Adware.1ClickDownload

By CagedTech in Adware

Threat Scorecard

Popularity Rank:	13,740
Threat Level:	20 % (Normal)
Infected Computers:	1,743

First Seen:	July 24, 2009
Last Seen:	April 12, 2026
OS(es) Affected:	Windows

Table of Contents

Aliases

3 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
Symantec	Downloader.MisleadApp
Microsoft	Trojan:Win32/Drastwor.A
F-Secure	Trojan-Downloader.Win32.Adload.pr

File System Details

Adware.1ClickDownload may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	Dot1XCfg.exe	6e6559f51c68d225bbf994083b37d59f	0
Name: Dot1XCfg.exe MD5: 6e6559f51c68d225bbf994083b37d59f Size: 61.44 KB (61440 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009

Analysis Report

General information

Family Name:	Adware.1ClickDownload
Signature status:	Self Signed

Known Samples

MD5: e18a14e71601cfbf01f12ca267720d37

SHA1: c3468afc2a3aa0502d0d9c067eed718e20eff427

SHA256: 9CC4E7D9E5AD3E4D6A7A0D92904D77DCC6F3FBF0979E3F7E672867C621FB4DC2

File Size: 60.32 KB, 60316 bytes

MD5: e4e03ec172f99726b7fcbf01a1e6aa0a

SHA1: 84a6bd8211e822ab5f9c588ba572215478518b27

SHA256: E0C645664F7378D3E8242666562DF926DCC99CA9C47F49954D3153D0AF9843E6

File Size: 390.62 KB, 390624 bytes

MD5: 2b557ae9cbda1e6ea5fabc3109ea2696

SHA1: cac0563285c80bd44126bdee5eb4d4c1933eeb22

SHA256: 56EBEB94A3A49ABDCBD8F6A546BC0DB6427C3A2EABE79071402106EBF3733430

File Size: 263.49 KB, 263488 bytes

MD5: 46b1618da865bcc20362fa517e633ba6

SHA1: 91d968cd26db5ed9143902bf21eed284995854a0

SHA256: 345E6DBB48555960BC9ED4D8B6981375753F791EE3200F45F75D600C32F7EE5A

File Size: 279.12 KB, 279120 bytes

MD5: b758884eb2acbf556f6b4129ce7c8a90

SHA1: 1845b395eea5bc314c051c553897e0e17e473bcb

SHA256: 738CAAEAFCBF57FEAF8417A900F395ECC28BACC8BD9A24B30AA4EA7FFB66D028

File Size: 277.54 KB, 277544 bytes

MD5: e38382a57ff2ad1f54241f6b8804019b

SHA1: 819f34dfa8341f878bebcd6db670dc563cf7cc68

SHA256: 058A79A9618F1552473798C42A8B099961A56455CB7BA45788FCCC2C8C8F9247

File Size: 318.61 KB, 318608 bytes

MD5: 645ee6cfeb4fd94889ba724f7ab8ec3c

SHA1: 7f58d218f0fc60ee20bbef8900da5b3de0b7f6dd

SHA256: 82F317293F23BE2A591BB25029A027C6ECA04C9B3079792EA499729877D27E85

File Size: 195.03 KB, 195032 bytes

MD5: 9f6e89d5ad4650ac927344830c173e9a

SHA1: 6df0179956aef3d58268399d7d968316ba25f2ab

SHA256: 2BFA5ACA0F0A338D50E2A1763177F1A3CB08CD472DC81E0C04FBBC4575455E7E

File Size: 229.22 KB, 229224 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Digital Signatures

Signer	Root	Status
Downloadnow Ltd	Thawte Code Signing CA - G2	Self Signed
Kanchana Khiandee	Thawte Code Signing CA - G2	Self Signed
Tanja Matkovic	Thawte Code Signing CA - G2	Self Signed
Terra Firma Internet Consulting LTD	Thawte Code Signing CA - G2	Self Signed
Cool Mirage ltd.	UTN-USERFirst-Object	Root Not Trusted

Files Modified

File	Attributes
c:\program files (x86)\1clickdownload\adobe_photoshop_cs5_[ita].torrent.gz	Generic Write,Read Attributes
c:\program files (x86)\1clickdownload\gzip.exe	Generic Write,Read Attributes
c:\program files (x86)\1clickdownload\mainpacklt.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabbd4.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nse47c4.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nse7f5c.tmp\1clogo.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse7f5c.tmp\accept.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse7f5c.tmp\accept1.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse7f5c.tmp\accept2.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse7f5c.tmp\accept3.bmp	Generic Write,Read Attributes

c:\users\user\appdata\local\temp\nse7f5c.tmp\anon.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse7f5c.tmp\decline.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse7f5c.tmp\gc0	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse7f5c.tmp\getcountry	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse7f5c.tmp\inetc3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse7f5c.tmp\nsdialogs.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse7f5c.tmp\nsisdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse7f5c.tmp\save.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse7f5c.tmp\skip.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse7f5c.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsga3bf.tmp\bd.htm	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsga3bf.tmp\gdate	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsga3bf.tmp\inetc3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsga3bf.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgb123.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nslb134.tmp\bd.htm	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslb134.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna95b.tmp\bd.htm	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna95b.tmp\inetc3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna95b.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp52ef.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsqa3ae.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsqbbe5.tmp\avg.htm	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqbbe5.tmp\load_0.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqbbe5.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu530f.tmp\bd.htm	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu530f.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz47f4.tmp\load_0.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz47f4.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~nsu.tmp\au_.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144

Registry Modifications

Key::Value	Data	API Name
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Pakvivyw\AppData\Local\Temp\~nsu.tmp\Au_.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Pakvivyw\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Pakvivyw\AppData\Local\Temp\~nsu.tmp	RegNtPreCreateKey
HKLM\software\classes\appid\{c007dadd-132a-624c-088e-59ee6cf0711f}::id0	%	RegNtPreCreateKey
HKCU\software\1clickdownload::uid	319481074	RegNtPreCreateKey
HKCU\software\1clickdownload::lastinstall0	1 P2	RegNtPreCreateKey
HKCU\software\1clickdownload::lastinstall0	1""!	RegNtPreCreateKey
HKCU\software\1clickdownload::lastinstall0	1"sf	RegNtPreCreateKey
HKCU\software\1clickdownload::lastinstall0		RegNtPreCreateKey
HKLM\software\classes\appid\{c007dadd-132a-624c-088e-59ee6cf0711f}::id0	&	RegNtPreCreateKey
HKCU\software\1clickdownload::lastinstall0	1$#	RegNtPreCreateKey

HKCU\software\1clickdownload::lastinstall0		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey

Windows API Usage

Category	API
Process Shell Execute	CreateProcess
Network Wininet	HttpOpenRequest HttpQueryInfo HttpSendRequest InternetConnect InternetOpen InternetQueryOption InternetReadFile
Network Winsock2	WSAStartup
Network Winsock	closesocket gethostbyname inet_addr socket

Shell Command Execution


							"C:\Users\Pakvivyw\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


							gzip.exe -d -q "Adobe_Photoshop_CS5_[ITA].torrent.gz"

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Adware.1ClickDownload

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

File System Details

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Digital Signatures

Digital Signatures

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Trojan.Injector.KSB

Forestrievic.com

Pencetbnb.xyz

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen