SuperWeb

By Domesticus in Adware

Threat Scorecard

Popularity Rank:	1,209
Threat Level:	20 % (Normal)
Infected Computers:	315,948

First Seen:	October 14, 2013
Last Seen:	February 2, 2026
OS(es) Affected:	Windows

considered a Potentially Unwanted Program. SuperWeb usually enters a computer bundled with other software. Once SuperWeb has been installed, SuperWeb may make changes to the affected Web browser that causes numerous problems on the affected computer. The point of SuperWeb and symptoms associated with this PUP is to expose computer users to marketing or advertising material. SuperWeb can make it very hard for computer users to use the affected Web browser effectively since many of SuperWeb's symptoms may interrupt the affected computer user's activities and make it difficult to access unrelated websites normally. Malware analysts recommend the immediate removal of SuperWeb with the help of a fully updated anti-malware application.

Table of Contents

SuperWeb – The Adware without Super Powers

A large number of symptoms that may be associated with SuperWeb have been noticed. The following are symptoms that may be associated with SuperWeb and similar adware threats:

SuperWeb makes various changes to your Web browser and system settings.
SuperWeb can affect your Web browser and the computer's performance. The SuperWeb adware may cause the affected Web browser to freeze or crash at random intervals.
SuperWeb may make your Web browser more vulnerable to other threats by decreasing its security settings and preventing computer users from visiting certain websites or launch certain applications.
SuperWeb may change your Web browser's default search engine and home page. This makes it possible for SuperWeb to expose computer users to potentially unsafe online content when the affected Web browser is launched.
SuperWeb may cause browser redirects, forcing computer users to visit SuperWeb's related websites repeatedly.
SuperWeb may cause affected Web browsers to display pop-up windows and advertisements.

If SuperWeb is installed on your Web browser, it is important to remove SuperWeb immediately with the help of a reliable anti-malware program. In many cases, SuperWeb may make changes to your Web browser that should be removed manually even after SuperWeb has been uninstalled. To prevent future SuperWeb infections, always download software from reliable, reputable sources and use custom installation to ensure that no unwanted components, such as SuperWeb or other PUPs, are also being installed on your computer.

