home

multiinstall.com.br

Caio Ferreira Silva

Domain Information

This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Sao Paulo, Sao Paulo within Brazil which resides on the Amazon.com, Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform.
Server location:
Sao Paulo, Brazil (BR)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Whois:
2 multiinstall.com.br records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.UnilogicInformaticaaME.Y, PUP.UnilogicInformaticaaME.X, PUP.UnilogicInformaticaaME.m, PUP.UnilogicInformaticaaME.V, PUP.UnilogicInformaticaaME.DD, PUP.UnilogicInformaticaaME.b, PUP.UnilogicInformaticaaME.BB
100.00%

VIPRE Antivirus
Threat.4150696, Trojan.Win32.Generic, Threat.5062944
100.00%

Kaspersky
not-a-virus:RiskTool.Win32.Agent, Trojan.Win32.Vilsel, not-a-virus:Downloader.Win32.Agent
100.00%

ESET NOD32
Win32/UltraDownloads.B potentially unwanted application, Win32/UltraDownloads.D potentially unwanted application
85.71%

avast!
Win32:Downloader-TQT [PUP]
85.71%

McAfee
PUP-FDZ!F7210CD6E300, PUP-FDZ!7F23EFA1E76A, PUP-FDZ!E8D98C41332A, PUP-FDZ!B46FE3D3AD69, PUP-FDZ!88CB05937629, PUP-FKR
85.71%

Malwarebytes
PUP.Optional.MultiInstall.A, PUP.Optional.UltraDownloads
85.71%

K7 AntiVirus
Unwanted-Program , Riskware
85.71%

NANO AntiVirus
Trojan.Win32.Vilsel.cwgihc, Trojan.Win32.Vilsel.cqinxs, Trojan.Win32.Agent.dbvilt
85.71%

F-Prot
W32/UltraDownload.A2.gen, W32/A-6b0e8642
85.71%

Agnitum Outpost
Trojan.Vilsel, PUA.Downloader
85.71%

Dr.Web
DLOADER.Trojan, Adware.Downware.2222
85.71%

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.42195
85.71%

G Data
Gen:Variant.Adware.Strictor.42195, Win32.Application.MultiInstall
85.71%

Vba32 AntiVirus
Trojan.Vilsel, Downloader.Agent
85.71%

The domain multiinstall.com.br has been seen to resolve to the following 2 IP addresses.

54.207.221.204
ec2-54-207-221-204.sa-east-1.compute.amazonaws.com
September 3, 2014

198.72.112.167
December 23, 2013

File downloads found at URLs served by multiinstall.com.br.

18 / 68    (Adware)
http://multiinstall.com.br/get/?lc=c9da35203d9e4c55d4b5a3f9b87e419c&pid=1157456&cid=Programas&aid=&name=OpenGL Extension Viewer&description=Veja informa??es sobre o OpenGL no seu sistema&date=24/04/2014&version=4.16&image=http://logo.ultradownloads.com.br/8868.png&url=ftp://ftp2.realtech-vr.com/realtechv/.../glview416.exe&bytes=7995392&filename=OpenGL-Extensions-Viewer_416.exe&platform=1&category=6  (opengl-extension-viewer_416.exe)

18 / 68    (Adware)
http://multiinstall.com.br/get?lc=c9da35203d9e4c55d4b5a3f9b87e419c&pid=1157456&cid=Programas&aid=&name=OpenGL Extension Viewer&description=Veja informa??es sobre o OpenGL no seu sistema&date=24/04/2014&version=4.16&image=http://logo.ultradownloads.com.br/8868.png&url=ftp://ftp2.realtech-vr.com/realtechv/.../glview416.exe&bytes=7995392&filename=OpenGL-Extensions-Viewer_416.exe&platform=1&category=6  (opengl-extension-viewer_416.exe)

