Avira Virus Lab

‹ Back

PUA/XlsXViewer.ME.4

Summary
  • Name
    PUA/XlsXViewer.ME.4
  • Date discovered
    Jan 19, 2018
  • VDF version
    7.14.43.248 (2018-01-19 11:40)
Description

This class of detection flags, Potentially Unwanted Applications (PUA), may compromise the user's privacy and the security of the local system. These are legitimate applications that often try to use social engineering to make the user install additional offers during the installation of the software the user originally wanted. A PUA application classification is the result of software, an advert, or a website exhibiting one or more offending behaviors and/or properties. A full PUA list is available at http://www.avira.com/en/potentially-unwanted-applications. This detection doesn't mean that the file is malicious. However, if the file was installed on the system without the user's knowledge, the user's privacy or system security might be compromised. Disabling this detection is only recommended for advanced users who understand the risks and how to use these applications.

  • VDF
    7.14.43.248 (2018-01-19 11:40)
  • Network activity
    • http://www.msf*****.com/ncsi.txt
  • Processes
    • %TEMPDIR%\%executed_sample%
  • Files
    The following files are created:
    • %TEMPDIR%\%executed_sample%
    The following copies of itself are created:
    • %TEMPDIR%\%executed_sample%
    The following drivers are loaded:
    • %WINDIR%\Globalization\Sorting\sortdefault.nls
    • %TEMPDIR%\%executed_sample%
    The following files are executed:
    • %WINDIR%\Globalization\Sorting\sortdefault.nls
    • %TEMPDIR%\%executed_sample%
  • Registry
    The following registry entries are added:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "-") ("IntranetName": "-")
    The values of the following registry keys are removed:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "-") ("IntranetName": "-")