Trojan vs Adware

[analeen]

I am confused when it comes to Trojan as it also can also be considered as Adware as the sample which I have attached its report.
Is there any clear difference between them ? I can see that even the lead vendors don't have a clear line between them such as Symantec , Microsoft and ClamAV.

 

[JHomes]

Adware: "Software that automatically displays or downloads advertising material (often unwanted) when a user is online."

Trojan: "Trojan horse, or Trojan, is any malicious computer program which is used to hack into a computer by misleading users of its true intent."

Adware could be considered a Trojan, but not all Trojans are Adware.

 

[LabZero]

Have you analyzed the sample on the online analysis service?
If yes, you should fill in the relevant field to be able to interpret the report. However, it is possible that a trojan drops an adware. Indeed, the trojan name is derived from the Trojan horse of ancient Greece that contained the soldiers, hidden by the deception.

 

[analeen]

Have you analyzed the sample on the online analysis service?

Sorry that I didn't include it at the beginning, this is the analysis link on malwr.com
https://malwr.com/analysis/Mzk4MjI0ZmU0ZDcwNDBmNWFlZDcyZjg5MmE5NWI0ODQ/

Although the actions that have been carried out looks malicious when reading the analysis report, other vendors such as CalmAV suggested that it is an adware and some of them describe it as follows: GameVance offers "free" games from its website in exchange for the display of targeted pop-up and pop-under advertising based on information about users' online behavior!

 

[LabZero]

From the analysis it seems to be an adware that drops a fake uninstaller file called uninstaller.exe.
The sample steals information from the user folder of the browser and actually create a modified copy of itself by changing the real functions of the adware.
This indicates why some AV flag it as a trojan.
It performs many HTTP requests, which are typical of adware but between these it could be a server to collect user data.

 

[shmu26]

don't rely on the classifications you see on virus total. they are prone to error.

 

[analeen]

From the analysis it seems to be an adware that drops a fake uninstaller file called uninstaller.exe.
The sample steals information from the user folder of the browser and actually create a modified copy of itself by changing the real functions of the adware.
This indicates why some AV flag it as a trojan.
It performs many HTTP requests, which are typical of adware but between these it could be a server to collect user data.

Actually when I analysed the sample on my machine using cuckoo it starts server listening on port 0 , which I think means any available port. But how did yo know that the fake binary is uninstaller ?

 

[LabZero]

Actually when I analysed the sample on my machine using cuckoo it starts listening on port 0 , which I think means any available port. But how did yo know that the fake binary is uninstaller ?

From Malwr report:

Creates a slightly modified copy of itself:

"process: None
signs: [{u'type': u'dropped file', u'value': {u'yara': [], u'sha1': u'04fcd95766d5edae7942a8746126bf47a8ab6aa0', u'name': u'Uninstaller.exe', u'sha512': u'aa67c8c9860ce57970f182a6fe9a519c4003df54ffb1e56b30484b546ae4c94ed2bf7f8b4a54f6dbc2ffa7d1772a0286aa1c8d7d3a1c2e872aef59a92b5a771e', u'crc32': u'B8427AD1', u'path': u'/home/cuckoo/cuckoo/run/storage/analyses/34665/files/6278605923/Uninstaller.exe', u'ssdeep': u'6144:GckN44ogm5Iibc/POOOOtOOOOOOOOOOOOOOOOOOOO+OOOOOOOOOOOOOOOOOOOOmN:Gm54nOOOOtOOOOOOOOOOOOOOOOOOOO+s', u'sha256': u'f29b7324e6c1a7a282ff1084eee8bc9e47cac18e1ce826bc157734789f2f6f24', u'type': u'PE32 executable (GUI) Intel 80386, for MS Windows', u'md5': u'd9e57b47f2334f118eaafcb19ce7a799', u'size': 280576}}]"

 

[analeen]

From Malwr report:

Creates a slightly modified copy of itself:

"process: None
signs: [{u'type': u'dropped file', u'value': {u'yara': [], u'sha1': u'04fcd95766d5edae7942a8746126bf47a8ab6aa0', u'name': u'Uninstaller.exe', u'sha512': u'aa67c8c9860ce57970f182a6fe9a519c4003df54ffb1e56b30484b546ae4c94ed2bf7f8b4a54f6dbc2ffa7d1772a0286aa1c8d7d3a1c2e872aef59a92b5a771e', u'crc32': u'B8427AD1', u'path': u'/home/cuckoo/cuckoo/run/storage/analyses/34665/files/6278605923/Uninstaller.exe', u'ssdeep': u'6144:GckN44ogm5Iibc/POOOOtOOOOOOOOOOOOOOOOOOOO+OOOOOOOOOOOOOOOOOOOOmN:Gm54nOOOOtOOOOOOOOOOOOOOOOOOOO+s', u'sha256': u'f29b7324e6c1a7a282ff1084eee8bc9e47cac18e1ce826bc157734789f2f6f24', u'type': u'PE32 executable (GUI) Intel 80386, for MS Windows', u'md5': u'd9e57b47f2334f118eaafcb19ce7a799', u'size': 280576}}]"

Cannot thank you enough, really appreciate your help.