home

grasu xxl feat ami deja vu__3515_i168818161_il6172674.exe

Installer

Shetef Solutions & Consulting (1998) Ltd.

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application grasu xxl feat ami deja vu__3515_i168818161_il6172674.exe by Shetef Solutions & Consulting (1998) has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.
Publisher:
Amônétízé Ltd  (signed by Shetef Solutions & Consulting (1998) Ltd.)

Product:
Installer

Version:
1.1.5.98

MD5:
3492e93a345fb481b1e418faa2c5043e

SHA-1:
4d16a2d9eb31606bf95bb62b5d9f46a709c61726

SHA-256:
0a26b2bbeacfbc70cc88bca90ca20bfc3b4be86877459f4ff295bb52e4693d88

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/24/2024 8:25:10 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.Amonetize
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.121.104

Dr.Web
Adware.Downware.1575
9.0.1.05

ESET NOD32
Win32/Amonetize (variant)
8.9190

Fortinet FortiGate
W32/Amonetize.W
12/21/2013

IKARUS anti.virus
not-a-virus:Downloader.Win32.Agent
t3scan.2.2.29

K7 AntiVirus
Trojan
13.174.10588

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.4585

Malwarebytes
PUP.Optional.InstallMonetizer
v2013.12.21.10

McAfee
Artemis!3492E93A345F
5600.7274

NANO AntiVirus
Riskware.Win32.Amonetize.cqucgg
0.28.0.57029

Reason Heuristics
PUP.Installer.ShetefSolutionsConsulting1998.v
14.8.8.3

Sophos
Generic PUA EN
4.96

Trend Micro House Call
TROJ_GEN.F47V1203
7.2.5

Vba32 AntiVirus
AdWare.Amonetize
3.12.24.3

VIPRE Antivirus
Amonetize
24658

File size:
149.6 KB (153,216 bytes)

Product version:
2.1.12

Copyright:
(c) Amônétízé Ltd, 2012,2013. All rights reserved.

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\grasu xxl feat ami deja vu__3515_i168818161_il6172674.exe

Digital Signature
Signed by:
Shetef Solutions & Consulting (1998) Ltd.

Authority:
Thawte, Inc.

Valid from:
7/23/2013 3:00:00 AM

Valid to:
7/24/2014 2:59:59 AM

Subject:
CN=Shetef Solutions & Consulting (1998) Ltd., O=Shetef Solutions & Consulting (1998) Ltd., L=Rannana, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7C23DBB97FAFBB9D28D413F836202024

File PE Metadata
Compilation timestamp:
12/3/2013 4:46:37 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:mTpCgrFqKJpjtIVyH0dspbze6xpCBQyd1k9rM2CeclEoJxL//Bwv/:m9Prvjt+yUdshe6xpCrUwe6EW/pG/

Entry address:
0x59B00

Entry point:
60, BE, 00, A0, 43, 00, 8D, BE, 00, 70, FC, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA]

Code size:
128 KB (131,072 bytes)

The file grasu xxl feat ami deja vu__3515_i168818161_il6172674.exe has been seen being distributed by the following 13 URLs.

http://download.aminst.net/.../get.php?q=Aasman Pe Likha&ti1=940000&ti2=0&ti3=2013-12-05T13:02:32.618006 00:00

http://www.worthdownload.com/download.php?version=1.1.5.98&campid=3515&instid[appname]=Breaking.Bad.S01E04.DVDRip.XviD ORPHEUS.avi.mp4_Downloader&instid[appsetupurl]=http://download.aminst.net/d1/setup.exe&instid[cmdline]=/S&instid[appimageurl]=http://download.aminst.net/d1/logo150x150.png&prefix=Breaking.Bad.S01E04.DVDRip.XviD ORPHEUS.avi.mp4&instid[thankyoupage]=http://download.aminst.net/.../thank_you.php?ti1=500000&ti2=0&ti3=2013-12-05T01:14:08.470821 00:00&parameter=Breaking.Bad.S01E04.DVDRip.XviD ORPHEUS.avi.mp4&instid[interrupted]=http://download.aminst.net/.../interrupted.php?ti1=500000&ti2=0&ti3=2013-12-05T01:14:08.470821 00:00&parameter=Breaking.Bad.S01E04.DVDRip.XviD ORPHEUS.avi.mp4&ti1=500000&ti2=0&ti3=2013-12-05T01:14:08.470821 00:00

http://download.aminst.net/.../get.php?q=Breaking.Bad.S01E04.DVDRip.XviD-ORPHEUS.avi.mp4&ti1=500000&ti2=0&ti3=2013-12-05T01:14:08.470821 00:00

http://www.worthdownload.com/download.php?version=1.1.5.98&campid=3516&instid[appname]=locnville dreamcatcher_Downloader&instid[appsetupurl]=http://download.aminst.net/d1/setup.exe&instid[cmdline]=/S&instid[appimageurl]=http://download.aminst.net/d1/logo150x150.png&prefix=locnville dreamcatcher&instid[thankyoupage]=http://download.aminst.net/.../thank_you.php?ti1=1135000&ti2=2&ti3=2013-12-04T16:04:51.334171 00:00&parameter=locnville dreamcatcher&instid[interrupted]=http://download.aminst.net/.../interrupted.php?ti1=1135000&ti2=2&ti3=2013-12-04T16:04:51.334171 00:00&parameter=locnville dreamcatcher&ti1=1135000&ti2=2&ti3=2013-12-04T16:04:51.334171 00:00

