» darksiders ii multilenguaje espanol pc game__3515_i1110893537_il1760579.exe
Overview
Analysis
File Details
Downloads (19)

darksiders ii multilenguaje espanol pc game__3515_i1110893537_il1760579.exe

Ukra-2006 LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application darksiders ii multilenguaje espanol pc game__3515_i1110893537_il1760579.exe by Ukra-2006 has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Publisher:

Ukra-2006 LLC (signed and verified)

Version:

1.1.8.22

MD5:

4f61e97fe9ca44152c5137c845d6bea6

SHA-1:

2c400f7ef794b0f7fc7f903dac5835522ea0047f

SHA-256:

9e474461035b002fda5885b2793220ec0b188cb69dfe93a8a27f2bc53c2559d8

Scanner detections:

24 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/19/2024 6:22:35 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.Amonetize.10

918

AhnLab V3 Security

PUP/Win32.Amonetiz

2014.08.01

Avira AntiVirus

ADWARE/Adware.Gen2

7.11.164.196

avast!

Win32:Rootkit-gen [Rtk]

2014.9-140731

AVG

Ukra

2015.0.3397

Baidu Antivirus

Adware.Win32.Amonetize

4.0.3.14731

Bitdefender

Gen:Variant.Application.Bundler.Amonetize.10

1.0.20.1060

Comodo Security

ApplicUnwnt

19037

ESET NOD32

Win32/Amonetize.BD (variant)

8.10183

Fortinet FortiGate

Riskware/Amonetize

7/31/2014

F-Prot

W32/Amonetize.A.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Application.Bundler

11.2014-31-07_5

G Data

Win32.Application.Amonetize

14.7.24

K7 AntiVirus

Trojan

13.182.12911

Kaspersky

not-a-virus:HEUR:AdWare.Win32.Amonetize

14.0.0.3478

Malwarebytes

PUP.Optional.Amonetize

v2014.07.31.11

McAfee

Artemis!4F61E97FE9CA

5600.7053

MicroWorld eScan

Gen:Variant.Application.Bundler.Amonetize.10

15.0.0.636

NANO AntiVirus

Riskware.Win32.Amonetize.ddabxo

0.28.2.61148

Qihoo 360 Security

Win32/Virus.Adware.932

1.0.0.1015

Reason Heuristics

PUP.Installer.Ukra2006.?

14.8.5.0

Sophos

Amonetize

4.98

Trend Micro House Call

Suspicious_GEN.F47V0730

7.2.212

VIPRE Antivirus

Amonetize

31782

File size:

344.2 KB (352,464 bytes)

Product version:

1.1.8.22

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

TUGUU DomaIQ Setup

Language:

English (United States)

Common path:

C:\users\{user}\downloads\darksiders ii multilenguaje espanol pc game__3515_i1110893537_il1760579.exe

Digital Signature

Signed by:

Ukra-2006 LLC

Authority:

Thawte, Inc.

Valid from:

6/30/2014 7:00:00 PM

Valid to:

7/1/2015 6:59:59 PM

Subject:

CN=Ukra-2006 LLC, O=Ukra-2006 LLC, L=Kharkiv, S=Harkivska obl, C=UA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

2B3200D1AF3CAC4253C00F000EF4BAB9

File PE Metadata

Compilation timestamp:

7/30/2014 4:04:52 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:j+MHGF1y46b+6m09zlGNYBwpv8fheeIgX6e4zXSd0IY67LRqYFsKqwvfaEt:j+MHGF046S6m09zlGNAwp01XizidHYUr

Entry address:

0x29774

Entry point:

