home

alice madness returns content pc_10924_i20525299_il345.exe

Ukra-2006 LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application alice madness returns content pc_10924_i20525299_il345.exe by Ukra-2006 has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Ukra-2006 LLC  (signed and verified)

MD5:
7ee96de28f9dc3f1c262190d2ee5be21

SHA-1:
8a0525d5ae9d3b395d8690ae077b3b2db51f3074

SHA-256:
4e5264d9f78c843a833762fb260582e97c8c78ec0de3bb89571f2a46997e5039

Scanner detections:
17 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/16/2024 5:17:13 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/Amonetize.kpa
7.11.214.38

avast!
PUP-gen [PUP]
150303-0

AVG
Ukra
2016.0.3179

Baidu Antivirus
PUA.Win32.Amonetize
4.0.3.1536

Clam AntiVirus
Win.Adware.Amonetize-511
0.98/20153

Comodo Security
Application.Win32.LoadMoney.IARS
21309

Dr.Web
Trojan.Amonetize.12
9.0.1.05190

ESET NOD32
Win32/Amonetize.DH potentially unwanted application
7.0.302.0

K7 AntiVirus
Unwanted-Program
13.200.15178

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
15.0.0.543

Malwarebytes
PUP.Optional.Ammonetize
v2015.03.06.03

NANO AntiVirus
Trojan.Nsis.Amonetize.dnxabb
0.30.0.296

Panda Antivirus
Generic Suspicious
15.03.06.03

Reason Heuristics
PUP.Bundler.Amonetize
15.3.6.2

Sophos
PUA 'Amonetize'
5.11

VIPRE Antivirus
Threat.4657539
37788

File size:
285.3 KB (292,120 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\alice madness returns content pc_10924_i20525299_il345.exe

Digital Signature
Signed by:
Ukra-2006 LLC

Authority:
Thawte, Inc.

Valid from:
6/30/2014 7:00:00 PM

Valid to:
7/1/2015 6:59:59 PM

Subject:
CN=Ukra-2006 LLC, O=Ukra-2006 LLC, L=Kharkiv, S=Harkivska obl, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2B3200D1AF3CAC4253C00F000EF4BAB9

File PE Metadata
Compilation timestamp:
10/6/2014 11:40:26 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:2GC7W7BU5DMqKGqcUz9PbWWxVuS9g79amqga5L+QluFhryYuL:8a7ggqKGqP9DWWfg79H++iqhryYu

Entry address:
0x322E

Entry point:
81, EC, D8, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 81, 40, 00, 55, FF, 15, AC, 82, 40, 00, 6A, 09, A3, 78, 4F, 43, 00, E8, FD, 2E, 00, 00, A3, C4, 4E, 43, 00, 55, 8D, 44, 24, 38, 68, B4, 02, 00, 00, 50, 55, 68, D8, B1, 42, 00, FF, 15, 7C, 81, 40, 00, 68, C0, A2, 40, 00, 68, C0, 3E, 43, 00, E8, 68, 2B, 00, 00, FF, 15, 38, 81, 40, 00, BB, 00, F0, 43, 00, 50, 53, E8, 56, 2B, 00, 00...
 
[+]

Entropy:
7.9161

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file alice madness returns content pc_10924_i20525299_il345.exe has been seen being distributed by the following URL.

http://downprov.dyna2download.com/p/.../alice madness returns content pc_10924_i20525299_il345.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.