Multi-License Discount Quote

Change Region

English
Threat Database Adware Adware.Complitly

Adware.Complitly

By CagedTech in Adware

Threat Scorecard

Popularity Rank: 9,996
Threat Level: 20 % (Normal)
Infected Computers: 10,470
First Seen: May 4, 2013
Last Seen: December 1, 2025
OS(es) Affected: Windows

SpyHunter Detects & Remove Adware.Complitly

File System Details

Adware.Complitly may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. Complitly.dll d729490c3ef7e4a1b67e38bfff00ab8e 131
2. Complitly64.dll 1d1d8b81144cff8e67c81f10fd132588 120
3. ComplitlyEngine.dll f68402d3530ffa384c1eadaf8d9675a8 13
4. ComplitlyEngine64.dll d0de5fe3d424572552a27be6a47b5d4b 2
More files

Registry Details

Adware.Complitly may create the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
SOFTWARE\Classes\AppID\Complitly.DLL
Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
SOFTWARE\Wow6432Node\Classes\AppID\Complitly.DLL
Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
{4FFBB818-B13C-11E0-931D-B2664824019B}_is1

Directories

Adware.Complitly may create the following directory or directories:

%APPDATA%\Complitly
%APPDATA%\ComplitlyEngine
%PROGRAMFILES%\Complitly
%PROGRAMFILES(x86)%\Complitly

Analysis Report

General information

Family Name: Adware.Complitly
Signature status: No Signature

Known Samples

MD5: 7fe8aae525239120e61062ea79548f39
SHA1: ec8f527f0ae15c589eaa1f33da08ce63d541aa78
SHA256: 7F883F00E192C3606C3A5623F1E1C5DA2D9E6494A0AD7058DC254102CE57AA4B
File Size: 3.08 MB, 3077108 bytes
MD5: ab3de0060863baf019988d582045d416
SHA1: fdbb1c38e6219a2a30c903ef1a6b759f608c7194
SHA256: 43E7B1542ED079DA4553827C951C60BD952B896C2E0984331D23FDFF450901F7
File Size: 92.89 KB, 92888 bytes
MD5: 3a8df8210640033fed2e368a67142add
SHA1: 5e530ed3ed2ca4bf7e3cd75812e8a19ea238e7a4
SHA256: F794D5650BC99A1B914B818B5118561C211C1A1BADB1DE038799339AEEA86D0F
File Size: 5.83 MB, 5825439 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments This installation was built with Inno Setup.
Company Name
  • Chris P.C. srl
  • y-mule.com
File Description
  • ChrisPC Free Anonymous Proxy Setup
  • yMule Youtube Downloader Setup
File Version 2.1
Legal Copyright
  • Copyright (c) 2010, y-mule.com
  • Copyright © 2011 Chris P.C. srl
Product Name
  • ChrisPC Free Anonymous Proxy
  • yMule Youtube Downloader
Product Version 2.1

Digital Signatures

Signer Root Status
SimplyGen SimplyGen Self Signed

Files Modified

File Attributes
c:\users\user\appdata\local\temp\bhoupdater.restart Generic Read,Generic Execute,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 786496
c:\users\user\appdata\local\temp\is-e0m0p.tmp\5e530ed3ed2ca4bf7e3cd75812e8a19ea238e7a4_0005825439.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-rdfgv.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-rdfgv.tmp\_isetup\_shfoldr.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-rdfgv.tmp\itdownload.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-rdfgv.tmp\toolbar_preview.bmp Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 炜挪ǜ RegNtPreCreateKey

Windows API Usage

Category API
Network Wininet
  • HttpQueryInfo
  • InternetOpen
  • InternetOpenUrl
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
  • WriteConsole
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
Show More
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Other Suspicious
  • AdjustTokenPrivileges
Process Terminate
  • TerminateProcess

Shell Command Execution

"C:\Users\Jxsqlcpx\AppData\Local\Temp\is-E0M0P.tmp\5e530ed3ed2ca4bf7e3cd75812e8a19ea238e7a4_0005825439.tmp" /SL5="$E005C,5403605,140288,c:\users\user\downloads\5e530ed3ed2ca4bf7e3cd75812e8a19ea238e7a4_0005825439"
open taskkill.exe /f /im yMule.exe
WriteConsole: ERROR: The proce

Trending

Most Viewed

Loading...