E8, BC, 91, 00, 00, E9, 89, FE, FF, FF, CC, CC, 53, 56, 8B, 44, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 14, 8B, 44, 24, 10, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 0C, F7, F1, 8B, D3, EB, 41, 8B, C8, 8B, 5C, 24, 14, 8B, 54, 24, 10, 8B, 44, 24, 0C, D1, E9, D1, DB, D1, EA, D1, D8, 0B, C9, 75, F4, F7, F3, 8B, F0, F7, 64, 24, 18, 8B, C8, 8B, 44, 24, 14, F7, E6, 03, D1, 72, 0E, 3B, 54, 24, 10, 77, 08, 72, 07, 3B, 44, 24, 0C, 76, 01, 4E, 33, D2, 8B, C6, 5E, 5B, C2, 10, 00, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00... 
[+]

Entropy:

6.5049

Code size:

241 KB (246,784 bytes)

The file darksiders ii multilenguaje espanol pc game__3515_i1110893537_il1760579.exe has been seen being distributed by the following 19 URLs.

http://download.bragdownload.com/.../get.php?q={Subway_Surfers_Sao_Paulo_v1.25.0_Mod.apk}&ti1=1475000&ti2=0&ti3=2014-07-30T21:26:33.367561 00:00

http://download.quadownload.com/.../get.php?q=Dan Stefanica: A Primer For The Mathematics Of Financial Engineering, Second Edition&source=500&campaign=2789&ti3=

http://www-squid.cluster10.fb-hosting-apps.com/download.php?version=1.1.8.22&campid=3516&instid[appname]=nirvana in utero rar_Downloader&instid[appsetupurl]=http://go.venturedownload.com/getfast/download.cgi?9&ti1=1405000&ti2=3&ti3=DD1_2014-08-02T17:02:08.341138 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.venturedownload.com/d1/logo150x150.png&prefix=nirvana in utero rar&instid[thankyoupage]=http://download.venturedownload.com/.../thank_you.php?ti1=1405000&ti2=3&ti3=DD1_2014-08-02T17:02:08.341138 00:00&parameter=nirvana in utero rar&instid[interrupted]=http://download.venturedownload.com/.../interrupted.php?ti1=1405000&ti2=3&ti3=DD1_2014-08-02T17:02:08.341138 00:00&parameter=nirvana in utero rar&ti1=1405000&ti2=3&ti3=DD1_2014-08-02T17:02:08.341138 00:00

http://www-squid.cluster10.fb-hosting-apps.com/download.php?version=1.1.8.22&campid=3039&instid[appname]=nirvana in utero rar_Downloader&instid[appsetupurl]=http://go.venturedownload.com/getfast/download.cgi?9&ti1=1405000&ti2=3&ti3=DD1_2014-08-02T17:01:49.031452 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.venturedownload.com/d1/logo150x150.png&prefix=nirvana in utero rar&instid[thankyoupage]=http://download.venturedownload.com/.../thank_you.php?ti1=1405000&ti2=3&ti3=DD1_2014-08-02T17:01:49.031452 00:00&parameter=nirvana in utero rar&instid[interrupted]=http://download.venturedownload.com/.../interrupted.php?ti1=1405000&ti2=3&ti3=DD1_2014-08-02T17:01:49.031452 00:00&parameter=nirvana in utero rar&ti1=1405000&ti2=3&ti3=DD1_2014-08-02T17:01:49.031452 00:00

http://download.trustworthydownload.com/.../get.php?q=Megaman X6 Pc Rar&ti1=1145000&ti2=0&ti3=2014-07-31T06:59:12.015985 00:00

http://www-squid.cluster10.fb-hosting-apps.com/download.php?version=1.1.8.22&campid=3515&instid[appname]=Dara CSGO Fragshow 1.rar_Downloader&instid[appsetupurl]=http://go.bragdownload.com/getfast/download.cgi?9&ti1=1660000&ti2=1&ti3=2014-07-30T12:27:03.711555 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.bragdownload.com/d1/logo150x150.png&prefix=Dara CSGO Fragshow 1.rar&instid[thankyoupage]=http://download.bragdownload.com/.../thank_you.php?ti1=1660000&ti2=1&ti3=2014-07-30T12:27:03.711555 00:00&parameter=Dara CSGO Fragshow 1.rar&instid[interrupted]=http://download.bragdownload.com/.../interrupted.php?ti1=1660000&ti2=1&ti3=2014-07-30T12:27:03.711555 00:00&parameter=Dara CSGO Fragshow 1.rar&ti1=1660000&ti2=1&ti3=2014-07-30T12:27:03.711555 00:00

