» ghostdoc+pro+4+9+key_10924_i39229800_il345.exe.zip
Overview
Analysis
File Details
Downloads (1)

ghostdoc+pro+4+9+key_10924_i39229800_il345.exe.zip

The file ghostdoc+pro+4+9+key_10924_i39229800_il345.exe.zip has been detected as a potentially unwanted program by 21 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from downprov.red-8-small-button.com.

File name:

MD5:

cb31d116201c4da131e7d1c40f6d3810

SHA-1:

2faeb218bfe8012beec4049f2469bd46f46dc9b2

SHA-256:

d67e5d22023bfb4b0b9a2c9eab633b0cb65957da2e6e9d2e8acd5147d1c7cc74

Scanner detections:

21 / 68

Status:

Potentially unwanted

Analysis date:

4/18/2024 11:02:35 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Kazy.597398

5876471

Arcabit

Trojan.Adware.Kazy.D91D96

1.0.0.425

avast!

Win32:Amonetize-JO [PUP]

2014.9-150802

AVG

Generic

2016.0.3029

Bitdefender

Gen:Variant.Adware.Kazy.597398

1.0.20.1070

Comodo Security

Virus.Win32.Virut.CE

22917

Dr.Web

infected with Trojan.Amonetize

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Kazy.597398

10.0.0.5366

ESET NOD32

Win32/Amonetize.DW potentially unwanted application

7.0.302.0

F-Prot

W32/S-53544127

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Kazy

11.2015-02-08_1

G Data

Gen:Variant.Adware.Kazy.597398

15.8.25

Kaspersky

not-a-virus:Downloader.Win32.Agent

15.0.0.543

MicroWorld eScan

Gen:Variant.Adware.Kazy.597398

16.0.0.642

Norman

Gen:Variant.Adware.Kazy.597398

07.07.2015 03:10:29

Panda Antivirus

Trj/Genetic.gen

15.08.02.02

Quick Heal

PUA.Bershnetll.Gen

8.15.14.00

Sophos

PUA 'Amonetize'

5.15

Trend Micro House Call

TROJ_GE.B09CCC97

7.2.214

Vba32 AntiVirus

Signed-Downware.Dlhelper

3.12.26.4

VIPRE Antivirus

Amonetize

42550

File size:

1.4 MB (1,510,804 bytes)

Common path:

C:\users\{user}\downloads\ghostdoc+pro+4+9+key_10924_i39229800_il345.exe.zip

The file ghostdoc+pro+4+9+key_10924_i39229800_il345.exe.zip has been seen being distributed by the following URL.

http://downprov.red-8-small-button.com/direct?version=1.1.8.22&campid=10924&instid[appname]=ghostdoc pro 4 9 key_Downloader&instid[appsetupurl]=http://go.downloadboutique.com/getfast/download.cgi?9&ti1=3310000&ti2=5&ti3=5284501nzwg2&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.downloadboutique.com/d1/logo150x150.png&prefix=ghostdoc pro 4 9 key&instid[thankyoupage]=http://download.downloadboutique.com/.../thank_you.php?ti1=3310000&ti2=5&ti3=5284501nzwg2&parameter=ghostdoc pro 4 9 key&instid[interrupted]=http://download.downloadboutique.com/.../interrupted.php?ti1=3310000&ti2=5&ti3=5284501nzwg2&parameter=ghostdoc pro 4 9 key&ti1=3310000&ti2=5&ti3=5284501nzwg2&_dest=files.red-9-small-button.com

Remove ghostdoc+pro+4+9+key_10924_i39229800_il345.exe.zip - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.