SpyHunter Detects & Remove SuperWeb

File System Details

SuperWeb may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	CommonShare.BrowserAdapter.exe	59de06fe556c7ec3cd018d82eab71bb3	1,190
Name: CommonShare.BrowserAdapter.exe MD5: 59de06fe556c7ec3cd018d82eab71bb3 Size: 98.59 KB (98592 bytes) Detections: 1,190 Type: Executable File Path: %PROGRAMFILES(x86)%\CommonShare\bin Group: Malware file Last Updated: February 25, 2020
2.	utilCommonShare.exe	891329b7b6b8452414eb845abb14def9	846
Name: utilCommonShare.exe MD5: 891329b7b6b8452414eb845abb14def9 Size: 526.11 KB (526112 bytes) Detections: 846 Type: Executable File Path: %PROGRAMFILES%\CommonShare\bin Group: Malware file Last Updated: April 12, 2016
3.	HoldPage.expext.exe.vir	b8d1984f7ecaff442f63253ed81a6a50	807
Name: HoldPage.expext.exe.vir MD5: b8d1984f7ecaff442f63253ed81a6a50 Size: 101.61 KB (101616 bytes) Detections: 807 Path: %SYSTEMDRIVE%\AdwCleaner\Quarantine\C\Program Files (x86)\Hold Page\bin\HoldPage.expext.exe.vir Group: Malware file Last Updated: September 21, 2020
4.	CommonShare.BrowserAdapter64.exe	a81f9ceda5070504eff0a1e7d09997a8	702
Name: CommonShare.BrowserAdapter64.exe MD5: a81f9ceda5070504eff0a1e7d09997a8 Size: 114.97 KB (114976 bytes) Detections: 702 Type: Executable File Path: C:\Program Files (x86)\CommonShare\bin\CommonShare.BrowserAdapter64.exe Group: Malware file Last Updated: February 13, 2023
5.	HoldPage.BrowserAdapter.exe	afe8668cce6cc3bd72a3a03616a4d9be	535
Name: HoldPage.BrowserAdapter.exe MD5: afe8668cce6cc3bd72a3a03616a4d9be Size: 98.54 KB (98544 bytes) Detections: 535 Type: Executable File Path: %PROGRAMFILES%\Hold Page\bin Group: Malware file Last Updated: April 12, 2016
6.	SmarterPower.BrowserAdapter.exe	0e74af254cd319c7c66cc8d724584083	392
Name: SmarterPower.BrowserAdapter.exe MD5: 0e74af254cd319c7c66cc8d724584083 Size: 98.55 KB (98552 bytes) Detections: 392 Type: Executable File Path: %PROGRAMFILES%\SmarterPower\bin Group: Malware file Last Updated: April 12, 2016
7.	DynamoCombo.BrowserAdapter.exe	238c27d59df09b84bebd73c3372ed759	358
Name: DynamoCombo.BrowserAdapter.exe MD5: 238c27d59df09b84bebd73c3372ed759 Size: 104.18 KB (104184 bytes) Detections: 358 Type: Executable File Path: %PROGRAMFILES(x86)%\Dynamo Combo\bin Group: Malware file Last Updated: June 30, 2020
8.	SolutionReal.BrowserAdapter.exe	a731f5f89d6ce12ecb8b6a1566349f20	350
Name: SolutionReal.BrowserAdapter.exe MD5: a731f5f89d6ce12ecb8b6a1566349f20 Size: 104.18 KB (104184 bytes) Detections: 350 Type: Executable File Path: %PROGRAMFILES%\Solution Real\bin Group: Malware file Last Updated: April 12, 2016
9.	CommonShare.PurBrowse64.exe	56939125c535702b818999da70f5f255	348
Name: CommonShare.PurBrowse64.exe MD5: 56939125c535702b818999da70f5f255 Size: 349.98 KB (349984 bytes) Detections: 348 Type: Executable File Path: %PROGRAMFILES(x86)%\CommonShare\bin Group: Malware file Last Updated: April 12, 2016
10.	{2b929fe1-284b-4766-afb9-19b0915b99b0}w64.sys	8349d0da50d0c789e572a275acb7eb76	336
Name: {2b929fe1-284b-4766-afb9-19b0915b99b0}w64.sys MD5: 8349d0da50d0c789e572a275acb7eb76 Size: 61.63 KB (61632 bytes) Detections: 336 Type: System file Path: system32\drivers Group: Malware file Last Updated: January 21, 2020
11.	{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys	57493352c11f1e4f755b84a6817f4ea6	327
Name: {2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys MD5: 57493352c11f1e4f755b84a6817f4ea6 Size: 61.12 KB (61120 bytes) Detections: 327 Type: System file Path: system32\drivers Group: Malware file Last Updated: April 9, 2016
12.	HoldPage.PurBrowse64.exe	3d4584f6afa551723fba8bc009756150	325
Name: HoldPage.PurBrowse64.exe MD5: 3d4584f6afa551723fba8bc009756150 Size: 353 KB (353008 bytes) Detections: 325 Type: Executable File Path: %PROGRAMFILES(x86)%\Hold Page\bin Group: Malware file Last Updated: April 12, 2016
13.	LinkSwift.expext.exe	ab99c331fe1edcd8a2824056ad0c03e1	285
Name: LinkSwift.expext.exe MD5: ab99c331fe1edcd8a2824056ad0c03e1 Size: 101.66 KB (101664 bytes) Detections: 285 Type: Executable File Path: %PROGRAMFILES(x86)%\LinkSwift\bin Group: Malware file Last Updated: May 1, 2022
14.	plugincontainer.exe	b2052586345a37c1b7b5ba132c1928c5	285