http://download.bragdownload.com/.../get.php?q=Dara-CSGO-Fragshow-1.rar&ti1=1660000&ti2=1&ti3=2014-07-30T12:27:03.711555 00:00

http://www-squid.cluster10.fb-hosting-apps.com/download.php?version=1.1.8.22&campid=3515&instid[appname]=Animal Jam Rare Item Generator_Downloader&instid[appsetupurl]=http://go.thankdownload.com/getfast/download.cgi?9&ti1=945000&ti2=0&ti3=2014-08-02T22:16:25.087135 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.thankdownload.com/d1/logo150x150.png&prefix=Animal Jam Rare Item Generator&instid[thankyoupage]=http://download.thankdownload.com/.../thank_you.php?ti1=945000&ti2=0&ti3=2014-08-02T22:16:25.087135 00:00&parameter=Animal Jam Rare Item Generator&instid[interrupted]=http://download.thankdownload.com/.../interrupted.php?ti1=945000&ti2=0&ti3=2014-08-02T22:16:25.087135 00:00&parameter=Animal Jam Rare Item Generator&ti1=945000&ti2=0&ti3=2014-08-02T22:16:25.087135 00:00

http://www-squid.cluster10.fb-hosting-apps.com/download.php?version=1.1.8.22&campid=3515&instid[appname]=adventures of lomax pc_Downloader&instid[appsetupurl]=http://go.venturedownload.com/getfast/download.cgi?9&ti1=1405000&ti2=3&ti3=DD1_2014-08-01T20:19:01.490544 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.venturedownload.com/d1/logo150x150.png&prefix=adventures of lomax pc&instid[thankyoupage]=http://download.venturedownload.com/.../thank_you.php?ti1=1405000&ti2=3&ti3=DD1_2014-08-01T20:19:01.490544 00:00&parameter=adventures of lomax pc&instid[interrupted]=http://download.venturedownload.com/.../interrupted.php?ti1=1405000&ti2=3&ti3=DD1_2014-08-01T20:19:01.490544 00:00&parameter=adventures of lomax pc&ti1=1405000&ti2=3&ti3=DD1_2014-08-01T20:19:01.490544 00:00

http://www-squid.cluster10.fb-hosting-apps.com/download.php?version=1.1.8.22&campid=3038&instid[appname]=Boyz 2 Men End of the Road_Downloader&instid[appsetupurl]=http://go.bragdownload.com/getfast/download.cgi?9&ti1=1930000&ti2=0&ti3=2014-07-31T05:14:14.574491 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.bragdownload.com/d1/logo150x150.png&prefix=Boyz 2 Men End of the Road&instid[thankyoupage]=http://download.bragdownload.com/.../thank_you.php?ti1=1930000&ti2=0&ti3=2014-07-31T05:14:14.574491 00:00&parameter=Boyz 2 Men End of the Road&instid[interrupted]=http://download.bragdownload.com/.../interrupted.php?ti1=1930000&ti2=0&ti3=2014-07-31T05:14:14.574491 00:00&parameter=Boyz 2 Men End of the Road&ti1=1930000&ti2=0&ti3=2014-07-31T05:14:14.574491 00:00

http://download.bragdownload.com/.../get.php?q=Boyz 2 Men - End of the Road&ti1=1930000&ti2=0&ti3=2014-07-31T05:14:14.574491 00:00

