Adware.Vonteera

By CagedTech in Adware

Threat Scorecard

Popularity Rank:	2,996
Threat Level:	20 % (Normal)
Infected Computers:	102,372

First Seen:	August 28, 2013
Last Seen:	October 24, 2025
OS(es) Affected:	Windows

Table of Contents

Aliases

13 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
AVG	Crypt4.BUKX
Ikarus	Trojan.Crypt4
McAfee	Artemis!3040BD1410AC
McAfee-GW-Edition	Artemis!Trojan
Avast	Win32:Dropper-gen [Drp]
Fortinet	Riskware/PUP
Ikarus	Win32.SuspectCrc
Panda	Trj/CI.A
McAfee	PUP-FSI
AhnLab-V3	Adware/Win32.Vonteera
McAfee-GW-Edition	BehavesLike.Win32.Trojan.mh
Comodo	UnclassifiedMalware
Avast	Win32:Adware-gen [Adw]

File System Details

Adware.Vonteera may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	SPK.exe	3a2bddba52a87c9ddaef3c8d341bea38	3,854
Name: SPK.exe MD5: 3a2bddba52a87c9ddaef3c8d341bea38 Size: 776.64 KB (776640 bytes) Detections: 3,854 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\SPK\SPK.exe Group: Malware file Last Updated: June 10, 2021
2.	Office.exe	70516b1af02e441076d114b513b248fb	3,080
Name: Office.exe MD5: 70516b1af02e441076d114b513b248fb Size: 187.46 KB (187464 bytes) Detections: 3,080 Type: Executable File Path: C:\Program Files\Office\Office.exe Group: Malware file Last Updated: October 19, 2022
3.	uninstall.exe	0e59d8ec928df78ee74e4a24b6d6ca2b	2,956
Name: uninstall.exe MD5: 0e59d8ec928df78ee74e4a24b6d6ca2b Size: 1.43 MB (1434048 bytes) Detections: 2,956 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\uninstall.exe Group: Malware file Last Updated: June 10, 2021
4.	SWUpdate.exe	2ca9478488ad609b7761ed95a5c5a93d	657
Name: SWUpdate.exe MD5: 2ca9478488ad609b7761ed95a5c5a93d Size: 156.24 KB (156240 bytes) Detections: 657 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\PDFConvert\SWUpdate.exe Group: Malware file Last Updated: March 16, 2023
5.	Updater.exe	5203db517872abaaf2e12ea6e8de9f80	482
Name: Updater.exe MD5: 5203db517872abaaf2e12ea6e8de9f80 Size: 181.76 KB (181760 bytes) Detections: 482 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\Photoalbum\Updater.exe Group: Malware file Last Updated: August 20, 2022
6.	addonVontsf.exe	4fb06684d7593a6c1f3f1dd678cc4f86	474
Name: addonVontsf.exe MD5: 4fb06684d7593a6c1f3f1dd678cc4f86 Size: 118.52 KB (118524 bytes) Detections: 474 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\addonVontsf.exe Group: Malware file Last Updated: April 6, 2022
7.	4EA62A9E-2468-438F-A810-60C49FCD6509	5e58511d29161b72b7d62f9526f2d066	416
Name: 4EA62A9E-2468-438F-A810-60C49FCD6509 MD5: 5e58511d29161b72b7d62f9526f2d066 Size: 221.77 KB (221776 bytes) Detections: 416 Path: C:\Windows\System32\MRT\3AC662F4-BBD5-4771-B2A0-164912094D5D\FilesStash\4EA62A9E-2468-438F-A810-60C49FCD6509 Group: Malware file Last Updated: June 1, 2022
