1. Symantec/
  2. Security Response/
  3. PUA.SponsorKeyword


June 29, 2015 10:32:10 AM
Potentially Unwanted App
Risk Impact:
Systems Affected:
Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
When the program is executed, it creates the following files:
  • %ProgramFiles%\sponsormatch\sponsormatchagent.exe
  • %ProgramFiles%\sponsormatch\sponsormatch.exe
  • %ProgramFiles%\sponsormatch\sponsormatch_uninstall.exe

Next, it creates the following registry entries so that it executes whenever Windows starts:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"sponsormatch" = "%ProgramFiles%sponsormatch\sponsormatchagent.exe"
  • HKEY_CURRENT_USER\Software\sponsormatch\"run" = "[DATE OF EXECUTION]"

It also creates the following registry entries:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BC92C53E-A5C1-4D33-995C-AB7BB869E0E6}\"Version" = "*"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BC92C53E-A5C1-4D33-995C-AB7BB869E0E6}\"Flags" = "[HEXADECIMAL VALUE]"

The program then creates the following registry subkey:

Next, the program creates the following mutex:

It then retrieves certain system information, including:
  • IE version
  • OS version

The program may download an updated version of itself from the following location:

It retrieves search engine information from the following location:

The program may then display advertisements on the computer by using certain keyword matches.
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube