home

filename.__2299_i1054031330_il1.exe

TEHSNABSTROY LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application filename.__2299_i1054031330_il1.exe by TEHSNABSTROY has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
TEHSNABSTROY LLC  (signed and verified)

Version:
1.1.5.27

MD5:
e727808ea43a21724f88071a86b07c7e

SHA-1:
6d50aab7b7951ce5cb7f1b0bd78fee20035d1bc7

SHA-256:
42ca312b82614166c0eeac3459950ff5da554b8335545767b554b39201feb366

Scanner detections:
11 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/25/2024 9:05:58 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Amonetize.N
898

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.07.18

Bitdefender
Application.Bundler.Amonetize.N
1.0.20.1160

Dr.Web
Adware.Downware.5913
9.0.1.0232

ESET NOD32
Win32/Amonetize.BI (variant)
8.10112

F-Secure
Application.Bundler.Amonetize
11.2014-20-08_4

G Data
Application.Bundler.Amonetize
14.8.24

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.3376

MicroWorld eScan
Application.Bundler.Amonetize.N
15.0.0.696

NANO AntiVirus
Riskware.Win32.Amonetize.dchxoa
0.28.2.60881

Reason Heuristics
PUP.Installer.TEHSNABSTROY.EE
14.8.20.18

File size:
345.1 KB (353,352 bytes)

Product version:
1.1.5.27

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\filename.__2299_i1054031330_il1.exe

Digital Signature
Signed by:
TEHSNABSTROY LLC

Authority:
COMODO CA Limited

Valid from:
6/19/2014 3:00:00 AM

Valid to:
6/20/2015 2:59:59 AM

Subject:
CN=TEHSNABSTROY LLC, O=TEHSNABSTROY LLC, STREET="UL. NIKOLYAMSKAYA, 9", L=G. MOSKVA, S=G. MOSKVA, PostalCode=109240, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F4B1A67457808CFF0300CD93C4050F05

File PE Metadata
Compilation timestamp:
7/17/2014 8:05:05 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:uBieRGukt2xUBTBIiOp83k8qwOoV7cZt+6Z1JnFuaqm6IDz:YvsN2xUBToWvOoVgygFuaqmFDz

Entry address:
0x14C32

Entry point:
E8, E8, 5F, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 3C, 8E, 3F, 00, 00, 75, 18, E8, C8, 59, 00, 00, 6A, 1E, E8, 12, 58, 00, 00, 68, FF, 00, 00, 00, E8, 10, F6, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, 3C, 8E, 3F, 00, FF, 15...
 
[+]

Entropy:
7.4469

Code size:
116.5 KB (119,296 bytes)

The file filename.__2299_i1054031330_il1.exe has been seen being distributed by the following URL.

http://www.generaldownload.com/download.php?version=1.1.5.27&ti1=p191.res.0.result.0a5717768a2822&ti2=9269158642&campid=2299&instid[appname]=Download Manager&instid[appsetupurl]=http://link.wdownloadmanager.com/?url=&ref=&name=DownloadFileSetup&source=xs&instid[cmdline]=&instid[appimageurl]=http://.../dl.png&prefix=DownloadFileSetup&instid[thankyoupage]=

Remove filename.__2299_i1054031330_il1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.