home

BIOS.Agent__2309_il98245.exe

ITL-GROUP LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application BIOS.Agent__2309_il98245.exe by ITL-GROUP has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
ITL-GROUP LLC  (signed and verified)

Version:
1.1.5.26

MD5:
3ae8380defa58b4ef4aa9ec749a8a406

SHA-1:
6337201a2dfc062b8c21a78812fa7d92261c0a23

SHA-256:
f1e4d7287b451bdc4c404228153a32f1906d1fc21569e48e08d1cab8806c6d18

Scanner detections:
21 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
5/20/2024 10:43:02 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Strictor.68509
794

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.11.26

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.188.220

AVG
Generic
2015.0.3274

Bitdefender
Gen:Variant.Adware.Strictor.68509
1.0.20.1670

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.68509
8.14.11.30.03

ESET NOD32
Win32/Amonetize.BP (variant)
8.10782

Fortinet FortiGate
Adware/Amonetize
11/30/2014

F-Secure
Gen:Variant.Adware.Strictor.68509
11.2014-02-12_3

G Data
Gen:Variant.Adware.Strictor.68509
14.11.24

K7 AntiVirus
Unwanted-Program
13.185.14134

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.2867

McAfee
Artemis!3AE8380DEFA5
5600.6930

MicroWorld eScan
Gen:Variant.Adware.Strictor.68509
15.0.0.1002

NANO AntiVirus
Riskware.Win32.Amonetize.djdzzo
0.28.6.63726

Panda Antivirus
Trj/CI.A
14.11.30.03

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.ITLGROUP.X
14.11.30.15

Sophos
Generic PUA GD
4.98

Trend Micro House Call
Suspicious_GEN.F47V1125
7.2.334

VIPRE Antivirus
Trojan.Win32.Generic
35136

File size:
409.2 KB (419,048 bytes)

Product version:
1.1.5.26

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\bios.agent__2309_il98245.exe

Digital Signature
Signed by:
ITL-GROUP LLC

Authority:
Thawte, Inc.

Valid from:
10/20/2014 3:00:00 AM

Valid to:
10/21/2015 2:59:59 AM

Subject:
CN=ITL-GROUP LLC, O=ITL-GROUP LLC, L=Selyshche Doslidne, S=Selyshche Doslidne, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
080AA229F6377F023DF6C8F878AC3719

File PE Metadata
Compilation timestamp:
11/25/2014 4:03:16 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:wQUk9ida8KqVY7u7twurMPAGxGjDF1fYCl3mSO4ZwGCuvF6NlAbByK5APCDjF:wQmHb7twurMPF0FZTO4ZwduvQNlAPmCd

Entry address:
0x25974

Entry point:
E8, 2E, AC, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, E0, F9, 44, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 6C, E0, 43, 00, 33, C0, 39, 5D, 28, 53, 53, FF, 75, 18, 0F, 95, C0, FF, 75, 14, 8D, 04, C5, 01, 00, 00, 00, 50, FF, 75, 24, FF, D6, 8B, F8, 89...
 
[+]

Code size:
243.5 KB (249,344 bytes)

The file BIOS.Agent__2309_il98245.exe has been seen being distributed by the following 3 URLs.

http://yourfreedownloadsnow.com/download_direct.php?id=1813&name=Cops_s_21_e_3_p1-1.avi

http://www.later-download.com/download.php?version=1.1.5.26&campid=3687&instid[appname]=Bull Durham Flv Downloader&instid[appsetupurl]=http://fastmediadownloads.com/download/Prompt-Downloader-1809550929.exe&instid[cmdline]=&instid[appimageurl]=http://.../logo.png&prefix=Bull Durham Flv Downloader&instid[interrupted]=http://.../?cancel&ti1=1809550929&instid[thankyoupage]=http://.../?success

http://yourfreedownloadsnow.com/download_direct.php?id=1813&name=Bull_Durham.flv

Remove BIOS.Agent__2309_il98245.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.