Downware sample #1:’s Malwarebytes Anti-Malware setup file

1. This site is a typical unsafe domain to surf, as the above URL ( contains aggressive customized downloader, malwarebytes-free.exe (MD5, 0812b4c52bcebf39c73969b713661dec), which has been detected as “AdWare.MSIL.Colooader” by Ikarus, according to the below VT report (#1). Meantime, the main site has also been flagged as a malicious one for users to surf. For details, read up the 2nd documentation. might recommend you to install commercial offers like the Babylon Toolbar.

Other names (variants, — most of ’em are all hot keywords/downloads) found or collected are:

  •  From VirusTotal: undefined


  • #1
  • or #2

2. Installation may contain the following PUPs: Youtube Accelerator, Ioffinam, StormVade, Desktop Weather Alerts, Re-Markit and Search Module (hijackare). Extra ad was Mypc backup.

20140729203519 20140729203616 20140729203648 20140729203713 20140729203754 20140729203909 20140729204142

About PUP Hunter

I am experienced in helping avoid foistware attack, and fixing bloatware/ greyware issues, the very proactive way.
This entry was posted in Uncategorized and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s