home

flashplayer__1003_i98278581_il3.exe

Installer

Amonetizé Ltd

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application flashplayer__1003_i98278581_il3.exe has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Amonetize Downloader installer, however the file is not signed with an authenticode signature from a trusted source. With this installer, users are expecting to download the free Adobe Flash Player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Amonetizé Ltd

Product:
Installer

Version:
1.1.5.86

MD5:
b83cb6ad7719101ce451b08be4f4d361

SHA-1:
06f66a829da4b03c1d07b903a57798e3a97cc8f1

SHA-256:
63e095119d925069975c44bab5e196f58dc4f6833d4adbeb7441def612707167

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/23/2024 12:58:00 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.8.3.10

File size:
149.6 KB (153,216 bytes)

Product version:
2.1.12

Copyright:
(c) Amonetizé Ltd, 2012,2013. All rights reserved.

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\flashplayer__1003_i98278581_il3.exe

File PE Metadata
Compilation timestamp:
10/13/2013 1:47:49 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:xq6RBOQ5dAv2URn6gRCpn35sRjhU1ak5GzlE56GMu1gByfs:xc/XV6S256FGCS7L1qAs

Entry address:
0x58900

Entry point:
60, BE, 00, 90, 43, 00, 8D, BE, 00, 80, FC, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.7945

Packer / compiler:
UPX 2.90LZMA

Code size:
128 KB (131,072 bytes)

The file flashplayer__1003_i98278581_il3.exe has been seen being distributed by the following URL.

http://a.ad-sys.com/.../click?tenant=AD&context=LqOPtmbfswtzAwcZKyaSnaFQbGha_FSaubac-VF_JEbaAd22PgyQ4PmO908uaOKEPEuJAA0a0GAM6P1MangAeYbagOAsrMjOe6AAMgOrn0qdHvrDYC13L74VBen71g4lMW6Xcer-dJ5gRA5XpfvKjJnZ4jIAjEiqqeHi-jFPsCurBZjBJvBJEHYIhbOOmdQXsaXGHsrZRbGzsCop1fqS26dRpNHrfA0ghgmshEEU4iVcznaGUCdZ7RkZpbYHy65mQ5uUqurua_JxwsWPU0n52qcjwLskLZPCS4hg40TkHOmSuJSN5maMhBSRAPeofPRGgklumbnpsBQIiCQYQdeMtQxs3m6bBFPyJVKNvDbccOvIlA2gzIAXx4TvIPiui4sr2wllcUkmRBHDM_XFYDtrqHkKcZKyaS

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):
Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com  (54.221.252.69:80)

Remove flashplayer__1003_i98278581_il3.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.