyrics

File System Details

Registry Details

Directories

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Related Posts

Trending

Most Viewed