8.	ProtectMe.dll	625284be70afeed29941da0bc5ead467	250
Name: ProtectMe.dll MD5: 625284be70afeed29941da0bc5ead467 Size: 304.72 KB (304728 bytes) Detections: 250 Type: Dynamic link library Path: C:\Windows\SysWOW64\ProtectMe.dll Group: Malware file Last Updated: January 9, 2023
9.	scope.exe	c6c58c413b72c2395b4e23fdc19d472b	188
Name: scope.exe MD5: c6c58c413b72c2395b4e23fdc19d472b Size: 82.51 KB (82512 bytes) Detections: 188 Type: Executable File Path: %APPDATA%\scope_dir Group: Malware file Last Updated: October 30, 2019
10.	Convertor.exe	6a9b253e1183ce37bd3a3d93ad0e6e58	141
Name: Convertor.exe MD5: 6a9b253e1183ce37bd3a3d93ad0e6e58 Size: 156.24 KB (156240 bytes) Detections: 141 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\Convertor\Convertor.exe Group: Malware file Last Updated: October 11, 2023
11.	D48034F7-1609-5D8B-00FC-0C5F2D83749C	a3d37971da8b868774035992d6e56226	88
Name: D48034F7-1609-5D8B-00FC-0C5F2D83749C MD5: a3d37971da8b868774035992d6e56226 Size: 185.93 KB (185936 bytes) Detections: 88 Path: C:\Windows\System32\MRT\3AC662F4-BBD5-4771-B2A0-164912094D5D\FilesStash\D48034F7-1609-5D8B-00FC-0C5F2D83749C Group: Malware file Last Updated: June 1, 2022
12.	advapi.dll	c8785b045550e490ca6332f1f0c32a57	82
Name: advapi.dll MD5: c8785b045550e490ca6332f1f0c32a57 Size: 104.96 KB (104960 bytes) Detections: 82 Type: Dynamic link library Path: C:\Users\<username>\AppData\Local\Wixer\advapi.dll Group: Malware file Last Updated: April 21, 2023
13.	1.exe	26db852f2a5d7e87a09ad8c2921d5b25	65
Name: 1.exe MD5: 26db852f2a5d7e87a09ad8c2921d5b25 Size: 677.88 KB (677888 bytes) Detections: 65 Type: Executable File Path: %APPDATA% Group: Malware file Last Updated: August 23, 2020
14.	autochr.exe	6522ec874770d6750e1c0816d251d9e8	56
Name: autochr.exe MD5: 6522ec874770d6750e1c0816d251d9e8 Size: 322.06 KB (322066 bytes) Detections: 56 Type: Executable File Path: %LOCALAPPDATA%\recoveredfiles Group: Malware file Last Updated: June 16, 2017
15.	FoxPro_64.dll	e6b0b88d7db0cab40cca2cf5fbd19631	35
Name: FoxPro_64.dll MD5: e6b0b88d7db0cab40cca2cf5fbd19631 Size: 225.36 KB (225360 bytes) Detections: 35 Type: Dynamic link library Path: %USERPROFILE%\AppData\Roaming\VolIE Group: Malware file Last Updated: October 9, 2020
16.	CAD56A99-E3CC-DD4A-D150-5D252B96F20A	d8fe00e37123e65466bcfaf7e530a72e	8
Name: CAD56A99-E3CC-DD4A-D150-5D252B96F20A MD5: d8fe00e37123e65466bcfaf7e530a72e Size: 157.18 KB (157184 bytes) Detections: 8 Path: C:\WINDOWS\System32\MRT\3AC662F4-BBD5-4771-B2A0-164912094D5D\FilesStash\CAD56A99-E3CC-DD4A-D150-5D252B96F20A Group: Malware file Last Updated: November 1, 2022
17.	Shopify_64.dll	56640a8c0663a779d5be30f0f62f311e	6
Name: Shopify_64.dll MD5: 56640a8c0663a779d5be30f0f62f311e Size: 163.96 KB (163968 bytes) Detections: 6 Type: Dynamic link library Path: %APPDATA%\VolIE\IE Group: Malware file Last Updated: April 26, 2019
