I Want This.exe

I Want This

Amazing Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application I Want This.exe by Amazing Apps has been detected as adware by 26 anti-malware scanners. This file is typically installed with the program I Want This by 215 Apps which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
215 Apps  (signed by Amazing Apps)

Product:
I Want This

Description:
I Want This exe

Version:
1.1.149.57

MD5:
0d15d5851a9565eadb0acf9df9fab495

SHA-1:
74c8043b554c09247f36a73a4a4d1b43b35cf039

SHA-256:
ac0c6ac5b5d05894e21e34eb20db63cd3727733ae22cc5f8c0c265e1770c9993

Scanner detections:
26 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
4/25/2024 9:57:09 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.374109
357

Agnitum Outpost
PUA.Toolbar.CrossRider
7.1.1

avast!
Win32:Crossrider-AI [PUP]
2014.9-160212

AVG
Toolbar.Crossrider.P
2017.0.2835

Baidu Antivirus
Adware.Win32.CrossRider
4.0.3.16212

Bitdefender
Gen:Variant.Adware.Kazy.374109
1.0.20.215

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Plugin.929
9.0.1.043

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.374109
8.16.02.12.07

ESET NOD32
Win32/Toolbar.CrossRider (variant)
10.9882

F-Secure
Gen:Variant.Adware.Kazy.374109
11.2016-12-02_6

G Data
Gen:Variant.Adware.Kazy.374109
16.2.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.178.12278

Malwarebytes
Adware.GamePlayLabs
v2016.02.12.07

McAfee
Artemis!F7EF54DE67FA
5600.6491

MicroWorld eScan
Gen:Variant.Adware.Kazy.374109
17.0.0.129

NANO AntiVirus
Trojan.Win32.Generic.deinwe
0.30.0.65070

Quick Heal
Trojan.ZAgent.r5
2.16.14.00

Reason Heuristics
PUP.50OnRed.AmazingApps (M)
16.2.12.19

Sophos
AppRider
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Crossid
9327

Trend Micro House Call
TROJ_GEN.R0CBH05CJ14
7.2.43

Trend Micro
TROJ_GEN.R0CBC0OKI13
10.465.12

VIPRE Antivirus
GamePlayLabs
29870

Zillya! Antivirus
Backdoor.PePatch.Win32.67882
2.0.0.2290

File size:
430.9 KB (441,216 bytes)

Product version:
1.1.149.57

Copyright:
Copyright 2011

Original file name:
I Want This.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\i want this\i want this.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
5/1/2012 2:00:00 AM

Valid to:
5/2/2013 1:59:59 AM

Subject:
CN=Amazing Apps, O=Amazing Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2E307885017928B61D4F2CEF5EB10A05

File PE Metadata
Compilation timestamp:
3/20/2012 11:43:16 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:R4k3ViprBlWaQBDrIrUgbVDgmb33cEfpjUb15R9xrd8J:R4kWg0URXdc

Entry address:
0x41D23

Entry point:
E8, BA, 90, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, 74, D0, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, 40, 96, 46, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 44, A0, 45, 00...
 
[+]

Code size:
352.5 KB (360,960 bytes)

The file I Want This.exe has been discovered within the following program.

I Want This  by 215 Apps
I Want This (i want this.dll) is a web browser extension loaded with Internet Explorer via the I Want This BHO.
iw.antthis.com
88% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (52.216.65.74:80)

Remove I Want This.exe - Powered by Reason Core Security