home

daftar hashmand.rar torrent__3515_i1342835029_il2124787.exe

Ukra-2006 LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application daftar hashmand.rar torrent__3515_i1342835029_il2124787.exe by Ukra-2006 has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Ukra-2006 LLC  (signed and verified)

Version:
1.1.8.22

MD5:
1dc7d42d07446ab3797601c528d34ba0

SHA-1:
56f8ba7f6ad808d04cfbd142e01a1ff9bb496d0a

SHA-256:
f2300955cd9f1f25a5dffb3b596bfdc8c2f565ac626d3a99a93308e131606994

Scanner detections:
13 / 68

Status:
Adware

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/24/2024 8:51:53 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.09.29

AVG
Generic_r
2015.0.3336

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.14929

Dr.Web
Adware.Downware.8618
9.0.1.0272

ESET NOD32
Win32/Amonetize.BR (variant)
8.10478

K7 AntiVirus
Unwanted-Program
13.183.13504

Malwarebytes
PUP.Optional.Amonetize
v2014.09.29.12

McAfee
Artemis!1DC7D42D0744
5600.6992

NANO AntiVirus
Riskware.Win32.Downware.dfqeij
0.28.2.62286

Panda Antivirus
Trj/Genetic.gen
14.09.29.12

Reason Heuristics
PUP.Installer.Ukra2006.w
14.9.29.12

Sophos
Amonetize
4.98

File size:
384.2 KB (393,424 bytes)

Product version:
1.1.8.22

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\daftar hashmand.rar torrent__3515_i1342835029_il2124787.exe

Digital Signature
Signed by:
Ukra-2006 LLC

Authority:
Thawte, Inc.

Valid from:
7/1/2014 4:30:00 AM

Valid to:
7/2/2015 4:29:59 AM

Subject:
CN=Ukra-2006 LLC, O=Ukra-2006 LLC, L=Kharkiv, S=Harkivska obl, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2B3200D1AF3CAC4253C00F000EF4BAB9

File PE Metadata
Compilation timestamp:
9/17/2014 12:52:23 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:9Z2KRA+AqItby06N9DejUmbKdxjjg8ESkbFGYucgp0D3r6llMAER1v52t:RRASmmZVejUWKLjjg8EBGS2zfER1v52t

Entry address:
0x14CC0

Entry point:
E8, 53, 6A, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, 44, 5E, 3C, 00, 00, 75, 18, E8, D1, 60, 00, 00, 6A, 1E, E8, 1B, 5F, 00, 00, 68, FF, 00, 00, 00, E8, B6, F4, FF, FF, 59, 59, 8B, 45, 08, 85, C0, 75, 01, 40, 50, 6A, 00, FF, 35, 44, 5E, 3C, 00, FF, 15, 58, D1, 3B, 00, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 44, 5E, 3C, 00, 00, 75, 18, E8, 87, 60, 00, 00, 6A, 1E, E8, D1, 5E, 00, 00, 68, FF, 00, 00, 00, E8, 6C, F4, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3...
 
[+]

Entropy:
7.3127

Code size:
174 KB (178,176 bytes)

The file daftar hashmand.rar torrent__3515_i1342835029_il2124787.exe has been seen being distributed by the following 3 URLs.

http://www-squid.cluster11.fb-hosting-apps.com/download.php?version=1.1.8.22&campid=3515&instid[appname]=mobile.de_Downloader&instid[appsetupurl]=http://go.edgydownload.com/getfast/download.cgi?9&ti1=1460000&ti2=0&ti3=DD1_2014-09-27T20:27:03.625713+00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.edgydownload.com/d1/logo150x150.png&prefix=mobile.de&instid[thankyoupage]=http://download.edgydownload.com/.../thank_you.php?ti1=1460000&ti2=0&ti3=DD1_2014-09-27T20:27:03.625713+00:00&parameter=mobile.de&instid[interrupted]=http://download.edgydownload.com/.../interrupted.php?ti1=1460000&ti2=0&ti3=DD1_2014-09-27T20:27:03.625713+00:00&parameter=mobile.de&ti1=1460000&ti2=0&ti3=DD1_2014-09-27T20:27:03.625713 00:00

http://www-squid.cluster11.fb-hosting-apps.com/download.php?version=1.1.8.22&campid=3039&instid[appname]=16 love hd torrent download free_Downloader&instid[appsetupurl]=http://go.somedownload.com/getfast/download.cgi?9&ti1=300000&ti2=37&ti3=2014-09-27T19:54:55.194962 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.somedownload.com/d1/logo150x150.png&prefix=16 love hd torrent download free&instid[thankyoupage]=http://download.somedownload.com/.../thank_you.php?ti1=300000&ti2=37&ti3=2014-09-27T19:54:55.194962 00:00&parameter=16 love hd torrent download free&instid[interrupted]=http://download.somedownload.com/.../interrupted.php?ti1=300000&ti2=37&ti3=2014-09-27T19:54:55.194962 00:00&parameter=16 love hd torrent download free&ti1=300000&ti2=37&ti3=2014-09-27T19:54:55.194962%

http://download.somedownload.com/.../get.php?q=16 love hd torrent download free&ti1=300000&ti2=37&ti3=2014-09-27T19:54:55.194962 00:00

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.