MalwareDisasters Team: Litter Korean rogue lurking V. A division of MalwareIntelligence

Another piece of rogue from Korea and belonging to the family of PrivacyKeep, PrivacyCorp and PCScan.

ProtectInfo
protectinfo.co.kr - 114.108.168.8 - DACOM-NET LG DACOM

The IP address also resolves the following domains:
ad-clear.com
privacycop.co.kr
privacykeep.co.kr
protectinfo.co.kr

protectinfo_home.exe (a48e62c64f68a2b32dc601efffa2973d)

update.protectinfo.co.kr/instchk.php

226
[COUNTER]
NUM=6

[CHECK1]
HKEY=HKLM
REGPATH=............
REGNAME=DisplayName
REGVALUE=............

[CHECK2]
HKEY=HKLM
REGPATH=PrivacyCheck
REGNAME=DisplayName
REGVALUE=.......... ....

[CHECK3]
HKEY=HKLM
REGPATH=............
REGNAME=DisplayName
REGVALUE=............

[CHECK4]
HKEY=HKLM
REGPATH=............
REGNAME=DisplayName
REGVALUE=............

[CHECK5]
HKEY=HKLM
REGPATH=..........
REGNAME=DisplayName
REGVALUE=..........

[CHECK6]
HKEY=HKLM
REGPATH=privacykeep
REGNAME=DisplayName
REGVALUE=............

[HISTORYREG]
PATH="............"

protectinfo.co.kr/app_linkage/app_install.php?addr=000C29CA888C&ptn=infocode0067
protectinfo.co.kr/app_linkage/app_setting.php?mac=00-0C-29-CA-88-8C

3d
payed=0
pw_usr=
pw_sup=1470
hp1=
hp2=
hp3=
small=300
big=300

log.adsence.co.kr/logexp.php?aid=protectinfo&pid=infocode0067&kind=inst
file.protectinfo.co.kr/update.php

protectinfo.exe=0.325
pnfoupdater.exe=0.113
pnfohk.dll=0.110
pnfouninst.exe=0.1
pnfowcher.exe=0.116
pnfopopd.dll=0.1

protectinfo.co.kr/app_linkage/app_boot.php?ver=.0.398
protectinfo.co.kr/popup_settle.html?addr=00-0C-29-CA-88-8C
protectinfo.co.kr/settlement/paysys/mobile/Deliver.php
protectinfo.co.kr/settlement/paysys/pbill/Deliver.php
protectinfo.co.kr/settlement/paysys/ars/Deliver.php