home

file.download__2299_i1254398238_il14.exe

TEHSNABSTROY LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application file.download__2299_i1254398238_il14.exe by TEHSNABSTROY has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
TEHSNABSTROY LLC  (signed and verified)

Version:
1.1.5.27

MD5:
ef396e3c6f85afd84de3aa5dd8e84a9c

SHA-1:
2ade7e45271be0390cdb22266134eb2071718555

SHA-256:
ea7495b626b88cc77d71bc8a1cba91e9e7b4bba7639c1a901f0dba66b8948643

Scanner detections:
12 / 68

Status:
Adware

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/24/2024 9:48:43 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetize
2014.09.02

Avira AntiVirus
Adware/Amonetize.tzw
7.11.170.142

AVG
Generic
2015.0.3354

Dr.Web
Adware.Downware.8379
9.0.1.0255

ESET NOD32
Win32/Amonetize.BN (variant)
8.10354

Malwarebytes
PUP.Optional.Amonetize
v2014.09.12.11

McAfee
PUP-Amonetize
5600.7010

Panda Antivirus
Trj/Genetic.gen
14.09.12.11

Qihoo 360 Security
Win32/Virus.Adware.84b
1.0.0.1015

Reason Heuristics
PUP.Installer.TEHSNABSTROY.d
14.9.12.11

Zillya! Antivirus
Adware.Amonetize.Win32.922
2.0.0.1908

File size:
347.1 KB (355,400 bytes)

Product version:
1.1.5.27

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Language:
English (United States)

Common path:
C:\users\user\download\file.download__2299_i1254398238_il14.exe

Digital Signature
Signed by:
TEHSNABSTROY LLC

Authority:
COMODO CA Limited

Valid from:
6/19/2014 2:00:00 AM

Valid to:
6/20/2015 1:59:59 AM

Subject:
CN=TEHSNABSTROY LLC, O=TEHSNABSTROY LLC, STREET="UL. NIKOLYAMSKAYA, 9", L=G. MOSKVA, S=G. MOSKVA, PostalCode=109240, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F4B1A67457808CFF0300CD93C4050F05

File PE Metadata
Compilation timestamp:
8/27/2014 10:01:59 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:GmmFHjLBAD4wENn3Deord7cfOgeeXqYnPYUySYzYaZziLoGI:YHBAD1gmfOgeeX7YU6aoGI

Entry address:
0xAE62

Entry point:
E8, 5E, 45, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 1C, 9D, 3B, 00, 00, 75, 18, E8, 54, 2D, 00, 00, 6A, 1E, E8, 9E, 2B, 00, 00, 68, FF, 00, 00, 00, E8, D6, F8, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, 1C, 9D, 3B, 00, FF, 15, 14, 31, 3B, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, 20, 9D, 3B, 00, 74, 0D, 53, E8, 1D, 15, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, 3A, 24, 00, 00, 89, 30, E8, 33, 24, 00, 00, 89...
 
[+]

Code size:
69.5 KB (71,168 bytes)

The file file.download__2299_i1254398238_il14.exe has been seen being distributed by the following URL.

http://dl-gate.net/?id=p191&sub=ar&name=File.Download&nor=1&subid=11916071664

Remove file.download__2299_i1254398238_il14.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.