PUA.Webisida

Updated: February 01, 2019 6:11:21 AM
Type: Potentially Unwanted App
Infection Length: Varies
Name: SecureSurf Browser
Version: 5.0.0.27
Publisher: Webisida.com
Risk Impact: Medium
Systems Affected: Windows

Behavior

PUA.Webisida is a potentially unwanted application that may be used for online advertising to generate revenue.

When the application is installed, it creates the following folders:

  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\gmp-clearkey
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\plugins
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\gmp-clearkey\0.1

The application then creates the following files:

  • %AllUsersProfile%\test\AppData\Local\Webisida\SecureSurf.Tester.exe
  • %AllUsersProfile%\test\AppData\Local\Webisida\SecureSurf.Tester.exe.config
  • %AllUsersProfile%\test\AppData\Local\Webisida\Webisida.Browser.exe
  • %AllUsersProfile%\test\AppData\Local\Webisida\Webisida.Browser.exe.config
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\AccessibleMarshal.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\breakpadinjector.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\Capinet.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\D3DCompiler_43.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\d3dcompiler_47.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\freebl3.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\IA2Marshal.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\icudt52.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\icuin52.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\icuuc52.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\libEGL.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\libGLESv2.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\MemIPC.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\mozalloc.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\mozglue.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\msvcp120.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\msvcr120.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\nss3.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\nssckbi.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\nssdbm3.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\omni.ja
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\protobuf-net.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\sandboxbroker.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\SecureSurf.Browser.Client.exe
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\SecureSurf.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\softokn3.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\System.Data.SQLite.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\xul.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\XulFx.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\XulFx.Windows.Forms.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\XulFx.xpi
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\gmp-clearkey\0.1\clearkey.dll
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\gmp-clearkey\0.1\clearkey.info
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\plugins\mms.cfg
  • %AllUsersProfile%\test\AppData\Local\Webisida\gecko\plugins\NPSWF32_29_0_0_113.dll
  • %AllUsersProfile%\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webisida\Webisida Tester.lnk
  • %AllUsersProfile%\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webisida\Webisida Browser.lnk

Next, the application creates the following registry subkeys:

  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000\Software\Webisida.com
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000\Software\Webisida.com\Traffic Exchange Tools

The application then creates the following registry entries:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\%AllUsersProfile%\test\AppData\Local\Webisida\gecko\”” = “”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\%AllUsersProfile%\test\AppData\Local\Webisida\”” = “”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\%AllUsersProfile%\test\AppData\Local\Webisida\gecko\gmp-clearkey\0.1\”” = “”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\%AllUsersProfile%\test\AppData\Local\Webisida\gecko\gmp-clearkey\”” = “”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\%AllUsersProfile%\test\AppData\Local\Webisida\gecko\plugins\”” = “”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\%AllUsersProfile%\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webisida\”” = “”

The application may be used for online advertising to generate revenue.

Leave a Reply

Your email address will not be published. Required fields are marked *