home

f_0006c9

AMGRUP LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file f_0006c9 by AMGRUP has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
AMGRUP LLC  (signed and verified)

Version:
1.1.5.26

MD5:
4680fd1548837c1cb91c677165c29ebc

SHA-1:
848459fa3c29c059eb43a0bb10d8b9098db80c3f

SHA-256:
b6264ff70c7697b625a4a45310936bf6eeebae90d89d7652c36e8da3ca95158c

Scanner detections:
23 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/20/2024 11:13:14 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2043180
760

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.12.28

Avira AntiVirus
TR/Crypt.ZPACK.Gen2
7.11.198.180

AVG
Generic
2015.0.3247

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.1515

Bitdefender
Trojan.GenericKD.2043180
1.0.20.25

Bkav FE
HW32.Packed
1.3.0.6267

Dr.Web
Trojan.Amonetize.341
9.0.1.0361

Emsisoft Anti-Malware
Trojan.GenericKD.2043180
8.15.01.05.10

ESET NOD32
Win32/Amonetize.CK (variant)
8.10934

F-Secure
Trojan.GenericKD.2043180
11.2015-05-01_2

G Data
Trojan.GenericKD.2043180
15.1.24

IKARUS anti.virus
Trojan.Crypt
t3scan.1.8.5.0

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Generic
14.0.0.2685

Malwarebytes
PUP.Optional.Monetizer
v2015.01.05.10

MicroWorld eScan
Trojan.GenericKD.2043180
16.0.0.15

nProtect
Trojan.GenericKD.2043180
14.12.30.01

Panda Antivirus
Trj/CI.A
15.01.05.10

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.AMGRUP.I
14.12.27.16

Sophos
Generic PUA CE
4.98

Trend Micro House Call
Suspicious_GEN.F47V1222
7.2.5

File size:
562.2 KB (575,680 bytes)

Product version:
1.1.5.26

Original file name:
setup.exe

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\google\chrome\user data\default\cache\f_0006c9

Digital Signature
Signed by:
AMGRUP LLC

Authority:
Thawte, Inc.

Valid from:
12/2/2014 2:00:00 AM

Valid to:
12/3/2015 1:59:59 AM

Subject:
CN=AMGRUP LLC, O=AMGRUP LLC, L=Kiev, S=Kiev, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7BEE5C2171C644AF5B917C9D0C4DC006

File PE Metadata
Compilation timestamp:
12/20/2014 12:07:19 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:PyxggGN4QZkCZXljo+2CZAndreofCspUxwjM8zZaFgN:Kxg14hCZVj5ANLfjuiNkFgN

Entry address:
0xAF83

Entry point:
E8, 21, 3E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, C4, 5B, 39, 00, FF, 15, A4, E0, 38, 00, 85, C0, 75, 18, 56, E8, 57, 2D, 00, 00, 8B, F0, FF, 15, 84, E0, 38, 00, 50, E8, 07, 2D, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, C1, ED, FF, FF, C7, 06, C0, EB, 38, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, C0, EB, 38, 00, E9, 05, EE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, C0, EB, 38, 00, E8, F2, ED, FF, FF...
 
[+]

Code size:
115.5 KB (118,272 bytes)

The file f_0006c9 has been seen being distributed by the following 3 URLs.

http://www.our-hurricane-file.net/.../Bizum Hoca 2014__6183_il1069074.exe

http://www.slow-download.com/download.php?version=1.1.5.26&campid=3687&instid[appname]=Pocket Mindfulness The Complete Series Downloader&instid[appsetupurl]=http://fastmediadownloads.com/download/Prompt-Downloader-1372311767.exe&instid[cmdline]=&instid[appimageurl]=http://.../logo.png&prefix=Pocket Mindfulness The Comple Downloader&instid[interrupted]=http://.../?cancel&ti1=1372311767&instid[thankyoupage]=http://.../?success

http://yourfreedownloadsnow.com/download_direct.php?id=2093&name=Wii U Emulator rel 3.1 322 for PC System.zip

Remove f_0006c9 - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.