ghostdoc+pro+4+9+key_10924_i39229800_il345.exe.zip
The file ghostdoc+pro+4+9+key_10924_i39229800_il345.exe.zip has been detected as a potentially unwanted program by 21 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from downprov.red-8-small-button.com.
File name:
ghostdoc+pro+4+9+key_10924_i39229800_il345.exe.zip
MD5:
cb31d116201c4da131e7d1c40f6d3810
SHA-1:
2faeb218bfe8012beec4049f2469bd46f46dc9b2
SHA-256:
d67e5d22023bfb4b0b9a2c9eab633b0cb65957da2e6e9d2e8acd5147d1c7cc74
Scanner detections:
21 / 68
Status:
Potentially unwanted
Analysis date:
4/18/2024 11:02:35 PM UTC (a few moments ago)
Scan engine
Detection
Engine version
Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.597398
5876471
Arcabit
Trojan.Adware.Kazy.D91D96
1.0.0.425
avast!
Win32:Amonetize-JO [PUP]
2014.9-150802
Bitdefender
Gen:Variant.Adware.Kazy.597398
1.0.20.1070
Comodo Security
Virus.Win32.Virut.CE
22917
Dr.Web
infected with Trojan.Amonetize
9.0.1.05190
Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.597398
10.0.0.5366
ESET NOD32
Win32/Amonetize.DW potentially unwanted application
7.0.302.0
F-Prot
W32/S-53544127
v6.4.7.1.166
F-Secure
Gen:Variant.Adware.Kazy
11.2015-02-08_1
G Data
Gen:Variant.Adware.Kazy.597398
15.8.25
Kaspersky
not-a-virus:Downloader.Win32.Agent
15.0.0.543
MicroWorld eScan
Gen:Variant.Adware.Kazy.597398
16.0.0.642
Norman
Gen:Variant.Adware.Kazy.597398
07.07.2015 03:10:29
Panda Antivirus
Trj/Genetic.gen
15.08.02.02
Quick Heal
PUA.Bershnetll.Gen
8.15.14.00
Sophos
PUA 'Amonetize'
5.15
Trend Micro House Call
TROJ_GE.B09CCC97
7.2.214
Vba32 AntiVirus
Signed-Downware.Dlhelper
3.12.26.4
VIPRE Antivirus
Amonetize
42550
File size:
1.4 MB (1,510,804 bytes)
Common path:
C:\users\{user}\downloads\ghostdoc+pro+4+9+key_10924_i39229800_il345.exe.zip
The file ghostdoc+pro+4+9+key_10924_i39229800_il345.exe.zip has been seen being distributed by the following URL.