Name: plugincontainer.exe MD5: b2052586345a37c1b7b5ba132c1928c5 Size: 1.58 MB (1585376 bytes) Detections: 285 Type: Executable File Path: %ALLUSERSPROFILE%\4f596ec3-77fb-4fc3-82cb-691c42c71d77 Group: Malware file Last Updated: August 23, 2017
15.	AppBud.PurBrowse64.exe	d537d5453272d535f3f74871ee566e0a	278
Name: AppBud.PurBrowse64.exe MD5: d537d5453272d535f3f74871ee566e0a Size: 286.96 KB (286960 bytes) Detections: 278 Type: Executable File Path: %PROGRAMFILES(x86)%\App Bud\bin Group: Malware file Last Updated: April 12, 2016
16.	plugin.exe	6092e7cac117597778b82a79da8a620b	272
Name: plugin.exe MD5: 6092e7cac117597778b82a79da8a620b Size: 518.9 KB (518904 bytes) Detections: 272 Type: Executable File Path: %ALLUSERSPROFILE%\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\5 Group: Malware file Last Updated: March 23, 2016
17.	snipsmart.expext.exe	c7ea05d1a3d6410a828dbfed4064a719	271
Name: snipsmart.expext.exe MD5: c7ea05d1a3d6410a828dbfed4064a719 Size: 101.61 KB (101616 bytes) Detections: 271 Type: Executable File Path: %PROGRAMFILES%\snipsmart\bin Group: Malware file Last Updated: February 19, 2020
18.	{5eeb83d0-96ea-4249-942c-beead6847053}Gw64.sys	f177bb280d7b2361db7b5833965c5cc1	268
Name: {5eeb83d0-96ea-4249-942c-beead6847053}Gw64.sys MD5: f177bb280d7b2361db7b5833965c5cc1 Size: 44.69 KB (44696 bytes) Detections: 268 Type: System file Path: system32\drivers Group: Malware file Last Updated: January 27, 2020
19.	HoldPage.expext.exe	e0cdd316ba7f04718ae501a2fa125923	256
Name: HoldPage.expext.exe MD5: e0cdd316ba7f04718ae501a2fa125923 Size: 101.61 KB (101616 bytes) Detections: 256 Type: Executable File Path: %PROGRAMFILES(x86)%\Hold Page\bin Group: Malware file Last Updated: November 9, 2021
20.	DynamoCombo.expext.exe	53af70b8c7e99cea638e151d113feb75	250
Name: DynamoCombo.expext.exe MD5: 53af70b8c7e99cea638e151d113feb75 Size: 101.62 KB (101624 bytes) Detections: 250 Type: Executable File Path: %PROGRAMFILES(x86)%\Dynamo Combo\bin Group: Malware file Last Updated: June 30, 2020
21.	SolutionReal.expext.exe	eeea87863384b3a6b93d08ddd72d89ad	245
Name: SolutionReal.expext.exe MD5: eeea87863384b3a6b93d08ddd72d89ad Size: 101.62 KB (101624 bytes) Detections: 245 Type: Executable File Path: %PROGRAMFILES%\Solution Real\bin Group: Malware file Last Updated: April 12, 2016
22.	DynamoCombo.BrowserAdapter64.exe	6c7b623ff56e22376b8f3953e53e56e4	216
Name: DynamoCombo.BrowserAdapter64.exe MD5: 6c7b623ff56e22376b8f3953e53e56e4 Size: 121.59 KB (121592 bytes) Detections: 216 Type: Executable File Path: %PROGRAMFILES(x86)%\Dynamo Combo\bin Group: Malware file Last Updated: June 30, 2020
23.	SolutionReal.BrowserAdapter64.exe	7888e716624bbc432387e4a439cb71a5	215
Name: SolutionReal.BrowserAdapter64.exe MD5: 7888e716624bbc432387e4a439cb71a5 Size: 121.59 KB (121592 bytes) Detections: 215 Type: Executable File Path: %PROGRAMFILES(x86)%\Solution Real\bin Group: Malware file Last Updated: April 12, 2016
24.	HoldPage.BrowserAdapter64.exe	e96a06378cb9532066b7b5414a185eb7	201
Name: HoldPage.BrowserAdapter64.exe MD5: e96a06378cb9532066b7b5414a185eb7 Size: 114.92 KB (114928 bytes) Detections: 201 Type: Executable File Path: %PROGRAMFILES(x86)%\Hold Page\bin Group: Malware file Last Updated: April 12, 2016
25.	LinkSwift.BrowserAdapter64.exe	7449473c01ead70c6735e3dc23279b6d	194
Name: LinkSwift.BrowserAdapter64.exe MD5: 7449473c01ead70c6735e3dc23279b6d Size: 121.63 KB (121632 bytes) Detections: 194 Type: Executable File Path: %PROGRAMFILES(x86)%\LinkSwift\bin Group: Malware file Last Updated: May 1, 2022
26.	FramedDisplay.BrowserAdapter64.exe	f90b5e39a2ba19fea6ec4fae10dd7c30	178
Name: FramedDisplay.BrowserAdapter64.exe MD5: f90b5e39a2ba19fea6ec4fae10dd7c30 Size: 114.93 KB (114936 bytes) Detections: 178 Type: Executable File Path: %PROGRAMFILES(x86)%\Framed Display\bin Group: Malware file Last Updated: April 12, 2016
27.	adv_111.exe	a8b6cacd8df3bb464292cfe3f3db30ad	1
Name: adv_111.exe MD5: a8b6cacd8df3bb464292cfe3f3db30ad Size: 465.18 KB (465184 bytes) Detections: 1 Type: Executable File Path: %TEMP%\f9626892-7a78-3199-abd2-97bbce96297b Group: Malware file Last Updated: June 1, 2016
28.	updater.exe	9cadc71e8a5d8633449149979cd0adaf	1
Name: updater.exe MD5: 9cadc71e8a5d8633449149979cd0adaf Size: 546.53 KB (546536 bytes) Detections: 1 Type: Executable File Path: %COMMONPROGRAMFILES(x86)%\9466af57-1f38-4973-ab1c-22f7e17e2d6a Group: Malware file Last Updated: November 13, 2015

