Description
- This signature looks for a payload over HTTP port 80 with a User-Agent of 'AdvinstAnalytics/', which is primarily seen in TakeMyFile, which is an untrusted application that provides file sharing for hosts. Due to the way the application is installed (3rd party, or bundled) and has potentially dangerous undisclosed capabilities. The application reaches out to the domain 'collect.installeranalytics.com' to provide insight into who has downloaded/uninstalled/updated TakeMyFile. It is recommended to uninstall TakeMyFile and utilize a trusted file-sharing application.
Vector
- Port 80 HTTP
User-Agent
- AdvinstAnalytics/
Known False Positive Indicators
- N/A
Affected Host
- Windows/Mac/Linux
Classification
- Malware
- MALWARE TakeMyFile User-Agent
DNS Calls
- collect.installeranalytics.com (Not uncommon for the PUA to have a hardcoded IP and not perform a DNS request)
Comments
0 comments
Please sign in to leave a comment.