» clash of kings prestige tool v downloader__3687_i1479609411_il1214290.exe
Overview
Analysis
File Details

clash of kings prestige tool v downloader__3687_i1479609411_il1214290.exe

Install Path Ltd

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application clash of kings prestige tool v downloader__3687_i1479609411_il1214290.exe by Install Path has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Publisher:

Install Path Ltd (signed and verified)

Version:

1.1.5.26

MD5:

41b06eed9ead22dff09353f8b1ea6255

SHA-1:

6a704b798a92e1bb1746a5bc3d77b290fb5b60a5

SHA-256:

b610015573b330c886e3012ed8e7d501ebe0847ec8b5801118870ef8b44241cb

Scanner detections:

23 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/26/2024 1:17:26 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Jatif.103

678

AhnLab V3 Security

PUP/Win32.Amonetiz

2015.03.14

Avira AntiVirus

ADWARE/Adware.Gen2

7.11.216.254

avast!

Win32:Dropper-gen [Drp]

2014.9-150328

AVG

Amonetize

2016.0.3156

Baidu Antivirus

PUA.Win32.Amonetize

4.0.3.15328

Bitdefender

Gen:Variant.Application.Jatif.103

1.0.20.435

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.Amonetize.DAE

21396

Dr.Web

Trojan.Amonetize.1325

9.0.1.087

ESET NOD32

Win32/Amonetize.DU potentially unwanted (variant)

9.11315

Fortinet FortiGate

Riskware/Amonetize

3/28/2015

F-Secure

Gen:Variant.Application.Jatif

11.2015-28-03_7

G Data

Gen:Variant.Application.Jatif.103

15.3.25

K7 AntiVirus

Trojan

13.200.15256

Malwarebytes

PUP.Optional.Amonetize

v2015.03.28.10

McAfee

Artemis!41B06EED9EAD

5600.6812

MicroWorld eScan

Gen:Variant.Application.Jatif.103

16.0.0.261

NANO AntiVirus

Riskware.Win32.Amonetize.dowwxh

0.30.0.296

Panda Antivirus

PUP/MultiToolbar.A

15.03.28.10

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Bundler.Amonetize

15.3.28.22

Sophos

Amonetize

4.98

File size:

629.1 KB (644,168 bytes)

Product version:

1.1.5.26

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Amonetize Downloader

Language:

English (United States)

Digital Signature

Signed by:

Install Path Ltd

Authority:

thawte, Inc.

Valid from:

1/20/2015 8:00:00 AM

Valid to:

1/21/2016 7:59:59 AM

Subject:

CN=Install Path Ltd, O=Install Path Ltd, L=Ramat Gan, S=Israel, C=IL

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

0F41500997F5154087C4C8A76EF53F6C

File PE Metadata

Compilation timestamp:

3/13/2015 5:00:29 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:LLGVpXEikVlJEWB1lL8LRWvXr1QSHl/WsRk5IKsC7V7+m4OFf:HGzX1JWB1yRWfZl/Wkk5IxaIZO9

Entry address:

0x2F71B

Entry point:

E8, 44, F6, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 4D, 08, EB, 07, 49, 80, 38, 00, 74, 06, 40, 85, C9, 75, F5, 49, 8B, 45, 08, 2B, C1, 48, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, C0, 2A, 47, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 6C, 90, 45, 00, 33, C0... 
[+]

Entropy:

6.9260

Code size:

349.5 KB (357,888 bytes)

Remove clash of kings prestige tool v downloader__3687_i1479609411_il1214290.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.