More files

Registry Details

SuperWeb may create the following registry entry or registry entries:

CLSID

{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

{41c3f0a0-de7a-4bf3-9ab6-16ccde2d4655}

{4AA46D49-459F-4358-B4D1-169048547C23}

{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}

{99415057-7C50-439D-AA20-02D83C071B61}

{A07E5BFF-B16C-4ABA-A30F-514213A945E6}

{A2D733A7-73B0-4C6B-B0C7-06A432950B66}

{B853E835-9F24-4F4B-B55C-E554D15CCCD2}

{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}

{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

File name without path

hdapp1008-a.akamaihd[1].xml

https_hdapp1008-a.akamaihd.net_0.localstorage

https_hdapp1008-a.akamaihd.net_0.localstorage-journal

Regexp file mask

%COMMONPROGRAMFILES%\3a08aecf-996c-434c-872d-c3768a6d9134\updater.exe

%COMMONPROGRAMFILES(x86)%\3a08aecf-996c-434c-872d-c3768a6d9134\updater.exe

%HOMEDRIVE%\ods.exe.config

%HOMEDRIVE%\search-simple.xml

%WINDIR%\System32\drivers\wStLibG64.sys

%WINDIR%\system32\drivers\{[RANDOM CHARACTERS]-[RANDOM CHARACTERS]-[RANDOM CHARACTERS]-[RANDOM CHARACTERS]-[RANDOM CHARACTERS]}w{1,4}.sys

HKEY..\..\..\..{RegistryKeys}

Software\Microsoft\Internet Explorer\DOMStorage\hdapp1008-a.akamaihd.net

SYSTEM\ControlSet001\Services\Service Mgr SearchQuickKnow

SYSTEM\ControlSet001\Services\Update Mgr SearchQuickKnow

SYSTEM\ControlSet002\Services\Service Mgr SearchQuickKnow

SYSTEM\ControlSet002\Services\Update Mgr SearchQuickKnow

SYSTEM\CurrentControlSet\Services\Service Mgr SearchQuickKnow

SYSTEM\CurrentControlSet\Services\Update Mgr SearchQuickKnow

Directories

SuperWeb may create the following directory or directories:

