home

damnvid__7934_il3995604.exe

DOZ-DEKORUM LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application damnvid__7934_il3995604.exe by DOZ-DEKORUM has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
DOZ-DEKORUM LLC  (signed and verified)

Version:
1.1.5.90

MD5:
bcf35f52230cd3cdc9592c4aa32bf891

SHA-1:
856145fad929ae2e3c37d67da5458bc557115551

SHA-256:
28b86a4339d02dc462017efb6cd5a9b9667b6d467f219454eb938411aa09ebf0

Scanner detections:
21 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/18/2024 9:41:55 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.161218
835

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.10.23

Avira AntiVirus
Adware/Amonetize.BW.3
7.11.180.174

avast!
Win32:Amonetize-FM [PUP]
2014.9-141029

AVG
Generic
2015.0.3313

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.141022

Bitdefender
Gen:Variant.Graftor.161218
1.0.20.1475

Dr.Web
Adware.Downware.8868
9.0.1.0295

Emsisoft Anti-Malware
Gen:Variant.Graftor.161218
8.14.10.22.09

ESET NOD32
Win32/Amonetize.BW (variant)
8.10605

Fortinet FortiGate
Riskware/Amonetize
10/22/2014

F-Prot
W32/A-6c30e7fe
v6.4.7.1.166

F-Secure
Gen:Variant.Graftor.161218
11.2014-22-10_4

G Data
Gen:Variant.Graftor.161218
14.10.24

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.3028

McAfee
Artemis!BCF35F52230C
5600.6969

MicroWorld eScan
Gen:Variant.Graftor.161218
15.0.0.885

NANO AntiVirus
Riskware.Win32.Downware.dhaxhs
0.28.2.62841

Reason Heuristics
PUP.Installer.DOZDEKORUM.X
14.11.1.12

Sophos
Amonetize
4.98

File size:
507.2 KB (519,384 bytes)

Product version:
1.1.5.90

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\damnvid__7934_il3995604.exe

Digital Signature
Signed by:
DOZ-DEKORUM LLC

Authority:
Thawte, Inc.

Valid from:
10/2/2014 8:00:00 AM

Valid to:
10/3/2015 7:59:59 AM

Subject:
CN=DOZ-DEKORUM LLC, O=DOZ-DEKORUM LLC, L=Kyiv, S=Kyiv, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
73707838536CAA87D56478B5309E9717

File PE Metadata
Compilation timestamp:
10/20/2014 10:33:52 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:fLv8CQBjSCEnT2hM29KLO3A6PyYas7G72:fLv/NoM2EH6Krs7B

Entry address:
0x11DE8

Entry point:
E8, 49, 6A, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, 94, 1E, 3A, 00, 00, 75, 18, E8, 5C, 4E, 00, 00, 6A, 1E, E8, A6, 4C, 00, 00, 68, FF, 00, 00, 00, E8, F9, F5, FF, FF, 59, 59, 8B, 45, 08, 85, C0, 75, 01, 40, 50, 6A, 00, FF, 35, 94, 1E, 3A, 00, FF, 15, 14, A1, 39, 00, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 94, 1E, 3A, 00, 00, 75, 18, E8, 12, 4E, 00, 00, 6A, 1E, E8, 5C, 4C, 00, 00, 68, FF, 00, 00, 00, E8, AF, F5, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3...
 
[+]

Entropy:
7.3936

Code size:
161 KB (164,864 bytes)

The file damnvid__7934_il3995604.exe has been seen being distributed by the following URL.

http://www.v4download.com/download.php?title=Metal Slug Defense Hack Tool&id=masterup26

Remove damnvid__7934_il3995604.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.