18.	FoxPro_32.dll	9f98dddcd09d51c4923f04ed2ea71590	4
Name: FoxPro_32.dll MD5: 9f98dddcd09d51c4923f04ed2ea71590 Size: 187.98 KB (187984 bytes) Detections: 4 Type: Dynamic link library Path: %APPDATA%\VolIE Group: Malware file Last Updated: February 6, 2016
19.	hjmjt.exe	209af642985082a43e140b6ed279c44e	2
Name: hjmjt.exe MD5: 209af642985082a43e140b6ed279c44e Size: 11.9 MB (11908921 bytes) Detections: 2 Type: Executable File Path: %APPDATA%\Twr\Isto Group: Malware file Last Updated: October 9, 2020
20.	AdSafe_64.dll	6acdcbde45eaf59e6275333aa805a643	1
Name: AdSafe_64.dll MD5: 6acdcbde45eaf59e6275333aa805a643 Size: 157.18 KB (157184 bytes) Detections: 1 Type: Dynamic link library Path: %APPDATA%\VolIE\IE Group: Malware file Last Updated: February 6, 2016
21.	AdSafe_32.dll	81799a3a9f625c51b0fc577c0bf82f83	1
Name: AdSafe_32.dll MD5: 81799a3a9f625c51b0fc577c0bf82f83 Size: 270.74 KB (270748 bytes) Detections: 1 Type: Dynamic link library Path: %APPDATA%\VolIE\IE Group: Malware file Last Updated: February 6, 2016
22.	GUP.exe	3040bd1410ac7cd009b60e14bdda7975	1
Name: GUP.exe MD5: 3040bd1410ac7cd009b60e14bdda7975 Size: 130.04 KB (130048 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES(x86)%\AppUpd Group: Malware file Last Updated: August 28, 2015
23.	RJFC.exe	f43b436ddb1545de485716b00c22d373	1
Name: RJFC.exe MD5: f43b436ddb1545de485716b00c22d373 Size: 82.5 KB (82504 bytes) Detections: 1 Type: Executable File Path: %APPDATA%\miaul Group: Malware file Last Updated: March 25, 2016
24.	job.exe	cc40397ee1fa772fad8a1a1ae0f7eab5	1
Name: job.exe MD5: cc40397ee1fa772fad8a1a1ae0f7eab5 Size: 78.84 KB (78848 bytes) Detections: 1 Type: Executable File Path: %APPDATA%\Flasher Group: Malware file Last Updated: March 25, 2016
25.	c32s.exe	51c02b5cf5d3722ab175f02315db8f44	1
Name: c32s.exe MD5: 51c02b5cf5d3722ab175f02315db8f44 Size: 152.57 KB (152576 bytes) Detections: 1 Type: Executable File Path: %APPDATA%\Flasher Group: Malware file Last Updated: March 25, 2016
26.	noodle.exe	6cd76db541cdb6767c7fec7a591dad0f	1
Name: noodle.exe MD5: 6cd76db541cdb6767c7fec7a591dad0f Size: 1.54 MB (1545728 bytes) Detections: 1 Type: Executable File Path: %APPDATA%\Twr Group: Malware file Last Updated: February 6, 2016
27.	Shopify_32.dll	204c4b28e7f059f2f005db7ef861697a	1
Name: Shopify_32.dll MD5: 204c4b28e7f059f2f005db7ef861697a Size: 138.75 KB (138752 bytes) Detections: 1 Type: Dynamic link library Path: %APPDATA%\VolIE\IE Group: Malware file Last Updated: February 6, 2016
28.	RemoveTool.exe	a62df77c0605d7fc3f0b28930950a132	1
Name: RemoveTool.exe MD5: a62df77c0605d7fc3f0b28930950a132 Size: 51.44 KB (51446 bytes) Detections: 1 Type: Executable File Path: %LOCALAPPDATA% Group: Malware file Last Updated: March 24, 2016