%COMMONPROGRAMFILES%\475a9272-9606-46f5-b309-fdfc084777bf

%COMMONPROGRAMFILES%\9466af57-1f38-4973-ab1c-22f7e17e2d6a

%COMMONPROGRAMFILES(x86)%\475a9272-9606-46f5-b309-fdfc084777bf

%COMMONPROGRAMFILES(x86)%\9466af57-1f38-4973-ab1c-22f7e17e2d6a

Analysis Report

General information

Family Name:	Adware.SuperWeb
Signature status:	Self Signed

Known Samples

MD5: 94254bc59d831c6da6e1e82ebd881cdf

SHA1: 7502c1eb81871a148c6428c70adcf131bac87333

File Size: 123.62 KB, 123624 bytes

MD5: 8b01fe932b870b042fadf1d666fb1a5c

SHA1: 750441d966ab4d5ac9506b08262c339b61c48bd2

File Size: 511.20 KB, 511200 bytes

MD5: e8d07d009370a8a2ef7146fd7166eb54

SHA1: 47690b46707ba426c4bd511d134593d1288101e8

File Size: 565.52 KB, 565520 bytes

MD5: 1bdc7669943dcbe639a140e1c2db8a7a

SHA1: 2a6e22e88e4721d20336e788da7f2761fe114cc7

File Size: 298.95 KB, 298952 bytes

MD5: 7ebd050e2e6e1d71acccdb38fb22c3c6

SHA1: 9e7f0e18c40ce73f3d83dbc7881e14fea13b85d5

File Size: 556.30 KB, 556304 bytes

MD5: e38dbe40cc4a47c6fd54bde372e0d86f

SHA1: 1d9fe3cfc948a5c2811d71029920e82476c3dadc

File Size: 96.54 KB, 96544 bytes

MD5: 6097f92c78c8f0bd7cd06364e7b9ce4e

SHA1: 5f8a18c32b203dc19404a5d3836ae7e18d5f502e

SHA256: C9A95560D4C2F2B4D4C46CD2BFC190A2382D0ACFD1CF2C574A068B532CFD0CF4

File Size: 128.20 KB, 128200 bytes

MD5: a1edf5ea201a2ce45514bcdfe57e6a23

SHA1: c828e49499e3964c8b84e8474bd9384e57b08a51

SHA256: 61AB4EA38F133A6A5A6C4183678EE908A337CB42434DA43921618501A6261553

File Size: 299.11 KB, 299112 bytes

MD5: 8f8ff52a6ad78acc04cf446aab01f6d2

SHA1: a10003f95985f265566f71397a79dc633f8a13f7

SHA256: C8AD7995888A215096F1F76266CD5954FCEC8ACB3FD3F8BBE3873F56B0D2B34E

File Size: 728.29 KB, 728288 bytes

MD5: c7870749b26252895e82e1648af39818

SHA1: 00ee9d363de8cb9f0227bde3705645fe0115fc87

SHA256: C5D2FEE7F1ABF6FDCDD2AFFE78EA248B779BC328865A62061BCCC7767998F356

File Size: 128.20 KB, 128200 bytes

MD5: 99e27a14f430138ee9f7e93d22f4f95b

SHA1: a9b3fa80a0e636297d6ac2629cbeef445ae2c40a

SHA256: A9E5104D8FA6E6C1AA092FC9EE9FAF001B4BC5C4EFAC5A5E9CD1E0272CFCAB17

File Size: 583.49 KB, 583488 bytes

MD5: 69c7d595c572ac7b6af0a64550fc2559

SHA1: 50fdf6042a1ed47112b9dbea1e2a8c5b74ec27ad

SHA256: 0BE7E155C86FB85FD4EB99CD7F8FF9015CAEBA36C82CDE85A260393CDD12B652

File Size: 579.82 KB, 579816 bytes

MD5: ce7e988f9efd05a732d271e03c320627

SHA1: dd1573697e77e38625ac627e23cced46754d7746

SHA256: D0433917CF82EB560DC66076C3BBF6F3FA80B0C7F1B3A605467EED476038D298

File Size: 509.70 KB, 509704 bytes

MD5: a1562d710fb7c23982fbc5df28774a7f

SHA1: 4f17495498440b8c24b49544f2d1bdf2a8af8448

SHA256: 3B7636CD1BAA3DAA25B23F96907599867F4E9DCDED5564E6EFD868B79D2EAE41

File Size: 577.24 KB, 577240 bytes

MD5: 40ce2561fe1c672961a1b803b58f9416

SHA1: 2ba141911fe68e35b41e7747eb1e5617155d4033

SHA256: 3F51CDEDC096711612393E14C4ADFC4275A1E81A7F860B44C78016DB6707792B

File Size: 579.30 KB, 579296 bytes

MD5: 303cc5f72ea349c902bfc5c5d4786050

SHA1: 11938fb6c2c995b3edf0fbf02e5466e7f5a1bd66

SHA256: 3946D2C5253376EDFB9A4831930EB87A45854152268C42E1D41BA514333086A2

File Size: 1.65 MB, 1649904 bytes

MD5: ea787b0e1ad0c6dfe45894023e11f7b2

SHA1: d8ee0c261d21dbe7bd737604c927708dbf16149f

SHA256: F51141C319A527B43585D61E0B14645B8F974E89D3A4FEE37D981B71ED361B8B

File Size: 55.52 KB, 55520 bytes

MD5: 6dd5ba7c6a3035c314a9c5dd2db63e76

SHA1: 8c321113efdb61e337e714a8401de9950cf17d32

SHA256: 88A07951A03C07CD6CBF74590A8644122F6C963DFC115F3A73897B7945A10C54

File Size: 571.61 KB, 571608 bytes

MD5: a73435a4bfd4183d23b1458ae4e89b98

SHA1: 5172fe2c99c406acbea1edbb343b8c6de958b8ea

SHA256: 80DB379FC5E30CC107A5C9B5FED46FF89719F330BECDA4B4CB28838D9BDE7498

