» amisetup0904__16145.exe
Overview
Analysis
File Details
Network (1)

amisetup0904__16145.exe

The application amisetup0904__16145.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. While running, it connects to the Internet address server-54-230-52-187.jfk6.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

MD5:

1420f3c9e94c489f30521f69e3a6a738

SHA-1:

9d9cc05dcafa899b0d4ae857229b7ad794fc7d1f

SHA-256:

9172f66d42fd9b52f4c0015ae1f297c4b40a242eac426ce9ae4abf09192afe34

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 10:00:48 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

PUA.Win32.Amonetize

4.0.3.15128

ESET NOD32

Win32/Amonetize.MS potentially unwanted application

7.0.302.0

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1077

Reason Heuristics

PUP.Amonetize.Bundler.Installer.Meta (M)

15.12.8.19

File size:

655 KB (670,720 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\amisetup0904__16145.exe

File PE Metadata

Compilation timestamp:

12/8/2015 2:24:40 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:4V9qc9A+ncyPVN9K2Dihhb2CWk9p4ekXsoWX47bZTDTc7Cdz:2qcOwrNNFQ/kx5wgz

Entry address:

0x437B

Entry point:

E8, 1A, 15, 00, 00, E9, 7F, FE, FF, FF, E9, EB, 1B, 00, 00, 55, 8B, EC, 8B, 45, 08, C7, 01, 58, B1, 40, 00, 8B, 00, 89, 41, 04, C6, 41, 08, 00, 8B, C1, 5D, C2, 08, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, 83, 66, 04, 00, C7, 06, 58, B1, 40, 00, C6, 46, 08, 00, E8, 12, 00, 00, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 58, B1, 40, 00, E9, 96, 00, 00, 00, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, F1, 3B, F7, 74, 1D, E8, 83, 00, 00, 00, 80, 7F, 08, 00, 74, 0C, FF, 77, 04, 8B, CE, E8, 35, 00, 00, 00, EB, 06, 8B, 47, 04... 
[+]

Entropy:

7.7384 (probably packed)

Code size:

36 KB (36,864 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to server-54-230-52-187.jfk6.r.cloudfront.net (54.230.52.187:80)

Remove amisetup0904__16145.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.