More files

Registry Details

Adware.Vonteera may create the following registry entry or registry entries:

CLSID

{2ED35963-FCC9-4698-B619-787FE1C75079}

{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}

{437B9306-2FDE-4054-A3C9-6B49507C12D0}

{598AC71E-BE58-3981-B78A-5C138F423AD6}

{5CF787D4-66B4-4C7F-B78C-0AF62BA927AB}

{62CE079A-9E67-40B2-A4AB-FD75F6E88B8A}

{63D2A451-3351-178C-7BC4-13C4D58A7652}

{934B156A-3D17-3981-B78A-5C138F423AD6}

{93D0B762-03DD-416f-AA26-B65F55B8914D}

{ACEC5B69-F74E-445A-AC6C-CF621C680893}

{F0CF2525-8FA4-4F38-A06B-F02183A4D51E}

Regexp file mask

%ALLUSERSPROFILE%\Convertor\Convertor.exe

%ALLUSERSPROFILE%\Drv\Drv.exe

%ALLUSERSPROFILE%\Kirin\Kirin.exe

%AppData%\addonVont.zip

%APPDATA%\Crown\SPK.exe

%AppData%\htcon\Updater.exe

%APPDATA%\SPK\SPK.exe

%LOCALAPPDATA%\diag\Chomp.exe

%PROGRAMFILES(x86)%\GeniusXXAddon

%PROGRAMFILES(x86)%\onewebsearch

%windir%\System32\Tasks\4CEFD9B73D6C-1CRMOI2

%windir%\System32\Tasks\5FOFD9B73D6C-2CRMOI6

%WINDIR%\System32\Tasks\Volaro Update

HKEY..\..\..\..{RegistryKeys}

active_permissions\{2ED35963-FCC9-4698-B619-787FE1C75079}

active_permissions\{598AC71E-BE58-3981-B78A-5C138F423AD6}

active_permissions\{934B156A-3D17-3981-B78A-5C138F423AD6}

SOFTWARE\Classes\AdSafe.AdSafe

SOFTWARE\Classes\AdSafe.AdSafe.1

SOFTWARE\Classes\adTech.adTech

SOFTWARE\Classes\adTech.adTech.1

SOFTWARE\Classes\AppID\AdSafe.DLL

SOFTWARE\Classes\AppID\adTech.DLL

SOFTWARE\Classes\AppID\DigiAd.DLL

SOFTWARE\Classes\AppID\NoVooIT.DLL

SOFTWARE\Classes\AppID\Vonteera.DLL

SOFTWARE\Classes\AppID\{6DD1B906-45FA-4A57-9AC6-01108C25067F}

SOFTWARE\Classes\DigiAd.DigiAd

SOFTWARE\Classes\DigiAd.DigiAd.1

SOFTWARE\Classes\FoxPro.FoxPro

SOFTWARE\Classes\FoxPro.FoxPro.1

SOFTWARE\Classes\NoVooIT.NoVooIT

SOFTWARE\Classes\NoVooIT.NoVooIT.1

SOFTWARE\Classes\Vonteera.Vonteera

SOFTWARE\Classes\Vonteera.Vonteera.1

SOFTWARE\Classes\Wow6432Node\AppID\AdSafe.DLL

SOFTWARE\Classes\Wow6432Node\AppID\adTech.DLL

SOFTWARE\Classes\Wow6432Node\AppID\DigiAd.DLL

SOFTWARE\Classes\Wow6432Node\AppID\NoVooIT.DLL

SOFTWARE\Classes\Wow6432Node\AppID\Vonteera.DLL

SOFTWARE\Classes\Wow6432Node\AppID\{6DD1B906-45FA-4A57-9AC6-01108C25067F}

Software\Microsoft\Internet Explorer\Approved Extensions\{437B9306-2FDE-4054-A3C9-6B49507C12D0}

Software\Microsoft\Internet Explorer\Approved Extensions\{598AC71E-BE58-3981-B78A-5C138F423AD6}

Software\Microsoft\Internet Explorer\Approved Extensions\{934B156A-3D17-3981-B78A-5C138F423AD6}

Software\Microsoft\Internet Explorer\SearchScopes\{756D1D40-E491-4E1D-9BC6-5B37CEDE646E}

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4CEFD9B73D6C-1CRMOI2

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5FOFD9B73D6C-2CRMOI6

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9A5A8340-6B15

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Volaro Update

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinKit

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Winsta Update

Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{437B9306-2FDE-4054-A3C9-6B49507C12D0}

Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{598AC71E-BE58-3981-B78A-5C138F423AD6}

Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62CE079A-9E67-40B2-A4AB-FD75F6E88B8A}

Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{934B156A-3D17-3981-B78A-5C138F423AD6}

Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{62CE079A-9E67-40B2-A4AB-FD75F6E88B8A}

Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2ED35963-FCC9-4698-B619-787FE1C75079}

Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{437B9306-2FDE-4054-A3C9-6B49507C12D0}

Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{598AC71E-BE58-3981-B78A-5C138F423AD6}

Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{62CE079A-9E67-40B2-A4AB-FD75F6E88B8A}

Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{934B156A-3D17-3981-B78A-5C138F423AD6}

Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2ED35963-FCC9-4698-B619-787FE1C75079}

Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{437B9306-2FDE-4054-A3C9-6B49507C12D0}

Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{598AC71E-BE58-3981-B78A-5C138F423AD6}

Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62CE079A-9E67-40B2-A4AB-FD75F6E88B8A}

Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{934B156A-3D17-3981-B78A-5C138F423AD6}

Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{2ED35963-FCC9-4698-B619-787FE1C75079}

Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{437B9306-2FDE-4054-A3C9-6B49507C12D0}

Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{598AC71E-BE58-3981-B78A-5C138F423AD6}

Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{934B156A-3D17-3981-B78A-5C138F423AD6}

Software\NoVooIT

Software\NoVooITSet

Software\Volaro

SOFTWARE\Volaro Updater

Software\Vonteera

Software\Vonteera Safe ads

SOFTWARE\Vontera

SOFTWARE\Wow6432Node\Classes\AppID\AdSafe.DLL

SOFTWARE\Wow6432Node\Classes\AppID\adTech.DLL

SOFTWARE\Wow6432Node\Classes\AppID\DigiAd.DLL

SOFTWARE\Wow6432Node\Classes\AppID\NoVooIT.DLL

SOFTWARE\Wow6432Node\Classes\AppID\Vonteera.DLL

SOFTWARE\Wow6432Node\Classes\AppID\{6DD1B906-45FA-4A57-9AC6-01108C25067F}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{756D1D40-E491-4E1D-9BC6-5B37CEDE646E}

