home

bundle.exe

The application bundle.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from d4j83swn8t881.cloudfront.net and multiple other hosts.
MD5:
c88db4b19b78a3fee25f8977a258b344

SHA-1:
23f5a21b10d64f73e8fb4701018e993f6b8c6baa

SHA-256:
6b46ff5b5f0c77793108f9e5d51a6b7cdb4294c71eec4e58ca8bedfa35df35b4

Scanner detections:
16 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 11:42:56 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2250453
677

Avira AntiVirus
ADWARE/Amonetize.422400
3.6.1.96

Bitdefender
Trojan.GenericKD.2250453
1.0.20.440

Emsisoft Anti-Malware
Trojan.GenericKD.2250453
8.15.03.29.04

Fortinet FortiGate
Adware/Amonetize
3/29/2015

F-Secure
Trojan.GenericKD.2250453
11.2015-29-03_1

G Data
Trojan.GenericKD.2250453
15.3.25

K7 AntiVirus
Riskware
13.202.15410

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.2272

McAfee
Artemis!C88DB4B19B78
5600.6811

MicroWorld eScan
Trojan.GenericKD.2250453
16.0.0.264

nProtect
Trojan.GenericKD.2250453
15.03.27.01

Panda Antivirus
Generic Suspicious
15.03.29.04

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Trend Micro House Call
Suspicious_GEN.F47V0325
7.2.88

Vba32 AntiVirus
BScope.Trojan.Jorik.IRCbot
3.12.26.3

File size:
412.5 KB (422,400 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\bundle.exe

File PE Metadata
Compilation timestamp:
3/25/2015 2:08:09 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:pkc+sg5pwAwaDME6M5Yy35cRxhti5byp8i:61V56jaDMG5Yy35c/htiVyp

Entry address:
0x24AA0

Entry point:
E8, 0D, CC, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 71, A0, FF, FF, C7, 06, E0, A5, 45, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, E0, A5, 45, 00, E9, B5, A0, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, E0, A5, 45, 00, E8, A2, A0, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 94, 8B, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Entropy:
5.6987

Code size:
342.5 KB (350,720 bytes)

The file bundle.exe has been seen being distributed by the following 8 URLs.

http://d4j83swn8t881.cloudfront.net/cl/inst/bundles/CloudGuard_Amonetize/.../downloadb.exe

http://d4j83swn8t881.cloudfront.net/cl/inst/bundles/Opera_Amonetize_HTML/.../Bundle.exe

http://d1pg43ots40sgg.cloudfront.net/bundle/CloudGuard_Amonetize/.../downloadb.exe

http://d1pg43ots40sgg.cloudfront.net/bundle/Opera_Amonetize_HTML/.../Bundle.exe

http://d3ijsb1ryk5jd8.cloudfront.net/cl/inst/bundles/Opera_Amonetize_HTML/.../Bundle.exe

http://d1nfd67owozfyu.cloudfront.net/cl/inst/bundles/Opera_Amonetize_HTML/.../Bundle.exe

http://dmrm038s4vkzd.cloudfront.net/cl/inst/bundles/Opera_Amonetize_HTML/.../Bundle.exe

http://d1ykyz0mbyn4to.cloudfront.net/cl/inst/bundles/Opera_Amonetize_HTML/.../Bundle.exe

Remove bundle.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.