» dosya kurulum__6279_il76230.exe
Overview
Analysis
File Details
Downloads (5)
Network (2)

dosya kurulum__6279_il76230.exe

Installer

The application dosya kurulum__6279_il76230.exe has been detected as a potentially unwanted program by 76 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.singulardownload.com and multiple other hosts. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

Product:

Installer

Version:

1.1.6.20

MD5:

5fa48b32329ff2f20337d054867f79cd

SHA-1:

6772db9eef0739a160d81332c44f41a2d56bdf43

SHA-256:

f6701225df90a71cd1825c07d24d3485817c33983f579f410e538521cb08c574

Scanner detections:

68 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 12:52:23 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11011167

973

Agnitum Outpost

PUA.Downloader

7.1.1

AhnLab V3 Security

PUP/Win32.Amonetiz

2014.06.04

Avira AntiVirus

ADWARE/Adware.Gen2

7.11.152.222

avast!

Win32:Adware-BJY [PUP]

2014.9-140607

Baidu Antivirus

Adware.Win32.Amonetize

4.0.3.1467

Bitdefender

Trojan.Generic.11011167

1.0.20.790

Comodo Security

ApplicUnwnt

18428

Dr.Web

Adware.Downware.2160

9.0.1.0158

Emsisoft Anti-Malware

Trojan.Generic.11011167

8.14.06.07.10

ESET NOD32

Win32/Amonetize.AJ (variant)

8.9890

Fortinet FortiGate

Riskware/Amonetize

6/7/2014

F-Secure

Trojan.Generic.11011167

11.2014-07-06_7

G Data

Trojan.Generic.11011167

14.6.24

IKARUS anti.virus

AdWare.Amonetize

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.178.12292

Kaspersky

not-a-virus:Downloader.Win32.Agent

14.0.0.3748

Malwarebytes

PUP.Optional.Amonetize

v2014.06.07.10

McAfee

Artemis!5FA48B32329F

5600.7107

MicroWorld eScan

Trojan.Generic.11011167

15.0.0.474

NANO AntiVirus

Trojan.Win32.Agent.cuozeg

0.28.0.60100

nProtect

Trojan.Generic.11011167

14.06.03.01

Panda Antivirus

Trj/CI.A

14.06.07.10

Qihoo 360 Security

Win32/Virus.Downloader.d61

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.6.12.1

Rising Antivirus

PE:Malware.Adware!6.1574

23.00.65.14605

Sophos

Amonetize

4.98

Trend Micro House Call

TROJ_SPNR.08C314

7.2.158

Trend Micro

TROJ_SPNR.08C314

10.465.07

Vba32 AntiVirus

Downloader.Agent.bjqv

3.12.26.0

VIPRE Antivirus

Trojan-Downloader.Win32.Agent

29922

File size:

323 KB (330,752 bytes)

Product version:

2.1.12

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\dosya kurulum__6279_il76230.exe

File PE Metadata

Compilation timestamp:

2/25/2014 12:56:11 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:xZpQqEvNRwHVbk0qqzbVbb3BHF2hspW2ejmRo89l/UZD+pT9vYTHgCrICnXhgpt:xZVEvNRwHFk9qPVbbxHFXjlGD4T9vmg3

Entry address:

0x27004

Entry point:

E8, BC, 95, 00, 00, E9, 89, FE, FF, FF, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00, 00, 00, 8B, D1, 83, E1, 7F, C1, EA, 07, 74, 65, EB, 06, 8D, 9B, 00, 00, 00, 00, 66, 0F, 6F, 06, 66, 0F, 6F, 4E, 10, 66, 0F, 6F, 56, 20, 66, 0F, 6F, 5E, 30, 66, 0F, 7F, 07, 66, 0F, 7F, 4F, 10, 66, 0F, 7F, 57, 20, 66, 0F, 7F, 5F, 30, 66, 0F, 6F, 66, 40, 66, 0F, 6F, 6E, 50, 66, 0F, 6F, 76, 60, 66, 0F, 6F, 7E, 70, 66, 0F, 7F, 67, 40, 66, 0F, 7F, 6F, 50, 66, 0F, 7F, 77, 60, 66, 0F, 7F, 7F, 70, 8D, B6, 80, 00, 00, 00, 8D, BF... 
[+]

Code size:

229 KB (234,496 bytes)

The file dosya kurulum__6279_il76230.exe has been seen being distributed by the following 5 URLs.

http://www.singulardownload.com/download.php?version=1.1.6.20&campid=6578&instid[appname]=http://downlite.net/download/DownLiteSilent2.exe&instid[cmdline]=&instid[appimageurl]=http://downlite.net/.../Logo_150.png&prefix=GTA San Andreas&instid[thankyoupage]=

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=OTQwfDE3MzR8UEx8M3wxfHw|f1083ef8b33baf993d96198897c89bb7

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=NzI0fDE3MzR8QUV8M3wxfHw|f1083ef8b33baf993d96198897c89bb7

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=MTMxMHwxNzM0fENPfDN8MXx8

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

Remove dosya kurulum__6279_il76230.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.