Multi-License Discount Quote

Change Region

English
Threat Database Adware Adware.DiscountDragon

Adware.DiscountDragon

By CagedTech in Adware

Threat Scorecard

Popularity Rank: 15,320
Threat Level: 20 % (Normal)
Infected Computers: 3,849
First Seen: April 5, 2013
Last Seen: January 22, 2026
OS(es) Affected: Windows

SpyHunter Detects & Remove Adware.DiscountDragon

File System Details

Adware.DiscountDragon may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. repair.js 8420123e490a28b0a19545e3a570a1fc 2,037
2. FrameworkBHO.dll.vir 9006ddefe11efa5bf631ca6509cd1ffb 68
3. FrameworkBHO.dll 90aa68e19743fe6e14ccf8ea068349e2 29
More files

Registry Details

Adware.DiscountDragon may create the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110111271151}
SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\Discount Dragon-bg.exe
SOFTWARE\Wow6432Node\Discount Dragon
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\Discount Dragon-bg.exe
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
38900_Discount Dragon
Discount Dragon

Directories

Adware.DiscountDragon may create the following directory or directories:

%LOCALAPPDATA%\Discount Dragon
%LOCALAPPDATA%\Updater12751
%PROGRAMFILES%\Discount Dragon
%PROGRAMFILES(x86)%\Discount Dragon

URLs

Adware.DiscountDragon may call the following URLs:

Discount Dragon

Analysis Report

General information

Family Name: Adware.DiscountDragon
Signature status: No Signature

Known Samples

MD5: 8ebd3de6c3d385cd1541a4c22a991fff
SHA1: b16bcc129d55c793760c96c08201906970f2f3e2
SHA256: 1F2E012FB0A9871FB66BD61061321952F636264BC2758339A53435F9482DE8A9
File Size: 163.01 KB, 163008 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

  • Installer Manifest
  • nosig nsis
  • No Version Info
  • Nullsoft Installer
  • x86

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna95c.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna95c.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna95c.tmp\ping.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna95c.tmp\splash.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna95c.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxa94b.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 쑰荜訯ǜ RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
Show More
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Process Terminate
  • TerminateProcess

Shell Command Execution

"C:\WINDOWS\system32\cscript.exe" //Nologo "ping.js" "http://cdnstats-a.akamaihd.net/s.gif?t=prxask&ptsk=s&v=1.0.20141023&appid=38900&pid=1733&zone=0" "" ""

Trending

Most Viewed

Loading...