» ----flashplayersetup__6802_i450207357_il31.exe
Overview
Analysis
File Details
Downloads (21)

----flashplayersetup__6802_i450207357_il31.exe

Wilmaonline LTD.

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application ----flashplayersetup__6802_i450207357_il31.exe by Wilmaonline has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. With this installer, users are expecting to download the free Adobe Flash Player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

Wilmaonline LTD. (signed and verified)

Version:

1.1.5.89

MD5:

07f34163db5840838a92805f259e80ac

SHA-1:

49bc03b9a439c7954cb2eea20360c68d6a0f5235

Scanner detections:

10 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/26/2024 11:12:03 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.Amonetiz

14.03.18

Avira AntiVirus

ADWARE/Adware.Gen2

7.11.137.132

avast!

Win32:Amonetize-N [PUP]

2014.9-140318

AVG

MalSign.Wilmo

2015.0.3532

ESET NOD32

Win32/Amonetize.AI (variant)

8.9552

Malwarebytes

PUP.Optional.Amonetize.A

v2014.03.18.05

Reason Heuristics

PUP.Installer.Wilmaonline.k

14.3.18.5

Sophos

Amonetize

4.98

Trend Micro House Call

TROJ_GEN.F47V0316

7.2.77

ViRobot

Adware.Agent.334896

2011.4.7.4223

File size:

327 KB (334,896 bytes)

Product version:

1.1.5.89

Original file name:

i.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

TUGUU DomaIQ Setup

Language:

English (United States)

Common path:

C:\documents and settings\administrateur\bureau\said\----flashplayersetup__6802_i450207357_il31.exe

Digital Signature

Signed by:

Wilmaonline LTD.

Authority:

Thawte, Inc.

Valid from:

7/2/2013 12:00:00 AM

Valid to:

7/2/2014 11:59:59 PM

Subject:

CN=Wilmaonline LTD., OU=Wilmaonline LTD., O=Wilmaonline LTD., L=Raanana, S=ISRAEL, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

56AD7789FEA4A324513D7CB6C47F1DE3

File PE Metadata

Compilation timestamp:

3/16/2014 11:22:28 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:WR8UvquJp3uW4iigPPYBHo2D8MRReR1UW4UHQP24lQa5CAGxiDM8E43AU:WR8USu3uW4VgPPAHomhWt34lRCQM8Tp

Entry address:

0x26EE4

Entry point:

E8, BC, 95, 00, 00, E9, 89, FE, FF, FF, CC, CC, 53, 56, 8B, 44, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 14, 8B, 44, 24, 10, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 0C, F7, F1, 8B, D3, EB, 41, 8B, C8, 8B, 5C, 24, 14, 8B, 54, 24, 10, 8B, 44, 24, 0C, D1, E9, D1, DB, D1, EA, D1, D8, 0B, C9, 75, F4, F7, F3, 8B, F0, F7, 64, 24, 18, 8B, C8, 8B, 44, 24, 14, F7, E6, 03, D1, 72, 0E, 3B, 54, 24, 10, 77, 08, 72, 07, 3B, 44, 24, 0C, 76, 01, 4E, 33, D2, 8B, C6, 5E, 5B, C2, 10, 00, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00... 
[+]

Code size:

228.5 KB (233,984 bytes)

The file ----flashplayersetup__6802_i450207357_il31.exe has been seen being distributed by the following 21 URLs.

http://www.hdplugindownload.com/direct-download.html?version=1.1.5.89&iaff1=9982&ci=4651&capp=FlashPlayer&ti1=ZkdXVpZD0wMTQ5MDk1My1mMjE2LTRjOWItYjBmYy0zOTU0YTI4ZjhkN2I

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=ZidXVpZD01ZjNkMzcyZS03NzUxLTRmMzEtOGE3OS1mNjMzM2YyMzJiMzc

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=Z5dXVpZD01N2I4NWNmZC1jZDc1LTQ2ODgtYmM4MC0xNmEyOTg1ODU5YTI

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=ZjdXVpZD05OWQyMmY2ZC0wYTE3LTRkOTctODViOC1hMTE4OGQwNTdjNGQ

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=Z3dXVpZD05NTNhZjY5YS0wMDhjLTQ1YTktODBhMC0xZjgyYmY5Yjc3MzY

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=Z2dXVpZD1jODcwMDU4Ni04ZDk2LTRjMmQtYWFiZC05MjA1YmRjNmQ2ZWM

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=ZwdXVpZD0xNjExMWRlMi1kZDZmLTQ2ZDMtYjMwZS00ZDMwMTQwZTYwNWI

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=ZwdXVpZD03NzNiNDA0Mi1mNWY3LTQzNTYtOTU4NS1mZmI3OGIxYzcwODk

http://www.hdplugindownload.com/direct-download.html?version=1.1.5.89&iaff1=10038&ci=3450&capp=FlashPlayer&ti1=1220162&ti2=pu

http://www.differentdownload.com/download.php?version=1.1.5.89&direct=1&prefix=FlashPlayersetup&campid=6802&ti1=ZxdXVpZD02NjdkMGUxNS1hMjgzLTQ5MTMtYjFjNS02ZDQzMmE5ZGQxOTY&capp=FlashPlayer

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=ZxdXVpZD02NjdkMGUxNS1hMjgzLTQ5MTMtYjFjNS02ZDQzMmE5ZGQxOTY

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=ZxdXVpZD1jNjI2MTk4MC1mY2ViLTQ1YzctODZhNC1hNjlmNWE2MWExYmQ

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=Z5dXVpZD1iNzg3NDE0YS1lMjc2LTQzNDItYjYwZS0yZjJmZmVkZTk5ODA

http://www.differentdownload.com/download.php?version=1.1.5.89&direct=1&prefix=FlashPlayersetup&campid=6802&ti1=ZjdXVpZD0xNTJkODI1ZS1jYWM1LTRiMmQtODJiMC1jNzY4ZWVlY2FjNjc&capp=FlashPlayer

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=ZjdXVpZD0xNTJkODI1ZS1jYWM1LTRiMmQtODJiMC1jNzY4ZWVlY2FjNjc

http://www.differentdownload.com/download.php?version=1.1.5.89&direct=1&prefix=FlashPlayersetup&campid=6802&ti1=Z3dXVpZD1iZWU2ZTk4ZC02N2I3LTQxYzctOWFiNy0wMGIwYWZmNTI3OTI&capp=FlashPlayer

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=Z3dXVpZD1iZWU2ZTk4ZC02N2I3LTQxYzctOWFiNy0wMGIwYWZmNTI3OTI

http://www.differentdownload.com/download.php?version=1.1.5.89&direct=1&prefix=FlashPlayersetup&campid=6802&ti1=ZjdXVpZD1iMDRiYzQ0Ni0yOGQwLTRjYzgtODVmZS0yZDFjYzA0YTljZWI&capp=FlashPlayer

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=ZjdXVpZD1iMDRiYzQ0Ni0yOGQwLTRjYzgtODVmZS0yZDFjYzA0YTljZWI

http://www.differentdownload.com/download.php?version=1.1.5.89&direct=1&prefix=FlashPlayersetup&campid=6802&ti1=Z4dXVpZD0yMDgzYjJiZi05YjZmLTQ2ZjQtOTU3Ni05ODBhMjMwZTA4NDI&capp=FlashPlayer

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=Z4dXVpZD0yMDgzYjJiZi05YjZmLTQ2ZjQtOTU3Ni05ODBhMjMwZTA4NDI

Remove ----flashplayersetup__6802_i450207357_il31.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.