File Size: 649.45 KB, 649448 bytes

MD5: e78fbe2933776e5dd5ed3c6f5fe77494

SHA1: d978322b428cd0d3823249c5b2afc81ffa825203

SHA256: E6A96C9382226A05103687B270D8857867088533D50FF8C95557FC94F7566453

File Size: 546.02 KB, 546016 bytes

MD5: 5d019fe009a94e4edc05576227fd243e

SHA1: 89128c35168843528b054fbc582eed4c34db557e

SHA256: 8AF8CB7270499FD3FDF588624E455FFEAEB1F7FF2F303CE92103EA3AC53CBCEA

File Size: 56.54 KB, 56544 bytes

MD5: e9e1f0477b1cee66462e8690763603d7

SHA1: a023e2a6d6bf7d3f798f92c66e466f7ee45860fd

SHA256: 99A202A19C602782E5BC05A289D28B7C771F53512B96283231A4E11311B79B52

File Size: 1.04 MB, 1036512 bytes

MD5: 72bffdbd221f571dc204cbddcbf5aa37

SHA1: 065ae68ea18cefb49a05f4759616c4832635cd27

SHA256: CE02EABF0E4932FAFA0BAE2D9113119A72806518FAF4F3BE9AFB0F080AD406F8

File Size: 1.09 MB, 1094376 bytes

MD5: 091723fe610307a74ea97fe6012bd962

SHA1: 778b66dc1b48cbb43751478a44ba7ef8f7643768

SHA256: C362009782C8F8E7A109DFAAF017EFA1D4D65A276E6D938E998377282913A292

File Size: 56.54 KB, 56536 bytes

MD5: 36ee3e1b531d7f5a71ddedf1f7f67bfb

SHA1: 443dac0c883d3f0984bcc7728f92ff076b86e1ef

SHA256: 595FA8F2EB63BDAF8895D32E59D3C8E6C5D7D939C74BBC42AC81B7B7E2B6619A

File Size: 556.26 KB, 556264 bytes

MD5: cf96bc46b38adfa45316a3a4da632f1f

SHA1: 49fcf19478c047cbc90a632424c1c6c5e52dd096

SHA256: 3002645E94866DF930073E106337D472BBE6FE5D43FD8797583D77C644794BE7

File Size: 123.64 KB, 123640 bytes

MD5: 661c3e773193ada19cbfec21a4c467cb

SHA1: 2e8293a28cf72a4e66c330386e1e78d39e02fc8d

SHA256: A72B7DBFEC9F35AC3229F6E64EF5C81C0B7F6C59BA23306F354AA5E5E16C002B

File Size: 583.46 KB, 583464 bytes

MD5: db4f9890e99a2b4f1dd77b155888fba9

SHA1: b54c336ae391e08ed52297aa35125517311550ad

SHA256: 30FDFF33955BEC7553B22249FAE5A77B8EB1FEA44BDE0F2700E57B15396BD006

File Size: 56.54 KB, 56544 bytes

MD5: 9908e0dfcac7d2948f2bc754c14039a7

SHA1: 22032b98e8adc2f3500d383ea763a3d8d448861e

SHA256: 2A18ED70568FCCEC157471D0659351E01CE399F60415900EDBB757797F4AB84A

File Size: 197.36 KB, 197360 bytes

MD5: 2c24c95f14c3a172fc3d64d343d463dd

SHA1: d0d0f2181e57265c16919e001601891ffd188442

SHA256: 7ABCAF06277B7F09869825268907388A5A2E95A11F5E0C3B278336103BDA45EE

File Size: 643.82 KB, 643816 bytes

MD5: fcc1dc081e75cbd763b875a0677ed834

SHA1: 145f0cd095e82386d42d6f27056e2083da372fff

SHA256: 108B3A9FCFD3BA3568DE96A6D77447ED49C9116C18D81138A85C594F85747F71

File Size: 57.02 KB, 57024 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File has exports table
File has TLS information
File is 32-bit executable
File is 64-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)

File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
File Version	2.0.5775.11424 2.0.5723.21024 1.0.6297.30893 1.0.6268.10172 1.0.5968.40313 1.0.5936.20295 1.0.5928.6062 1.0.5923.41937 1.0.5915.18438 1.0.5901.6047 Show More 1.0.5885.4512 1.0.5856.21552 1.0.5849.12444 1.0.5837.17235 1.0.5762.12570 1.0.5761.21895 1.0.5720.8478 1.0.5685.8775 1.0.5674.30377 1.0.5673.14159 1.0.5672.17808 1.0.5592.31750 1.0.5587.22741 1.0.5445.2818 1.0.5444.37001
Product Version	2015.10.24 2015.09.02 1.0.6297.30893 1.0.6268.10172 1.0.5968.40313 1.0.5936.20295 1.0.5928.6062 1.0.5923.41937 1.0.5915.18438 1.0.5901.6047 Show More 1.0.5885.4512 1.0.5856.21552 1.0.5849.12444 1.0.5837.17235 1.0.5762.12570 1.0.5761.21895 1.0.5720.8478 1.0.5685.8775 1.0.5674.30377 1.0.5673.14159 1.0.5672.17808 1.0.5592.31750 1.0.5587.22741 1.0.5445.2818 1.0.5444.37001

Name

Value

File Version

2.0.5775.11424
2.0.5723.21024
1.0.6297.30893
1.0.6268.10172
1.0.5968.40313
1.0.5936.20295
1.0.5928.6062
1.0.5923.41937
1.0.5915.18438
1.0.5901.6047