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{437B9306-2FDE-4054-A3C9-6B49507C12D0}

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{598AC71E-BE58-3981-B78A-5C138F423AD6}

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{934B156A-3D17-3981-B78A-5C138F423AD6}

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{62CE079A-9E67-40B2-A4AB-FD75F6E88B8A}

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{2ED35963-FCC9-4698-B619-787FE1C75079}

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{437B9306-2FDE-4054-A3C9-6B49507C12D0}

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{598AC71E-BE58-3981-B78A-5C138F423AD6}

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{934B156A-3D17-3981-B78A-5C138F423AD6}

SOFTWARE\Wow6432Node\NoVooIT

SOFTWARE\Wow6432Node\Volaro Updater

SOFTWARE\Wow6432Node\Vonteera

SOFTWARE\Wow6432Node\Vontera

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

ARHome

GeniusXX

Volaro Updater

Vonteera

Vonteera Safe ads

Directories

Adware.Vonteera may create the following directory or directories:

%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\NoVooITSet

%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Vonteera

%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Vonteera Safe ads

%APPDATA%\Convertor

%APPDATA%\Fixs

%APPDATA%\Flasher

%APPDATA%\NewNotepad

%APPDATA%\NoVooIT

%APPDATA%\NoVooITAddon

%APPDATA%\Notepader

%APPDATA%\PlusN

%APPDATA%\SoftAd

%APPDATA%\VolIE

%APPDATA%\WinKit

%APPDATA%\Winsta

%APPDATA%\denc

%APPDATA%\homerj

%APPDATA%\jellylam

%APPDATA%\miaul

%APPDATA%\myNotepad

%APPDATA%\npp

%APPDATA%\twr

%AppData%\Microsoft\Windows\Start Menu\Programs\GeniusXX

%LOCALAPPDATA%\Hoffer

%LOCALAPPDATA%\Wixer

%LOCALAPPDATA%\recoveredfiles

%PROGRAMFILES%\AdsFree

%PROGRAMFILES%\GeniusXXAddon

%PROGRAMFILES%\Mozilla Firefox\distribution\bundles\addon@Vonteera.com

%PROGRAMFILES%\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com

%PROGRAMFILES%\Mozilla Firefox\distribution\bundles\jason@schober.net

%PROGRAMFILES%\NoVooIT

%PROGRAMFILES%\NoVooITAddon

%PROGRAMFILES%\Volaro

%PROGRAMFILES%\VonteeraAddon

%PROGRAMFILES%\VonteeraSafeAds

%PROGRAMFILES%\Winsta

%PROGRAMFILES(x86)%\AdsFree

%PROGRAMFILES(x86)%\AppUpd

%PROGRAMFILES(x86)%\GeniusXXAddon

%PROGRAMFILES(x86)%\Mozilla Firefox\distribution\bundles\addon@Vonteera.com

%PROGRAMFILES(x86)%\Mozilla Firefox\distribution\bundles\addonFF@AdvanT.com

%PROGRAMFILES(x86)%\Volaro

%PROGRAMFILES(x86)%\VonteeraAddon

%PROGRAMFILES(x86)%\VonteeraSafeAds

%PROGRAMFILES(x86)%\Winsta

%appdata%\orlando

%appdata%\pdfie

URLs

Adware.Vonteera may call the following URLs:

Vonteera

exclusivetechnews.com

newsouts.com

Analysis Report

General information

Family Name:	Adware.Vonteera
Signature status:	Modified signature

Known Samples

MD5: 37beb19d2cc96e5ab81ffdcad3facdec

SHA1: 867935e8de11b32874a0cb6ff780e97d3e0cbd1b

SHA256: 11EDEC7BE728E1AF36A8EBDE5B868BCD9C11067D3BC7852D2E2EFC236DF3D9A4

File Size: 476.24 KB, 476240 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\alnaddy_config.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\eula.rtf	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\left.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nso467c.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nso467d.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nso467d.tmp\nsdialogs.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nso467d.tmp\nsisdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nso467d.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\open	Generic Write,Read Attributes

Windows API Usage

Category	API
Network Winsock2	WSAStartup
Network Winsock	closesocket gethostbyname inet_addr socket

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Adware.Vonteera

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

File System Details

Registry Details

Directories

URLs

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Files Modified

Files Modified

Windows API Usage

Windows API Usage

Submit Comment

Trending

American Express - Sign-in Attempt Was Blocked Scam

OKX Rewards Scam

Chainspanhub.com

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Is Stuck on Gray Screen

Discord Shows Black Screen when Sharing Screen