- This signature looks for a payload over HTTP port 80 with a User-Agent of 'AdvinstAnalytics/', which is primarily seen in TakeMyFile, which is an untrusted application that provides file sharing for hosts. Due to the way the application is installed (3rd party, or bundled) and has potentially dangerous undisclosed capabilities. The application reaches out to the domain 'collect.installeranalytics.com' to provide insight into who has downloaded/uninstalled/updated TakeMyFile. It is recommended to uninstall TakeMyFile and utilize a trusted file-sharing application.
- Port 80 HTTP
Known False Positive Indicators
- MALWARE TakeMyFile User-Agent
- collect.installeranalytics.com (Not uncommon for the PUA to have a hardcoded IP and not perform a DNS request)