1.0.5885.4512
1.0.5856.21552
1.0.5849.12444
1.0.5837.17235
1.0.5762.12570
1.0.5761.21895
1.0.5720.8478
1.0.5685.8775
1.0.5674.30377
1.0.5673.14159
1.0.5672.17808
1.0.5592.31750
1.0.5587.22741
1.0.5445.2818
1.0.5444.37001

Product Version

2015.10.24
2015.09.02
1.0.6297.30893
1.0.6268.10172
1.0.5968.40313
1.0.5936.20295
1.0.5928.6062
1.0.5923.41937
1.0.5915.18438
1.0.5901.6047

1.0.5885.4512
1.0.5856.21552
1.0.5849.12444
1.0.5837.17235
1.0.5762.12570
1.0.5761.21895
1.0.5720.8478
1.0.5685.8775
1.0.5674.30377
1.0.5673.14159
1.0.5672.17808
1.0.5592.31750
1.0.5587.22741
1.0.5445.2818
1.0.5444.37001

Digital Signatures

Signer	Root	Status
AppEnable	VeriSign Class 3 Code Signing 2010 CA	Self Signed
Arctic World	VeriSign Class 3 Code Signing 2010 CA	Self Signed
Bar None Deals	VeriSign Class 3 Code Signing 2010 CA	Self Signed
Bizzybolt	VeriSign Class 3 Code Signing 2010 CA	Self Signed
Bolt View	VeriSign Class 3 Code Signing 2010 CA	Self Signed

BrowseStudio	VeriSign Class 3 Code Signing 2010 CA	Self Signed
Buy List	VeriSign Class 3 Code Signing 2010 CA	Self Signed
Cat Dog	VeriSign Class 3 Code Signing 2010 CA	Self Signed
ClearThink	VeriSign Class 3 Code Signing 2010 CA	Self Signed
Digital More	VeriSign Class 3 Code Signing 2010 CA	Self Signed
Filter Results	VeriSign Class 3 Code Signing 2010 CA	Self Signed
Fortunitas	VeriSign Class 3 Code Signing 2010 CA	Self Signed
General Buddy	VeriSign Class 3 Code Signing 2010 CA	Self Signed
Group Showcase	VeriSign Class 3 Code Signing 2010 CA	Self Signed
Jazz Spot	VeriSign Class 3 Code Signing 2010 CA	Self Signed
Magical Find	VeriSign Class 3 Code Signing 2010 CA	Self Signed
Middle Rush	VeriSign Class 3 Code Signing 2010 CA	Self Signed
Perfect Bid	VeriSign Class 3 Code Signing 2010 CA	Self Signed
Pulse Rate	VeriSign Class 3 Code Signing 2010 CA	Self Signed
Razor Web	VeriSign Class 3 Code Signing 2010 CA	Self Signed
Shop Essentials	VeriSign Class 3 Code Signing 2010 CA	Self Signed
Spend City	VeriSign Class 3 Code Signing 2010 CA	Self Signed
SunriseBrowse	VeriSign Class 3 Code Signing 2010 CA	Self Signed
Tech Missions	VeriSign Class 3 Code Signing 2010 CA	Self Signed
browse pulse	VeriSign Class 3 Code Signing 2010 CA	Self Signed
outobox	VeriSign Class 3 Code Signing 2010 CA	Self Signed

Block Information

Total Blocks:	371
Potentially Malicious Blocks:	142
Whitelisted Blocks:	229
Unknown Blocks:	0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 x 0 x 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 x x 0 x x x 0 0 0 0 0 0 0 x 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 x 0 0 x 0 x x 0 x x x 0 0 x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x x x x 2 x x x x x 0 x x 0 x x x x x x x x x x x x x x x x x 0 x x 0 0 x x 0 0 0 0 x x x x 0 x x x x 0 0 x x 0 x x x x x x 0 x 0 x x x x x 0 0 0 0 0 0 0 x x 0 0 0 0 0 x x x 0 0 0 0 0 0 x 0 x x x x x x x x x x x x x x x x 0 0 0 0 0 x 0 x 0 0 0 0 0 x 0 x 1 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 2 0 1 0 0 0 0 0 0 0 0 0 0 0 2 3 1 0 0 0 1 0 2 2 1 0 2

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.WO
Chapak.DA
Farfli.NB
Filecoder.GAA
GandCrab.CC

Kryptik.FGSM
Montiera.A
ShellcodeRunner.FN
SuperWeb.CC
Superweb.C
Superweb.CA
Superweb.CE
Superweb.D
Ursnif.AD
Ursnif.XB

