home

g4z9e.exe

Mega Boost

juZZKm2n7

The application g4z9e.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.quinquevalenceslavepeopled.tech.
Publisher:
juZZKm2n7

Product:
Mega Boost

Description:
aQ9rVGGDz3

Version:
122.107.243.39

MD5:
e113fd36ab90eb6a4404782de61e70d6

SHA-1:
e1788c3fa0b7dd978bd32135aa1d15aa83a51c3b

SHA-256:
98860d17c9bde3aa3dfc0953e69041bd97e86f28a49d9d083eb0f9b451cfcc2b

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
5/5/2024 6:53:58 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Amonetize.QY potentially unwanted application
8.0.319.0

F-Secure
Variant.Razy.50351
5.15.96

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Amonetize
15.0.0.562

Norman
Gen:Variant.Razy.50351
28.05.2016 15:32:18

File size:
700 KB (716,800 bytes)

Product version:
122.107.243.39

Copyright:
Rights 2000

Trademarks:
td7zK0

Original file name:
build.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\g4z9e.exe

File PE Metadata
Compilation timestamp:
6/23/2016 10:45:33 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:DcFk6pIC61F9TqkHl6V2xYBKchhwwdufcWs7H4IAPq:DcFkfxnTJHl6gYBXhyfcWM4Ir

Entry address:
0xB001

Entry point:
E8, 48, 65, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 5F, 00, 00, 00, C7, 06, B8, D5, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 5F, 00, 00, 00, C7, 06, B8, D5, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, A0, 00, 00, 00, C7, 06, A0, D5, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 44, 00, 00, 00, C7, 06, A0, D5, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1...
 
[+]

Code size:
157 KB (160,768 bytes)

The file g4z9e.exe has been seen being distributed by the following URL.

http://www.quinquevalenceslavepeopled.tech/.../g4z9e.exe

Remove g4z9e.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.