home

flashplayersetup__7343_i1254075811_il20.exe

Wilmaonline LTD.

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application flashplayersetup__7343_i1254075811_il20.exe by Wilmaonline has been detected as adware by 34 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The installer is marketed through download protals and search ads as the free Adobe Flash Player but will also install additional software offers which include adware, PUPs and browser toolbars. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Wilmaonline LTD.  (signed and verified)

Version:
1.1.5.89

MD5:
be9395a1d258483a7ee067d1f78015ab

SHA-1:
44a5d04c30d19f23051aff1388d49bd939d5094c

SHA-256:
28d2e26be889cfabdcf6e7c9c469e8d7cb3f80ba5b1357f6c59e4fbb594632bb

Scanner detections:
34 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 8:10:39 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Amonetize.18
431

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetize
2015.06.09

Avira AntiVirus
ADWARE/Amonetize.tzv
8.3.1.6

Arcabit
Trojan.Application.Bundler.Amonetize.18
1.0.0.425

avast!
Win32:Amonetize-HL [PUP]
2014.9-151201

AVG
BundleApp
2016.0.2909

Baidu Antivirus
PUA.Win32.Amonetize
4.0.3.15121

Bitdefender
Gen:Variant.Application.Bundler.Amonetize.18
1.0.20.1675

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Amonetize-458
0.98/21511

Comodo Security
ApplicUnwnt
22382

Dr.Web
Trojan.Amonetize.2350
9.0.1.0335

ESET NOD32
Win32/Amonetize.BN potentially unwanted (variant)
9.11752

Fortinet FortiGate
Riskware/Amonetize
12/1/2015

F-Prot
W32/S-7396c95c
v6.4.7.1.166

F-Secure
Gen:Variant.Application.Bundler
11.2015-01-12_3

G Data
Gen:Variant.Application.Bundler.Amonetize.18
15.12.25

K7 AntiVirus
Unwanted-Program
13.204.16170

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.1038

McAfee
PUP-Amonetize
5600.6565

MicroWorld eScan
Gen:Variant.Application.Bundler.Amonetize.18
16.0.0.1005

NANO AntiVirus
Riskware.Win32.Amonetize.delxsa
0.30.24.1636

nProtect
Trojan-Clicker/W32.Amonetize.353984
15.06.05.01

Panda Antivirus
Trj/Genetic.gen
15.12.01.11

Quick Heal
Trojan.Neop.G5
12.15.14.00

Reason Heuristics
PUP.Brightcircle.Wilmaonline.Bundler (M)
15.12.1.11

Sophos
Amonetizer
4.98

Total Defense
Win32/Tnega.BZfTJU
37.1.62.1

Trend Micro House Call
TROJ_GEN.R0C1C0PCN15
7.2.335

Trend Micro
TROJ_GEN.R0C1C0PCN15
10.465.01

Vba32 AntiVirus
AdWare.Amonetize
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
40938

Zillya! Antivirus
Adware.Amonetize.Win32.922
2.0.0.2211

File size:
345.7 KB (353,984 bytes)

Product version:
1.1.5.89

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\flashplayersetup__7343_i1254075811_il20.exe

Digital Signature
Signed by:
Wilmaonline LTD.

Authority:
Thawte, Inc.

Valid from:
7/6/2014 5:00:00 PM

Valid to:
8/6/2015 4:59:59 PM

Subject:
CN=Wilmaonline LTD., O=Wilmaonline LTD., L=Raanana, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2B7DF4C242BFBB654DA05B78A86926AA

File PE Metadata
Compilation timestamp:
8/27/2014 1:01:59 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:ommFHjLBAD4wix5S9HcI4j9reWRQNfoecvvFkOS141BUCvi9GL6Wd:CHBADCx5/W5oesvlS141BUCeWd

Entry address:
0xAE62

Entry point:
E8, 5E, 45, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 1C, 9D, 3B, 00, 00, 75, 18, E8, 54, 2D, 00, 00, 6A, 1E, E8, 9E, 2B, 00, 00, 68, FF, 00, 00, 00, E8, D6, F8, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, 1C, 9D, 3B, 00, FF, 15, 14, 31, 3B, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, 20, 9D, 3B, 00, 74, 0D, 53, E8, 1D, 15, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, 3A, 24, 00, 00, 89, 30, E8, 33, 24, 00, 00, 89...
 
[+]

Entropy:
7.5752

Code size:
69.5 KB (71,168 bytes)

The file flashplayersetup__7343_i1254075811_il20.exe has been seen being distributed by the following URL.

https://secure-lax.adnxs.com/click?if0_FUD3gT8iL0NWw6R9PwAAAAAAAPA_Ii9DVsOkfT-J_T8VQPeBP4BQN7CVDaBwHJEOsFPF_ytU4QVUAAAAAG5oNAB2AgAArwcAAAIAAACSLNYALTwHAAAAAQBVU0QAVVNEANgCWgBlDAAAmrsAAgUAAQIAAJQAPyF8XwAAAAA./cnd=!ZQYTOgiYltkBEJLZ2AYYrfgcIAI./referrer=https://sjobs.brassring.com/tgwebhost/profileprovider.aspx/clickenc=http://.../direct-download.html?version=1.1.5.89&ci=7343&capp=FlashPlayer&ti1=lax1CJyiuoC7qvH_KxACGICh3YHbsoPQcCILOTkuNDguNDUuNjQoATDUwpegBQ..&ti2=SBZ&ti3=3434606

Remove flashplayersetup__7343_i1254075811_il20.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.