http://www-squid.cluster10.fb-hosting-apps.com/download.php?version=1.1.8.22&campid=3515&instid[appname]=queen we are the champions karaoke_Downloader&instid[appsetupurl]=http://go.venturedownload.com/getfast/download.cgi?9&ti1=1500000&ti2=1&ti3=DD1_2014-07-31T06:39:47.220501 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.venturedownload.com/d1/logo150x150.png&prefix=queen we are the champions karaoke&instid[thankyoupage]=http://download.venturedownload.com/.../thank_you.php?ti1=1500000&ti2=1&ti3=DD1_2014-07-31T06:39:47.220501 00:00&parameter=queen we are the champions karaoke&instid[interrupted]=http://download.venturedownload.com/.../interrupted.php?ti1=1500000&ti2=1&ti3=DD1_2014-07-31T06:39:47.220501 00:00&parameter=queen we are the champions karaoke&ti1=1500000&ti2=1&ti3

http://www-squid.cluster10.fb-hosting-apps.com/download.php?version=1.1.8.22&campid=2789&instid[appname]=Harrison Horngren financial accounting 4 edition pdf_Downloader&instid[appsetupurl]=http://go.quadownload.com/getfast/download.cgi?9&ti1=500&ti2=2014-07-31T02:44:15 00:00&ti3=&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.quadownload.com/d1/logo150x150.png&prefix=Harrison Horngren financial accounting 4 edition pdf&instid[thankyoupage]=http://download.quadownload.com/.../thank_you.php?ti1=500&ti2=2014-07-31T02:44:15 00:00&ti3=&parameter=Harrison Horngren financial accounting 4 edition pdf&instid[interrupted]=http://download.quadownload.com/.../interrupted.php?ti1=500&ti2=2014-07-31T02:44:15 00:00&ti3=&parameter=Harrison Horngren financial accounting 4 edition pdf&ti1=500&t

http://www-squid.cluster10.fb-hosting-apps.com/download.php?version=1.1.8.22&campid=2789&instid[appname]=Harrison Horngren financial accounting 4 edition pdf_Downloader&instid[appsetupurl]=http://go.quadownload.com/getfast/download.cgi?9&ti1=500&ti2=2014-07-31T02:43:45 00:00&ti3=&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.quadownload.com/d1/logo150x150.png&prefix=Harrison Horngren financial accounting 4 edition pdf&instid[thankyoupage]=http://download.quadownload.com/.../thank_you.php?ti1=500&ti2=2014-07-31T02:43:45 00:00&ti3=&parameter=Harrison Horngren financial accounting 4 edition pdf&instid[interrupted]=http://download.quadownload.com/.../interrupted.php?ti1=500&ti2=2014-07-31T02:43:45 00:00&ti3=&parameter=Harrison Horngren financial accounting 4 edition pdf&ti1=500&t

http://download.quadownload.com/.../get.php?q=Harrison Horngren financial accounting 4 edition pdf&source=500&campaign=2789&ti3=

http://www-squid.cluster10.fb-hosting-apps.com/download.php?version=1.1.8.22&campid=3038&instid[appname]=18 wos haulin mods_Downloader&instid[appsetupurl]=http://go.venturedownload.com/getfast/download.cgi?9&ti1=1405000&ti2=2&ti3=DD1_2014-07-31T19:55:04.100889 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.venturedownload.com/d1/logo150x150.png&prefix=18 wos haulin mods&instid[thankyoupage]=http://download.venturedownload.com/.../thank_you.php?ti1=1405000&ti2=2&ti3=DD1_2014-07-31T19:55:04.100889 00:00&parameter=18 wos haulin mods&instid[interrupted]=http://download.venturedownload.com/.../interrupted.php?ti1=1405000&ti2=2&ti3=DD1_2014-07-31T19:55:04.100889 00:00&parameter=18 wos haulin mods&ti1=1405000&ti2=2&ti3=DD1_2014-07-31T19:55:04.100889 00:00

http://download.quadownload.com/.../get.php?q=J. R. Tony Arnold , Stephen N. Chapman,&source=500&campaign=2789&ti3=

http://download.bragdownload.com/.../get.php?q=Winzip Driver Updater&ti1=1700000&ti2=1&ti3=2014-08-02T10:52:43.284093 00:00

Remove darksiders ii multilenguaje espanol pc game__3515_i1110893537_il1760579.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.