home

execiwantthis.exe

I Want This

Amazing Apps

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application execiwantthis.exe, “I Want This Installer” by Amazing Apps has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.
Publisher:
215 Apps  (signed by Amazing Apps)

Product:
I Want This

Description:
I Want This Installer

Version:
1.17.149.149

MD5:
77638c3edb33a70d331054dcf8435c82

SHA-1:
3b9c484bc3ecf1722dff1e5f03bdb42a0a47ea64

SHA-256:
8e4058cc08041bd839ba9755925c73a898bd7a8bba6d51ea59f8765b866a4209

Scanner detections:
24 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
4/24/2024 12:55:17 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.539446
371

Agnitum Outpost
PUA.Toolbar.CrossRider
7.1.1

Bitdefender
Adware.Generic.539446
1.0.20.150

Bkav FE
HW32.CDB
1.3.0.4959

Comodo Security
UnclassifiedMalware
18146

Dr.Web
Adware.GamePlayLabs.31
9.0.1.030

Emsisoft Anti-Malware
Adware.Generic.539446
8.16.01.30.10

ESET NOD32
Win32/Toolbar.CrossRider (variant)
10.9704

Fortinet FortiGate
Adware/Fam.NB
1/30/2016

F-Prot
W32/VidSav.A.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.VidSaver.1
11.2016-30-01_7

G Data
Adware.Generic.539446
16.1.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.175.10814

Malwarebytes
Adware.GamePlayLabs
v2016.01.30.10

McAfee
Artemis!A0D40150B3A0
5600.6505

MicroWorld eScan
Adware.Generic.539446
17.0.0.90

Quick Heal
Adware.Crossid (Not a Virus)
1.16.12.00

Reason Heuristics
PUP.50OnRed.AmazingApps.Installer (M)
16.1.30.10

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.16128

Sophos
AppRider
4.98

Trend Micro House Call
TROJ_GEN.R0CBC0OHC13
7.2.30

Trend Micro
TROJ_GEN.R0CBC0OHC13
10.465.30

VIPRE Antivirus
GamePlayLabs
28482

File size:
1.8 MB (1,867,456 bytes)

Copyright:
Copyright 215 Apps

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\installer_for_directx_061202\execiwantthis.exe

Digital Signature
Signed by:
Amazing Apps

Authority:
Thawte, Inc.

Valid from:
4/30/2012 5:00:00 PM

Valid to:
5/1/2013 4:59:59 PM

Subject:
CN=Amazing Apps, O=Amazing Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2E307885017928B61D4F2CEF5EB10A05

File PE Metadata
Compilation timestamp:
1/5/2010 5:09:32 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
49152:jwtGgZP8LZsP19shkJzo1U/Vt0aPOeoCKRF/48L:EALZsP1caEAVt0b/48L

Entry address:
0x4044

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, E8, 97, 52, 00, 00, C7, 04, 24, 01, 80, 00, 00, E8, 43, 4F, 00, 00, 56, C7, 04, 24, 00, 00, 00, 00, E8, A6, 52, 00, 00, A3, 88, 5C, 42, 00, 53, C7, 04, 24, 08, 00, 00, 00, E8, 26, 32, 00, 00, A3, 38, 5D, 42, 00, 8D, 85, 84, FE, FF, FF, 51, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A4, B2, 40, 00, E8, D0, 51, 00, 00, 83, EC, 14, C7, 44, 24, 04, A5, B2, 40, 00, C7, 04, 24, 68, 5D...
 
[+]

Entropy:
7.9925  (probably packed)

Code size:
33 KB (33,792 bytes)

Remove execiwantthis.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.