home

bundle.exe

Amonetize ltd.

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application bundle.exe by Amonetize ltd has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Amonetize ltd.  (signed and verified)

MD5:
be22a39c982281e565a224707cba78e5

SHA-1:
b9b6bcf9ec63bc28e2984298ebb5cda9013f2ee0

SHA-256:
238861748ee19d16a96b0bdabea8fa9b70a03454b79accf22004d5d95195bfe1

Scanner detections:
7 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/28/2024 5:15:11 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.1659
9.0.1.0358

ESET NOD32
Win32/Amonetize (variant)
7.9190

Malwarebytes
PUP.Optional.Amonetize.A
v2013.12.24.04

McAfee
Artemis!BE22A39C9822
5600.7271

Reason Heuristics
PUP.Amonetizeltd.G
14.8.7.19

Trend Micro House Call
TROJ_GEN.F47V1213
7.2.358

VIPRE Antivirus
Amonetize
24690

File size:
70.5 KB (72,232 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\bundle.exe

Digital Signature
Signed by:
Amonetize ltd.

Authority:
Thawte, Inc.

Valid from:
3/19/2013 1:00:00 AM

Valid to:
6/19/2015 1:59:59 AM

Subject:
CN=Amonetize ltd., O=Amonetize ltd., L=Raanana, S=Alberta, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
235E7B2F1D4E0152189F6381E2BA8C97

File PE Metadata
Compilation timestamp:
12/12/2013 10:39:07 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:xf+J/2I8My7rDTBkMW00qZpwVkK2a9x0J0lio:sJGMIPqM25/y03

Entry address:
0x29480

Entry point:
60, BE, 00, A0, 41, 00, 8D, BE, 00, 70, FE, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
64 KB (65,536 bytes)

The file bundle.exe has been seen being distributed by the following 4 URLs.

http://d4j83swn8t881.cloudfront.net/cl/inst/bundles/MoboGenie_Amonetize/.../Bundle.exe

http://d1pg43ots40sgg.cloudfront.net/bundle/MoboGenie_Amonetize/.../Bundle.exe

http://d3ijsb1ryk5jd8.cloudfront.net/cl/inst/bundles/MoboGenie_Amonetize/.../Bundle.exe

http://dmrm038s4vkzd.cloudfront.net/cl/inst/bundles/MoboGenie_Amonetize/.../Bundle.exe

Remove bundle.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.