» amonetizecheckv2.exe
Overview
Analysis
File Details
Downloads (1)

amonetizecheckv2.exe

The application amonetizecheckv2.exe has been detected as a potentially unwanted program by 30 anti-malware scanners. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from d3d6wi7c7pa6m0.cloudfront.net.

File name:

MD5:

b3ed2465833ee27c8de2399c654e05d1

SHA-1:

f917ca19587e168509e22eec1de3956c088b5cfe

Scanner detections:

30 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 5:42:32 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.9244014

1061

Agnitum Outpost

PUA.Downloader

7.1.1

Avira AntiVirus

APPL/WhiteSmoke.N

7.11.135.34

avast!

Win32:WhiteSmoke-A [PUP]

2014.9-140310

AVG

Dropper.Generic8

2015.0.3539

Baidu Antivirus

HackTool.Win32.Downloader

4.0.3.14310

Bitdefender

Trojan.Generic.9244014

1.0.20.345

Comodo Security

UnclassifiedMalware

17893

Dr.Web

Adware.Downware.1457

9.0.1.069

Emsisoft Anti-Malware

Trojan.Generic.9244014

8.14.03.10.04

ESET NOD32

Win32/Amonetize (variant)

8.9507

Fortinet FortiGate

Riskware/Agent

3/10/2014

F-Secure

Trojan.Generic.9244014

11.2014-10-03_2

G Data

Trojan.Generic.9244014

14.3.24

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.2.2.29

K7 AntiVirus

Trojan

13.176.11351

Kaspersky

not-a-virus:Downloader.Win32.Agent

14.0.0.4192

McAfee

RDN/Generic.bfr!ef

5600.7195

MicroWorld eScan

Trojan.Generic.9244014

15.0.0.207

NANO AntiVirus

Trojan.Win32.Downware.buwuxz

0.28.0.58101

nProtect

Trojan.Generic.9244014

14.03.05.01

Panda Antivirus

Trj/CI.A

14.03.10.04

Qihoo 360 Security

Win32/Trojan.b83

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.10.1.0

Rising Antivirus

PE:Trojan.Win32.Generic.152378BC!354646204

23.00.65.14308

Sophos

Generic PUA PJ

4.98

Trend Micro House Call

TROJ_GEN.R0CBC0PAP14

7.2.69

Trend Micro

TROJ_GEN.R0CBC0PAP14

10.465.10

Vba32 AntiVirus

Downloader.Agent

3.12.24.3

VIPRE Antivirus

Amonetize

27128

File size:

165 KB (168,960 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Documents and Settings\{user}\Local settings\temporary internet files\content.ie5\{random}\amonetizecheckv2.exe

File PE Metadata

Compilation timestamp:

6/20/2013 6:46:48 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:yyCWhrSApLxglTgsgiwTx2Fc/EJaeTRZgnneQPNEqfbGgZ+DS9Um:leolgZ55bq/neTR6neyDh+DSV

Entry address:

0x17C1

Entry point:

E8, 82, 03, 00, 00, E9, 9F, FD, FF, FF, 3B, 0D, 10, 30, 40, 00, 75, 02, F3, C3, E9, 04, 04, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 8B, 00, 81, 38, 63, 73, 6D, E0, 75, 2A, 83, 78, 10, 03, 75, 24, 8B, 40, 14, 3D, 20, 05, 93, 19, 74, 15, 3D, 21, 05, 93, 19, 74, 0E, 3D, 22, 05, 93, 19, 74, 07, 3D, 00, 40, 99, 01, 75, 05, E8, CE, 04, 00, 00, 33, C0, 5D, C2, 04, 00, 68, DA, 17, 40, 00, FF, 15, 44, 20, 40, 00, 33, C0, C3, FF, 25, F8, 20, 40, 00, 6A, 14, 68, 60, 22, 40, 00, E8, 60, 02, 00, 00, FF, 35, 90, 33, 40... 
[+]

Entropy:

7.7115 (probably packed)

Code size:

3.5 KB (3,584 bytes)

The file amonetizecheckv2.exe has been seen being distributed by the following URL.

http://d3d6wi7c7pa6m0.cloudfront.net/bundles/.../AmonetizeCheckV2.exe

Remove amonetizecheckv2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.