{52cbc4d0-e5ed-41ad-bd82-512cca4e6a69}

Installer

Amonetize ltd.

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file {52cbc4d0-e5ed-41ad-bd82-512cca4e6a69} by Amonetize ltd has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The file has been seen being downloaded from www.typicaldownload.com. While running, it connects to the Internet address www.soledownload.com on port 80 using the HTTP protocol.
Publisher:
Amonetizé Ltd  (signed by Amonetize ltd.)

Product:
Installer

Version:
1.1.5.86

MD5:
07989b2bf1bac6ccab1ec7bcb1c8125b

SHA-1:
23c91d6bc6e0f1c4d6385ff16beae0894beaa37e

SHA-256:
2d2a8c1b66602a27fc9c78889ee374bbc6886a98b3b8a8667ac9e0b53f9ba320

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Bundles the Conduit Toolbar and/or Conduit Search Protect.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
6/18/2018 8:48:53 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/Amonetize.Y
7.11.109.114

Comodo Security
ApplicUnwnt
17156

Dr.Web
Adware.Downware.1528
9.0.1.0140

ESET NOD32
Win32/Amonetize (variant)
9.8967

Kingsoft AntiVirus
Win32.Troj.Generic.a.(kcloud)
331020.49267

Malwarebytes
PUP.Optional.Amonetize
v2015.05.20.04

Reason Heuristics
PUP.Amonetize.Bundler
15.5.20.12

Sophos
Amonetize
4.94

Trend Micro House Call
TROJ_GEN.F47V1010
7.2.140

VIPRE Antivirus
Conduit
22724

File size:
197 KB (201,760 bytes)

Product version:
2.1.12

Copyright:
(c) Amonetizé Ltd, 2012,2013. All rights reserved.

Original file name:
Installer.exe

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
3/19/2013 12:00:00 AM

Valid to:
6/19/2015 12:59:59 AM

Subject:
CN=Amonetize ltd., O=Amonetize ltd., L=Raanana, S=Alberta, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
235E7B2F1D4E0152189F6381E2BA8C97

File PE Metadata
Compilation timestamp:
10/10/2013 12:36:10 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:TlHWjInCeocC+vZkFUCD7J9ptoru/RDCAFOX37:Tl2jferhvZkFVD3jKuZDZFOXL

Entry address:
0x689A0

Entry point:
60, BE, 00, D0, 43, 00, 8D, BE, 00, 40, FC, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
176 KB (180,224 bytes)

The file {52cbc4d0-e5ed-41ad-bd82-512cca4e6a69} has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.soledownload.com  (54.225.181.84:80)

TCP (HTTP):
Connects to www.activemonetizer.com  (23.23.96.46:80)

 
http://www.activemonetizer.com/index.php?Net2=v2.0.50727&Net4=&OSversion=NT5.1SP3&Slv=&Sysid=B221985664&Sysid1=B221985664&X64=N&admin=Y&browser=IEXPLORE.EXE&chver=&exe=ikjut__21769553&offver=&lang_DfltUser=04

Remove {52cbc4d0-e5ed-41ad-bd82-512cca4e6a69} - Powered by Reason Core Security