» gamesetup__4411_il15060.exe
Overview
Analysis
File Details
Downloads (4)
Network (2)

gamesetup__4411_il15060.exe

Installer

The application gamesetup__4411_il15060.exe has been detected as a potentially unwanted program by 23 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.formerdownload.com and multiple other hosts. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

Product:

Installer

Version:

1.1.6.20

MD5:

c1fc81e56c0bd981eeb04b76f9880360

SHA-1:

11e4c1c12394206bcb560dbb952c2d6cf0222ae6

SHA-256:

d1a429fbb9ba5d14273e982ee25d8f798423c620e9b166a90d1f1af03734549e

Scanner detections:

23 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 6:16:34 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Generic.619586

848

AhnLab V3 Security

PUP/Win32.Amonetiz

2014.08.20

Avira AntiVirus

ADWARE/Adware.Gen2

7.11.168.26

avast!

Win32:Adware-BJY [PUP]

2014.9-141010

Baidu Antivirus

Adware.Win32.Amonetize

4.0.3.141010

Bitdefender

Application.Generic.619586

1.0.20.1415

Dr.Web

Adware.Downware.2160

9.0.1.0283

ESET NOD32

Win32/Amonetize.AJ (variant)

8.10284

Fortinet FortiGate

Riskware/Amonetize

10/10/2014

F-Secure

Application.Generic.619586

11.2014-10-10_6

G Data

Application.Generic.619586

14.10.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.7.5.0

K7 AntiVirus

Trojan

13.183.13098

Kaspersky

not-a-virus:HEUR:AdWare.Win32.Amonetize

14.0.0.3124

Malwarebytes

PUP.Optional.Amonetize

v2014.10.10.05

McAfee

Artemis!C1FC81E56C0B

5600.6982

MicroWorld eScan

Application.Generic.619586

15.0.0.849

NANO AntiVirus

Riskware.Win32.Amonetize.cxrgsh

0.28.2.61721

Panda Antivirus

Trj/CI.A

14.10.10.05

Reason Heuristics

Threat.Win.Reputation.IMP

14.10.10.5

Rising Antivirus

PE:Malware.Adware!6.1574

23.00.65.141008

Sophos

Amonetize

4.98

VIPRE Antivirus

Trojan.Win32.Generic

32376

File size:

323 KB (330,752 bytes)

Product version:

2.1.12

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\gamesetup__4411_il15060.exe

File PE Metadata

Compilation timestamp:

2/13/2014 3:19:06 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:v5+IyFPTUcRbaTfFVGI1CnqBfOkh4lNehhCBwPgg2UZedZTI/YaS5NexXLOpd:v5+IyF7UcRefFVGI1Cn6fO53gJe7TI/K

Entry address:

0x26FF4

Entry point:

E8, BC, 95, 00, 00, E9, 89, FE, FF, FF, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00, 00, 00, 8B, D1, 83, E1, 7F, C1, EA, 07, 74, 65, EB, 06, 8D, 9B, 00, 00, 00, 00, 66, 0F, 6F, 06, 66, 0F, 6F, 4E, 10, 66, 0F, 6F, 56, 20, 66, 0F, 6F, 5E, 30, 66, 0F, 7F, 07, 66, 0F, 7F, 4F, 10, 66, 0F, 7F, 57, 20, 66, 0F, 7F, 5F, 30, 66, 0F, 6F, 66, 40, 66, 0F, 6F, 6E, 50, 66, 0F, 6F, 76, 60, 66, 0F, 6F, 7E, 70, 66, 0F, 7F, 67, 40, 66, 0F, 7F, 6F, 50, 66, 0F, 7F, 77, 60, 66, 0F, 7F, 7F, 70, 8D, B6, 80, 00, 00, 00, 8D, BF... 
[+]

Entropy:

6.4172

Code size:

229 KB (234,496 bytes)

The file gamesetup__4411_il15060.exe has been seen being distributed by the following 4 URLs.

http://www.formerdownload.com/download.php?version=1.1.6.20&prefix=Avast! 2014 9.0.2013 Full License Key Till 2050&campid=3611&instid[appname]=Avast! 2014 9.0.2013 Full License Key Till 2050&instid[thankyoupage]=&instid[appsetupurl]=&instid[interrupted]=&instid[appimageurl]=http://s3.amazonaws.com/.../downloadall.png

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=NzI0fDE3MzR8UEx8M3wxfHw|f1083ef8b33baf993d96198897c89bb7

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=NzI0fDE3MzR8TVh8M3wxfHw|f1083ef8b33baf993d96198897c89bb7

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4411&capp=s7zip&prefix=GameSetup

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

Remove gamesetup__4411_il15060.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.