home

bundle.exe

Amonetize ltd.

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application bundle.exe by Amonetize ltd has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Amonetize ltd.  (signed and verified)

MD5:
28f6c311e0024b651cb2a9b115b5e198

SHA-1:
8bcb51a09f9fb8b2695745ae2a319924f66e08d3

SHA-256:
205fc733484c855b4e08f667b7053d1fa011e731788070a51038f2fb4a6e3a45

Scanner detections:
6 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/28/2024 4:34:12 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.1659
9.0.1.0363

ESET NOD32
Win32/Amonetize (variant)
7.9099

Malwarebytes
PUP.Optional.Amonetize.A
v2013.12.29.08

McAfee
Artemis!28F6C311E002
5600.7267

Reason Heuristics
PUP.Amonetizeltd.G
14.8.7.19

VIPRE Antivirus
Amonetize
23764

File size:
70 KB (71,720 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Common path:
C:\Documents and Settings\{user}\Local settings\temporary internet files\content.ie5\{random}\bundle.exe

Digital Signature
Signed by:
Amonetize ltd.

Authority:
Thawte, Inc.

Valid from:
3/19/2013 1:00:00 AM

Valid to:
6/19/2015 1:59:59 AM

Subject:
CN=Amonetize ltd., O=Amonetize ltd., L=Raanana, S=Alberta, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
235E7B2F1D4E0152189F6381E2BA8C97

File PE Metadata
Compilation timestamp:
11/13/2013 10:39:07 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:mUTaN440uH+u7fr6Hpl+Yb/x9MZDbBHbmzG3sY+bi2:nC02rr6JlrJCFbB7myc3H

Entry address:
0x292A0

Entry point:
60, BE, 00, A0, 41, 00, 8D, BE, 00, 70, FE, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
64 KB (65,536 bytes)

The file bundle.exe has been seen being distributed by the following 4 URLs.

http://d3ijsb1ryk5jd8.cloudfront.net/cl/inst/bundles/Electrolyrics/.../Bundle.exe

http://d1pg43ots40sgg.cloudfront.net/bundle/ElectroLyrics/.../Bundle.exe

http://d4j83swn8t881.cloudfront.net/cl/inst/bundles/Electrolyrics/.../Bundle.exe

http://dmrm038s4vkzd.cloudfront.net/cl/inst/bundles/ElectroLyrics/.../Bundle.exe

Remove bundle.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.