9 / 68      (Adware)
http://multiinstall.com.br/get?lc=c9da35203d9e4c55d4b5a3f9b87e419c&pid=1040320&cid=Pap?is de Parede&aid=&name=Raposa e Garota de Fogo&description=Papel de parede do tema Diversos Arte Digital&date=22/10/2009&version=1920x1080&image=&url=http://download.ultradownloads.com.br/.../114547_Papel-de-Parede-Raposa-de-Fogo_1920x1080.jpg&bytes=314430&filename=Raposa-de-Fogo-1920x1080.jpg&platform=2&category=57  (raposa-e-garota-de-fogo_1920x1080.exe)

35 / 68    (Adware)
http://multiinstall.com.br/get?lc=c9da35203d9e4c55d4b5a3f9b87e419c&pid=1105258&cid=Programas&aid=&name=GroupMail Free Edition&description=Envie emails personalizados para grupos de pessoas&date=29/05/2012&version=5.3.0.119&image=&url=http://.../gm5f_setup.exe&bytes=12136424&filename=GroupMail-Free-Edition_530119.exe&platform=1&category=1  (cdd312014b54ad46e1a12e613c8b56c3)

29 / 68    (Adware)
http://multiinstall.com.br/get?lc=c9da35203d9e4c55d4b5a3f9b87e419c&pid=928766&cid=Programas&aid=&name=Folha de Pagamento Id?ia&description=Gerenciamento total da folha de pagamento&date=27/10/2009&version=&image=http://logo.ultradownloads.com.br/7566.png&url=http://www.ideiainformatica.com.br/arquivos/.../idepag.exe&bytes=6770286&filename=Folha-de-Pagamento.exe&platform=1&category=4  (folha-de-pagamento-ideia.exe)

29 / 68    (Adware)
http://multiinstall.com.br/get?lc=c9da35203d9e4c55d4b5a3f9b87e419c&pid=1156552&cid=Biblioteca&aid=&name=Emiss?o de Holerites&description=Programa para emiss?o de holerites ou contracheques&date=16/04/2014&version=1.1&image=&url=http://download.ultradownloads.com.br/.../272615-Emissao_de_Holerites-1_1.zip&bytes=346183&filename=Emissao-de-Holerites_11.zip&platform=5&category=101  (emissao-de-holerites_11.exe)

29 / 68    (Adware)
http://multiinstall.com.br/get?lc=c9da35203d9e4c55d4b5a3f9b87e419c&pid=934136&cid=Programas&aid=&name=ENP - Emissor de Nota Promissoria e Recibos&description=Software desenvolvido para emiss?o de nota promiss?ria e recibos&date=04/03/2010&version=1.0&image=&url=http://www.resideweb.com.br/site/.../enp_setup.exe&bytes=1052040&filename=ENP-Emissor-de-Nota-Promissoria-e-Recibos_10.exe&platform=1&category=4  (e8d98c41332a87c6059437b8da347e94)

29 / 68    (Adware)
http://multiinstall.com.br/get?lc=c9da35203d9e4c55d4b5a3f9b87e419c&pid=968742&cid=Programas&aid=&name=Emiss?o de Recibo&description=Emita e gerencie recibos comerciais com a ajuda desta ferramenta&date=09/02/2009&version=1.0.0&image=http://logo.ultradownloads.com.br/97195.jpg&url=http://www.altafin.net/download/.../insEmissaoRecibo.exe&bytes=8402351&filename=Emissao-de-Recibo_100.exe&platform=1&category=4  (b46fe3d3ad6931fe2d7453b2752f560f)

The following 2 files have been seen to comunicate with multiinstall.com.br in live environments.

TCP » 54.207.221.204:80
corte-certo-plus_80221.exe (Instalador by Unilogic Informaticaa ME)

TCP » 54.207.221.204:80
songr_198.exe (Instalador by Unilogic Informaticaa ME)

URL:
http://multiinstall.com.br/

Google Analytics:
UA-39979815

Title:
“MultiInstall”

Description:
“Download monetization platform, unprecedented in Brazil, and non-conflicting with existing media formats.”

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
nginx (PHP/5.5.9-1ubuntu4.3)

installmatic.com

installmatic.net

multinstall.com.br

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.