Files Modified

File	Attributes
\device\namedpipe	Generic Read,Write Attributes
\device\namedpipe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\browsestudio\browsestudio.mg.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\get the results hub\temp.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\get the results hub\temp.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ilg	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\magical find\temp.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa489e.tmp\ipconfig.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa489e.tmp\nsisencrypt.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa489e.tmp\system.dll	Generic Write,Read Attributes

c:\users\user\appdata\local\temp\nsa489e.tmp\userinfo.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg5b22.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsg5b22.tmp\inetc.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg5b22.tmp\inetc.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsg5b22.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg5b22.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsga906.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsga906.tmp\inetc.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsga906.tmp\inetc.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsga906.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsga906.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsl5c89.tmp\execdos.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl5c89.tmp\ipconfig.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl5c89.tmp\nsisencrypt.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl5c89.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl5c89.tmp\userinfo.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl5c89.tmp\wmiinspector.dll	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Esigcqaj\AppData\Local\Temp\nsg5B22.tmp\	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Mmrppinj\AppData\Local\Temp\nsgA906.tmp\	RegNtPreCreateKey

Windows API Usage

Category	API
User Data Access	GetComputerName GetUserObjectInformation
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Network Winhttp	WinHttpConnect WinHttpOpen WinHttpOpenRequest WinHttpQueryHeaders WinHttpReceiveResponse WinHttpSendRequest
Network Wininet	HttpOpenRequest HttpQueryInfo HttpSendRequest InternetConnect InternetOpen InternetQueryOption InternetReadFile
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	CreateProcess
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAddAtomEx ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile Show More ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory UNKNOWN win32u.dll!NtGdiAnyLinkedFonts win32u.dll!NtGdiBitBlt win32u.dll!NtGdiCreateBitmap win32u.dll!NtGdiCreateCompatibleBitmap win32u.dll!NtGdiCreateCompatibleDC win32u.dll!NtGdiCreateDIBitmapInternal win32u.dll!NtGdiCreateRectRgn win32u.dll!NtGdiCreateSolidBrush win32u.dll!NtGdiDeleteObjectApp win32u.dll!NtGdiDoPalette win32u.dll!NtGdiDrawStream win32u.dll!NtGdiExtGetObjectW win32u.dll!NtGdiExtTextOutW win32u.dll!NtGdiFontIsLinked win32u.dll!NtGdiGetCharABCWidthsW win32u.dll!NtGdiGetDCDword win32u.dll!NtGdiGetDCObject win32u.dll!NtGdiGetDeviceCaps win32u.dll!NtGdiGetDIBitsInternal win32u.dll!NtGdiGetEntry win32u.dll!NtGdiGetFontData win32u.dll!NtGdiGetGlyphIndicesW win32u.dll!NtGdiGetOutlineTextMetricsInternalW win32u.dll!NtGdiGetRandomRgn win32u.dll!NtGdiGetRealizationInfo win32u.dll!NtGdiGetTextFaceW win32u.dll!NtGdiGetTextMetricsW win32u.dll!NtGdiGetWidthTable win32u.dll!NtGdiHfontCreate win32u.dll!NtGdiIntersectClipRect win32u.dll!NtGdiQueryFontAssocInfo win32u.dll!NtGdiSelectBitmap win32u.dll!NtGdiSetLayout 61 additional items are not displayed above.
Anti Debug	IsDebuggerPresent NtQuerySystemInformation

Shell Command Execution


							BrowseStudio.mg.exe -session 5F4BF7AA-7226-4491-8453-BEAD69050309 -ma  -s is -cid


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\50fdf6042a1ed47112b9dbea1e2a8c5b74ec27ad_0000579816.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\4f17495498440b8c24b49544f2d1bdf2a8af8448_0000577240.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2ba141911fe68e35b41e7747eb1e5617155d4033_0000579296.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d8ee0c261d21dbe7bd737604c927708dbf16149f_0000055520.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d978322b428cd0d3823249c5b2afc81ffa825203_0000546016.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\89128c35168843528b054fbc582eed4c34db557e_0000056544.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\778b66dc1b48cbb43751478a44ba7ef8f7643768_0000056536.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\443dac0c883d3f0984bcc7728f92ff076b86e1ef_0000556264.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b54c336ae391e08ed52297aa35125517311550ad_0000056544.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\145f0cd095e82386d42d6f27056e2083da372fff_0000057024.,LiQMAxHB

SuperWeb

Threat Scorecard

EnigmaSoft Threat Scorecard

SuperWeb – The Adware without Super Powers

SpyHunter Detects & Remove SuperWeb

File System Details

Registry Details

Directories

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Related Posts

Trending

Most Viewed