Multi-License Discount Quote

Change Region

English
Threat Database Adware Winter Web

Winter Web

By GoldSparrow in Adware

Threat Scorecard

Popularity Rank: 11,916
Threat Level: 80 % (High)
Infected Computers: 2,122
First Seen: April 13, 2015
Last Seen: September 24, 2025
OS(es) Affected: Windows

Winter Web's name has nothing to do with its real functions. Winter Web is an advertisement-related adware platform that has as its primary objective to display tons of advertisements on the Web pages favored by the computer users. Winter Web may be introduced into a computer bundled with freeware downloaded from the Web. Once installed, Winter Web may make changes to the browser settings and install threatening plugins on the computer. Winter Web may allow the entrance of additional adware, PUPs and more severe threats. The computer user's browsing information may be leaked by Winter Web, and the affected machine may lose speed and present a poor performance. The sooner Winter Web is removed from an affected computer, the better. Winter Web should be deleted with a malware remover.

Analysis Report

General information

Family Name: Trojan.Kryptik.BNA
Signature status: No Signature

Known Samples

MD5: 54ba5ec4f7b8b767f5e94e8df77a02c5
SHA1: a152433eae7f2d04c3accd5188547cff9cd7ab57
SHA256: 2DB96A1D2769C8D2C35E0E9D52F309E2700F6016D613EE4CF7270F2EFB60D1A0
File Size: 3.78 MB, 3777784 bytes
MD5: 16129674b01b7bc5a1281e1e28b5d8e0
SHA1: 51d98b08c5da83c30cb76c1c44ca238955f6476f
SHA256: 80F050C3EE34976F0304CF2E27086DE981A5ECC21748855635D6E079DA0C0304
File Size: 746.50 KB, 746496 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Builder host 14:16:49 28/07/2023
Comments http://www.sminstall.com/
Company Name InstallBuilders
Created 7z SFX Constructor v4.5.0.0 (http://usbtor.ru/viewtopic.php?t=798)
File Description
  • Micrar
  • Smart Install Maker
File Version 5.0.4.10
File Versions 21.41.85.6
Internal Name
  • ChickenPranes
  • Smart Install Maker
Legal Copyright InstallBuilders
Legal Trademarks Shareware
Original Filename sim.exe
Original Filenames Odilemia
Product Name Smart Install Maker
Product Version 5.0.4.10
Product Versions 17.21.14.17

Digital Signatures

Signer Root Status
Smart Smart Self Signed
Smart Smart Self Signed

File Traits

  • HighEntropy
  • x86

Block Information

Total Blocks: 547
Potentially Malicious Blocks: 13
Whitelisted Blocks: 530
Unknown Blocks: 4

Visual Map

0 0 0 0 x x 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 x ? ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 0 0 0 0 0 0 1 0 0 1 1 0 0 0 1 0 0 2 1 0 0 0 2 0 1 2 0 0 0 1 0 0 1 0 1 0 0 0 0 0 0 0 1 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 2 1 1 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 1 0 1 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 1 0 0 1 0 0 2 2 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\roaming\kmsauto\kmsauto net.exe Generic Write,Read Attributes
c:\users\user\appdata\roaming\kmsauto\kmsauto net.exe Synchronize,Write Attributes
c:\users\user\appdata\roaming\kmsauto\megasync.exe Generic Write,Read Attributes
c:\users\user\appdata\roaming\kmsauto\megasync.exe Synchronize,Write Attributes
c:\users\user\appdata\roaming\kmsauto\script.vbs Generic Write,Read Attributes
c:\users\user\appdata\roaming\kmsauto\script.vbs Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\applicationassociationtoasts::vbsfile_.vbs RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\windows\system32\wscript.exe.friendlyappname Microsoft ® Windows Based Script Host RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\windows\system32\wscript.exe.applicationcompany Microsoft Corporation RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation

Trending

Most Viewed

Loading...