» f_003f01
Overview
Analysis
File Details
Downloads (12)

f_003f01

AMGRUP LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file f_003f01 by AMGRUP has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

f_003f01

Publisher:

AMGRUP LLC (signed and verified)

Version:

1.1.5.90

MD5:

0e9c57fc3c8750ac1dd3adbd54b98d79

SHA-1:

c189db32678d71bb8396438118a8c865b70c234c

SHA-256:

55f8b8529a1a1bc8373fc058c709c873fe687a82654337d5c53d9ed83114e9cb

Scanner detections:

25 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 8:00:34 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2067331

754

AhnLab V3 Security

PUP/Win32.Amonetiz

2015.01.07

Avira AntiVirus

TR/Crypt.ZPACK.Gen2

7.11.200.82

avast!

Win32:Malware-gen

2014.9-150106

AVG

Generic

2016.0.3237

Baidu Antivirus

PUA.Win32.Amonetize

4.0.3.15112

Bitdefender

Application.Bundler.Amonetize.AO

1.0.20.30

Bkav FE

HW32.Packed

1.3.0.6267

Dr.Web

Trojan.Adfltnet.70

9.0.1.012

Emsisoft Anti-Malware

Trojan.GenericKD.2067331

8.15.01.12.10

ESET NOD32

Win32/Amonetize.CS (variant)

9.10987

Fortinet FortiGate

Riskware/Amonetize

1/12/2015

F-Secure

Trojan.GenericKD.2067331

11.2015-12-01_2

G Data

Trojan.GenericKD.2067331

15.1.24

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.190.14587

Kaspersky

not-a-virus:AdWare.Win32.Amonetize

14.0.0.2681

McAfee

Artemis!0E9C57FC3C87

5600.6893

MicroWorld eScan

Application.Bundler.Amonetize.AO

16.0.0.18

NANO AntiVirus

Trojan.Win32.Adfltnet.dlsvsx

0.30.0.64448

nProtect

Trojan.GenericKD.2067331

15.01.09.01

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Installer.AMGRUP.I

15.1.6.19

Sophos

Generic PUA JG

4.98

Trend Micro House Call

Suspicious_GEN.F47V0106

7.2.6

File size:

467.2 KB (478,400 bytes)

Product version:

1.1.5.90

Original file name:

setup.exe

Bundler/Installer:

Amonetize Downloader

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\google\chrome\user data\default\cache\f_003f01

Digital Signature

Signed by:

AMGRUP LLC

Authority:

Thawte, Inc.

Valid from:

12/1/2014 4:00:00 PM

Valid to:

12/2/2015 3:59:59 PM

Subject:

CN=AMGRUP LLC, O=AMGRUP LLC, L=Kiev, S=Kiev, C=UA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7BEE5C2171C644AF5B917C9D0C4DC006

File PE Metadata

Compilation timestamp:

1/4/2015 11:54:45 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:2iiMPvaFGvvgMABHn0R1+CICsWTgdE1bUbN8RnEOxlD/+qg40Frw151cGYtEsGTE:2irysgLHnGZsNWSunLxliqglFUHD1E

Entry address:

0x12458

Entry point:

E8, 9B, 4B, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, 04, 2F, 3B, 00, 00, 75, 18, E8, 79, 35, 00, 00, 6A, 1E, E8, C3, 33, 00, 00, 68, FF, 00, 00, 00, E8, F0, F8, FF, FF, 59, 59, 8B, 45, 08, 85, C0, 75, 01, 40, 50, 6A, 00, FF, 35, 04, 2F, 3B, 00, FF, 15, C8, B0, 3A, 00, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 04, 2F, 3B, 00, 00, 75, 18, E8, 2F, 35, 00, 00, 6A, 1E, E8, 79, 33, 00, 00, 68, FF, 00, 00, 00, E8, A6, F8, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3... 
[+]

Entropy:

7.4512

Code size:

166.5 KB (170,496 bytes)

The file f_003f01 has been seen being distributed by the following 12 URLs.

http://www.our-hurricane-file.net/.../Yuzuklerin Efendisi uclemesinin __10940_i1442667006_il47082.exe

http://v4download3.biz/download.php?id=janinec&title=descargarelhack

http://v4download.com/download.php?id=janinec&title=descargarelhack

http://v4download3.biz/download.php?id=mmohaui&title=Crack-Win7

http://www.v4download.com/download.php?title=Crack Win7&id=mmohaui

http://bit.ly/1xrtzKC

q=http://bit.ly/1xrtzKC&redir_token=jfA2LxaRC08Irfzn5iXOEyP-zex8MTQyMDcxNjM4MkAxNDIwNjI5OTgy

q=http://bit.ly/14vW0hD&redir_token=9b84-bO_kcVGpHhptqtRpDhYrnF8MTQyMDgwNjQwNUAxNDIwNzIwMDA1

q=http://goo.gl/5p4N1A&redir_token=BPXP3qykBYGt9t7bu_wX6yUjhEp8MTQyMDk1NDU1MUAxNDIwODY4MTUx

http://v4download.com/download.php?id=ahmetmy&title=Spyhunter4.xCrack

http://v4download3.biz/download2.php?id=cosmin931&title=TrueSkateHack&url=http://hacktoolnew.com/.../

http://www.v4download.com/download.php?title=League of legend riot points code generator&id=silviupkr

Remove f_003f01 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.