Adware/CnsMin
Analysis
Adware/CnsMin - 06-06-02
General Info:
This threat is a "PE" executable file
Files:
- Drop files: ".dll" + data
Installation to System:
- Drops the following files:
undefinedWindowsundefined\Downloaded Program Files\CnsMin.dll undefinedWindowsundefined\Downloaded Program Files\Cns02.dat - And creates these registry entries:
HKEY_CLASSES_ROOT\CnsHelper.CH.1 HKEY_CLASSES_ROOT\CnsHelper.CH HKEY_CLASSES_ROOT\CLSID\{B83FC273-3522-4CC6-92EC-75CC86678DA4} HKEY_CLASSES_ROOT\Interface\{DF692509-D9EF-48A0-9CD0-3AA5B81F6F68} HKEY_CLASSES_ROOT\TypeLib\{AAB6BCE3-1DF6-4930-9B14-9CA79DC8C267} HKEY_CURRENT_USER\Software\3721 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main CNSMenu = dword:86397712 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main CNSHint = dword:00000001 HKEY_CURRENT_USER\Software\Microsoft\
More Info:
This adware monitors Internet Explorer search strings and redirects the user to a Chinese search site.
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |