» flashplayer__4369_i268002322_il14.exe
Overview
Analysis
File Details
Downloads (14)
Network (2)

flashplayer__4369_i268002322_il14.exe

Installer

Amonetize ltd.

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application flashplayer__4369_i268002322_il14.exe by Amonetize ltd has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. With this installer, users are expecting to download the free Adobe Flash Player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.

File name:

Publisher:

Amônétízé Ltd (signed by Amonetize ltd.)

Product:

Installer

Version:

1.1.5.55

MD5:

5417f09906e3b00634d3c33c4da72d92

SHA-1:

16dc26982c4dc25e6163f155827874b3df264a1e

SHA-256:

c2d34fe4fec7e474801ddab6f7e811225fa982e9798465c6dc4298e5a5be0866

Scanner detections:

15 / 68

Status:

Adware

Explanation:

This setup file is a re-distribution of the original program that bundles various adware offers during installation including toolbars and browser search extensions.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/18/2024 3:26:35 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.Amonetiz

2014.02.01

avast!

Win32:Dropper-gen [Drp]

2014.9-140410

AVG

Generic5

2015.0.3508

Dr.Web

Adware.Downware.1655

9.0.1.0100

ESET NOD32

Win32/Amonetize.AA (variant)

8.9364

Fortinet FortiGate

Riskware/Amonetize

4/10/2014

G Data

Win32.Trojan.Agent.GOH72L

14.4.24

K7 AntiVirus

Unwanted-Program

13.175.11028

Malwarebytes

PUP.Optional.InstallMonetizer

v2014.04.10.04

McAfee

Adware-Amonetize!5417F09906E3

5600.7164

Panda Antivirus

Suspicious file

14.04.10.04

Reason Heuristics

PUP.Installer.Amonetizeltd.b

14.8.7.20

Sophos

Amonetize

4.97

Trend Micro House Call

TROJ_GEN.F47V0115

7.2.100

VIPRE Antivirus

Amonetize

26006

File size:

329 KB (336,936 bytes)

Product version:

2.1.12

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Amonetize Downloader

Language:

English (United States)

Common path:

C:\users\{user}\downloads\flashplayer__4369_i268002322_il14.exe

Digital Signature

Signed by:

Amonetize ltd.

Authority:

Thawte, Inc.

Valid from:

3/19/2013 1:00:00 AM

Valid to:

6/19/2015 1:59:59 AM

Subject:

CN=Amonetize ltd., O=Amonetize ltd., L=Raanana, S=Alberta, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

235E7B2F1D4E0152189F6381E2BA8C97

File PE Metadata

Compilation timestamp:

1/15/2014 6:11:40 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:sfOpdUmRui8nHygPxBRMBZBTyDleFw6oHLb2C4X9QtQ/0Re8pH0:sOzUmRV8PPxB2ZBKUoHGjX9QvpH0

Entry address:

0x26C43

Entry point:

E8, 77, 96, 00, 00, E9, 89, FE, FF, FF, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00, 00, 00, 8B, D1, 83, E1, 7F, C1, EA, 07, 74, 65, EB, 06, 8D, 9B, 00, 00, 00, 00, 66, 0F, 6F, 06, 66, 0F, 6F, 4E, 10, 66, 0F, 6F, 56, 20, 66, 0F, 6F, 5E, 30, 66, 0F, 7F, 07, 66, 0F, 7F, 4F, 10, 66, 0F, 7F, 57, 20, 66, 0F, 7F, 5F, 30, 66, 0F, 6F, 66, 40, 66, 0F, 6F, 6E, 50, 66, 0F, 6F, 76, 60, 66, 0F, 6F, 7E, 70, 66, 0F, 7F, 67, 40, 66, 0F, 7F, 6F, 50, 66, 0F, 7F, 77, 60, 66, 0F, 7F, 7F, 70, 8D, B6, 80, 00, 00, 00, 8D, BF... 
[+]

Code size:

229 KB (234,496 bytes)

The file flashplayer__4369_i268002322_il14.exe has been seen being distributed by the following 14 URLs.

http://cldlr.com/?a=4672&c=56474&s1=1

http://www.conductdownload.com/download.php?version=1.1.5.55&prefix=FlashPlayerSetup&campid=4369&instid[appname]=FlashPlayer&instid[appsetupurl]=https://launchpad.net/lightspark/trunk/lightspark-0.5.3/ download/Lightspark-0.5.3-win32.exe&instid[appimageurl]=http://www.tsxnrey.com/i/White Smoke Inc/.../150x150_v1Logo.jpg&prefix=FlashPlayer&ti1=MTEwfDk4MnxUSHwzfDF8fA|c4020c18ac49f2e4c71e8ec2b43ff076|23cf4930-6f9e-11e3-b31a-0025b320a860&capp=FlashPlayer

http://www.conductdownload.com/download.php?version=1.1.5.55&prefix=FlashPlayerSetup&campid=4369&instid[appname]=FlashPlayer&instid[appsetupurl]=https://launchpad.net/lightspark/trunk/lightspark-0.5.3/ download/Lightspark-0.5.3-win32.exe&instid[appimageurl]=http://www.tsxnrey.com/i/White Smoke Inc/.../150x150_v1Logo.jpg&prefix=FlashPlayer&ti1=MTY3fDk4MnxTRXwzfDF8fA|c4020c18ac49f2e4c71e8ec2b43ff076|fcd58d01-7874-11e3-b6bb-0025b320a860&capp=FlashPlayer

http://www.conductdownload.com/download.php?version=1.1.5.55&direct=1&prefix=FlashPlayersetup&campid=3873&ti1=321080758&ti2=4672&capp=FlashPlayer

http://www.hdplugindownload.com/direct-download.html?version=1.1.5.55&ci=3873&capp=FlashPlayer&ti1=321080758&ti2=4672

http://www.conductdownload.com/download.php?version=1.1.5.55&direct=1&prefix=FlashPlayersetup&campid=3873&ti1=319745837&ti2=4672&capp=FlashPlayer

http://www.hdplugindownload.com/direct-download.html?version=1.1.5.55&ci=3873&capp=FlashPlayer&ti1=319745837&ti2=4672

http://www.intactdownload.com/download.php?version=1.1.5.55&capp=IT&campid=442&prefix=InternetTurbo&ti1=t34a.100.0.0.116a66911

http://www.shortestdownload.com/download.php?version=1.1.5.55&direct=1&prefix=FlashPlayersetup&campid=3873&capp=FlashPlayer&ti1=258671172&ti2=4672

http://cldlr.com/?a=4672&c=56476&s1=3

http://www.tangibledownload.com/download.php?version=1.1.5.55&direct=1&prefix=PDFCreator&campid=2961&capp=PDFCreator

http://www.conductdownload.com/download.php?version=1.1.5.55&direct=1&prefix=FlashPlayersetup&campid=3873&ti1=320686742&ti2=4672&capp=FlashPlayer

http://www.hdplugindownload.com/direct-download.html?version=1.1.5.55&ci=3873&capp=FlashPlayer&ti1=320686742&ti2=4672

http://cldlr.com/?a=4672&c=56472&s1=1

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.soledownload.com (54.225.181.84:80)

TCP (HTTP):

Connects to www.activemonetizer.com (23.23.96.46:80)

http://www.activemonetizer.com/index.php?Net2=v2.0.50727&Net4=&OSversion=NT5.1SP3&Slv=&Sysid=B24031001&Sysid1=B24031001&X64=N&admin=Y&browser=IEXPLORE.EXE&chver=&exe=ikjut__3814890&offver=&lang_DfltUser=04

Remove flashplayer__4369_i268002322_il14.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.