http://download.aminst.net/.../get.php?q=locnville_dreamcatcher&ti1=1135000&ti2=2&ti3=2013-12-04T16:04:51.334171 00:00

http://fb-hosting-apps.com/download.php?version=1.1.5.98&campid=3038&instid[appname]=Digital tutors introduction to camera animation in maya torrent_Downloader&instid[appsetupurl]=http://download.aminst.net/d1/setup.exe&instid[cmdline]=/S&instid[appimageurl]=http://download.aminst.net/d1/logo150x150.png&prefix=Digital tutors introduction to camera animation in maya torrent&instid[thankyoupage]=http://download.aminst.net/.../thank_you.php?ti1=700000&ti2=0&ti3=2013-12-05T12:16:10.578467 00:00&parameter=Digital tutors introduction to camera animation in maya torrent&instid[interrupted]=http://download.aminst.net/.../interrupted.php?ti1=700000&ti2=0&ti3=2013-12-05T12:16:10.578467 00:00&parameter=Digital tutors introduction to camera animation in maya torrent&ti1=700000&ti2=0&ti3=2013-12-05T12:16:10.578467 00:00

http://download.aminst.net/.../get.php?q=Digital tutors introduction to camera animation in maya -torrent&ti1=700000&ti2=0&ti3=2013-12-05T12:16:10.578467 00:00

http://www.worthdownload.com/download.php?version=1.1.5.98&campid=3515&instid[appname]=Enemies.Closer.2013.DVDRip.X264.AC3 PLAYNOW.mkv_Downloader&instid[appsetupurl]=http://download.aminst.net/d1/setup.exe&instid[cmdline]=/S&instid[appimageurl]=http://download.aminst.net/d1/logo150x150.png&prefix=Enemies.Closer.2013.DVDRip.X264.AC3 PLAYNOW.mkv&instid[thankyoupage]=http://download.aminst.net/.../thank_you.php?ti1=500000&ti2=0&ti3=2013-12-03T16:05:05.813031 00:00&parameter=Enemies.Closer.2013.DVDRip.X264.AC3 PLAYNOW.mkv&instid[interrupted]=http://download.aminst.net/.../interrupted.php?ti1=500000&ti2=0&ti3=2013-12-03T16:05:05.813031 00:00&parameter=Enemies.Closer.2013.DVDRip.X264.AC3 PLAYNOW.mkv&ti1=500000&ti2=0&ti3=2013-12-03T16:05:05.813031 00:00

http://download.aminst.net/.../get.php?q=Enemies.Closer.2013.DVDRip.X264.AC3-PLAYNOW.mkv&ti1=500000&ti2=0&ti3=2013-12-03T16:05:05.813031 00:00

http://www.worthdownload.com/download.php?version=1.1.5.98&campid=3516&instid[appname]=Yukon.Gold.S01E03.HDTV.x264 KILLERS.mp4.flv_Downloader&instid[appsetupurl]=http://download.aminst.net/d1/setup.exe&instid[cmdline]=/S&instid[appimageurl]=http://download.aminst.net/d1/logo150x150.png&prefix=Yukon.Gold.S01E03.HDTV.x264 KILLERS.mp4.flv&instid[thankyoupage]=http://download.aminst.net/.../thank_you.php?ti1=500000&ti2=0&ti3=2013-12-04T17:45:15.680152 00:00&parameter=Yukon.Gold.S01E03.HDTV.x264 KILLERS.mp4.flv&instid[interrupted]=http://download.aminst.net/.../interrupted.php?ti1=500000&ti2=0&ti3=2013-12-04T17:45:15.680152 00:00&parameter=Yukon.Gold.S01E03.HDTV.x264 KILLERS.mp4.flv&ti1=500000&ti2=0&ti3=2013-12-04T17:45:15.680152 00:00

http://download.aminst.net/.../get.php?q=Yukon.Gold.S01E03.HDTV.x264-KILLERS.mp4.flv&ti1=500000&ti2=0&ti3=2013-12-04T17:45:15.680152 00:00

http://download.aminst.net/.../get.php?q=[Anime-ITA] Time Bokan Revival (Yattaman) [www.tntvillage.org]&ti1=400000&ti2=4&ti3=2013-12-04T22:57:05.139135 00:00

http://www.worthdownload.com/download.php?version=1.1.5.98&campid=3038&instid[appname]=[Anime ITA] Time Bokan Revival (Yattaman) [www.tntvillage.org]_Downloader&instid[appsetupurl]=http://download.aminst.net/d1/setup.exe&instid[cmdline]=/S&instid[appimageurl]=http://download.aminst.net/d1/logo150x150.png&prefix=[Anime ITA] Time Bokan Revival (Yattaman) [www.tntvillage.org]&instid[thankyoupage]=http://download.aminst.net/.../thank_you.php?ti1=400000&ti2=4&ti3=2013-12-04T22:57:05.139135+00:00&parameter=[Anime ITA] Time Bokan Revival (Yattaman) [www.tntvillage.org]&instid[interrupted]=http://download.aminst.net/.../interrupted.php?ti1=400000&ti2=4&ti3=2013-12-04T22:57:05.139135+00:00&parameter=[Anime ITA] Time Bokan Revival (Yattaman) [www.tntvillage.org]&ti1=400000&ti2=4&ti

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.