home

download film magic hour bluray english subtitle__6629_i1769210563_il27078.exe

LLC

The application download film magic hour bluray english subtitle__6629_i1769210563_il27078.exe by LLC has been detected as adware by 11 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address server-54-230-37-202.jfk1.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
LLC   (signed and verified)

MD5:
1c9ebc00f53e881069450e0aab1220af

SHA-1:
f5946e6dd91e5b471108b704d8b1286847e2e10e

SHA-256:
049477a7d0ba4a462a7d468d2bc676c7753badb166d0bb39c90df28e57d70935

Scanner detections:
11 / 68

Status:
Adware

Analysis date:
4/20/2024 2:15:27 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Amonetize
2015.12.04

AVG
Generic
2016.0.2906

Baidu Antivirus
PUA.Win32.Amonetize
4.0.3.15124

Dr.Web
Trojan.Amonetize.11548
9.0.1.0338

ESET NOD32
Win32/Amonetize.MJ potentially unwanted (variant)
9.12669

K7 AntiVirus
Unwanted-Program
13.212.18027

Kaspersky
not-a-virus:Downloader.Win32.AdLoad
14.0.0.1023

Malwarebytes
PUP.Optional.Amonetize
v2015.12.04.08

Panda Antivirus
Trj/Genetic.gen
15.12.04.08

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1077

Reason Heuristics
PUP.Amonitize (M)
15.12.4.8

File size:
852.7 KB (873,192 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\download film magic hour bluray english subtitle__6629_i1769210563_il27078.exe

Digital Signature
Signed by:
LLC

Authority:
COMODO CA Limited

Valid from:
9/20/2015 7:00:00 AM

Valid to:
9/20/2016 6:59:59 AM

Subject:
CN="LLC ""BIZNES SOFT SOLYUSHNS""", OU=IT, O="LLC ""BIZNES SOFT SOLYUSHNS""", STREET="Bud. 5 kv. 85, vul.Budarina", L=Kiev, S=Kiev, PostalCode=03179, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C2F1867EA4F0EEBD396155EF8FFEEC8A

File PE Metadata
Compilation timestamp:
12/4/2015 3:13:30 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:+gfW3IfiJ9S1hIs2G3KadogUgU0IUpFvRLw:+41es2ha+bsXvRE

Entry address:
0x4608

Entry point:
E8, 9E, 2E, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 5F, 00, 00, 00, C7, 06, C8, D4, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 5F, 00, 00, 00, C7, 06, C8, D4, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, A0, 00, 00, 00, C7, 06, B0, D4, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 44, 00, 00, 00, C7, 06, B0, D4, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1...
 
[+]

Entropy:
7.6516

Code size:
108 KB (110,592 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-38-220.jfk1.r.cloudfront.net  (54.230.38.220:80)

TCP (HTTP):
Connects to server-54-230-37-202.jfk1.r.cloudfront.net  (54.230.37.202:80)

TCP (HTTP):
Connects to ec2-184-73-225-10.compute-1.amazonaws.com  (184.73.225.10:80)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.