home

amonetizecheckv3.exe

The application amonetizecheckv3.exe has been detected as a potentially unwanted program by 30 anti-malware scanners. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from d3d6wi7c7pa6m0.cloudfront.net.
MD5:
a1cefb4afd0344054c304c34f5b8ed6c

SHA-1:
3c41ab43c8eb2648e38fe79f75d67f6fbee97f9d

SHA-256:
49e0a6acbdbdb071262063a90dfe4db92bca2b5f217249ac7704fa82b2c634ee

Scanner detections:
30 / 68

Status:
Potentially unwanted

Analysis date:
4/23/2024 6:55:59 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.9244014
857

Agnitum Outpost
PUA.Downloader
7.1.1

Avira AntiVirus
TR/Dropper.A.3791
7.11.115.42

avast!
Win32:WhiteSmoke-A [PUP]
2014.9-131125

AVG
Dropper.Generic8
2014.0.3644

Baidu Antivirus
Trojan.Win32.Agent
4.0.3.131125

Bitdefender
Trojan.Generic.9951306
1.0.20.1645

Comodo Security
UnclassifiedMalware
17893

Dr.Web
Adware.Downware.1292
9.0.1.0207

Emsisoft Anti-Malware
Trojan.Generic.9951306
8.13.11.25.01

ESET NOD32
Win32/Amonetize (variant)
7.9085

Fortinet FortiGate
W32/Amonetize.H
11/25/2013

F-Secure
Trojan.Generic.9951306
11.2013-25-11_2

G Data
Trojan.Generic.9951306
13.11.22

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.2.2.29

K7 AntiVirus
Trojan
13.176.11351

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.3170

McAfee
RDN/Generic.bfr!ey
5600.7270

MicroWorld eScan
Trojan.Generic.9951306
14.0.0.987

NANO AntiVirus
Trojan.Win32.Downware.buwuxz
0.28.0.58101

nProtect
Trojan.Generic.9244014
14.03.05.01

Panda Antivirus
Suspicious file
13.11.25.01

Qihoo 360 Security
Win32/Trojan.b83
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.10.1.0

Rising Antivirus
PE:Trojan.Win32.Generic.152378BC!354646204
23.00.65.14929

Sophos
Generic PUA PJ
4.98

Trend Micro House Call
TROJ_GEN.R0C1H0AHS13
7.2.329

Trend Micro
TROJ_GEN.R0CBC0PAP14
10.465.01

Vba32 AntiVirus
Downloader.Agent
3.12.24.3

VIPRE Antivirus
Amonetize
23634

File size:
165.5 KB (169,472 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\amonetizecheckv3.exe

File PE Metadata
Compilation timestamp:
7/11/2013 6:39:00 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:ZWKVuLJHN6/6Ws/z04vs6KGa9y2KrZX5LuCgzSEhyR9goe3hungBb6:ZWcM6SWyv9KnyJz6CgzS8Omvoqe

Entry address:
0x17C1

Entry point:
E8, 82, 03, 00, 00, E9, 9F, FD, FF, FF, 3B, 0D, 10, 30, 40, 00, 75, 02, F3, C3, E9, 04, 04, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 8B, 00, 81, 38, 63, 73, 6D, E0, 75, 2A, 83, 78, 10, 03, 75, 24, 8B, 40, 14, 3D, 20, 05, 93, 19, 74, 15, 3D, 21, 05, 93, 19, 74, 0E, 3D, 22, 05, 93, 19, 74, 07, 3D, 00, 40, 99, 01, 75, 05, E8, CE, 04, 00, 00, 33, C0, 5D, C2, 04, 00, 68, DA, 17, 40, 00, FF, 15, 44, 20, 40, 00, 33, C0, C3, FF, 25, F8, 20, 40, 00, 6A, 14, 68, 60, 22, 40, 00, E8, 60, 02, 00, 00, FF, 35, 90, 33, 40...
 
[+]

Entropy:
7.7251  (probably packed)

Code size:
3.5 KB (3,584 bytes)

The file amonetizecheckv3.exe has been seen being distributed by the following URL.

http://d3d6wi7c7pa6m0.cloudfront.net/bundles/.../AmonetizeCheckV3.exe

Remove amonetizecheckv3.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.