VirusAdware/Instafinder
Analysis
[Adware/Instafinder]
The details for the Instafinder installer is:
File Name: InstaFinder_inst.exe
File Size: 40,601 bytes
The details for the Instafinder executable(s) are:
File Name: uninstall.exe
File Size: 34,530 bytes
Description of Adware:
Instafind functions primarily as a search redirector for the purpose of displaying Ads. It does however possess characteristics of both a Downloader and a Spyware. That is, it is capable of retrieving and installing other Spyware as well as relaying browsing activities to a third party.
System alteration upon installation:
Executing the Instafinder installer of 34,530 bytes does not produce user-visible output. However the downloader does retrieve files from Instafinder's website and make several changes to the host system.
The following are some of the files that were dropped:
[Windows Directory]\Downloaded Program Files\instafin.dll
[Program Files Directory]\INSTAFIN\uninstallexe
[Program Files Directory]\INSTAFIN\Cache\instafintb0300.cfg
The following are some of the registry entries added:
HKLM\SOFTWARE\Classes\instafin.INSTAFIN
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-DCF7-F96DA086B434}
Adware Behavior:
Upon installing Instafinder the webpage shown in the Visible Symptoms section above will be displayed whenever an invalid URL is typed in the address bar or clicked on a webpage.
Instafinder may also relay search results to the Instafinder network.
Instafinder may also replace other company's advertisements with Instafinder's own.
Telemetry
Detection Availability
| FortiGate | |
|---|---|
| Extended | |
| FortiClient | |
| Extreme | |
| FortiAPS | |
| FortiAPU | |
| FortiMail | |
| Extreme | |
| FortiSandbox | |
| Extreme | |
| FortiWeb | |
| Extreme | |
| Web Application Firewall | |
| Extreme | |
| FortiIsolator | |
| Extreme | |
| FortiDeceptor | |
| Extreme | |
| FortiEDR |