» I Want This.exe
Overview
Analysis
File Details
Programs (1)
Network (1)

I Want This.exe

I Want This

215 Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application I Want This.exe by 215 Apps has been detected as adware by 30 anti-malware scanners. This file is typically installed with the program I Want This by 215 Apps which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

I Want This.exe

Publisher:

215 Apps (signed and verified)

Product:

I Want This

Description:

I Want This exe

Version:

1.1.149.43

MD5:

288a0bbb8c1047f9218bd180b36008e5

SHA-1:

d35df7fdf2b92ac2bb800063c19d5e630812fcf6

SHA-256:

886770ce56eb23702d580ed542fb6c8fdf497e2146c45878bed430da6adcb239

Scanner detections:

30 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

4/24/2024 6:37:45 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Kazy.374109

374

Agnitum Outpost

PUA.Toolbar.CrossRider

7.1.1

Avira AntiVirus

TR/Drop.Softomat.AN

7.11.30.172

avast!

Win32:Crossrider-AI [PUP]

2014.9-160126

AVG

SmartShopper.K

2017.0.2852

Baidu Antivirus

Trojan.Win32.Toolbar.CrossRider

4.0.3.16126

Bitdefender

Gen:Variant.Adware.Kazy.374109

1.0.20.130

Bkav FE

W32.Clodd93.Trojan

1.3.0.4613

Boost by Reason

Optional.215Apps

188838

Comodo Security

UnclassifiedMalware

18531

Dr.Web

Trojan.Crossrider1.24157

9.0.1.026

Emsisoft Anti-Malware

Gen:Variant.Adware.Kazy.374109

8.16.01.26.07

ESET NOD32

Win32/Toolbar.CrossRider (variant)

10.8896

F-Secure

Gen:Variant.Adware.Kazy.374109

11.2016-26-01_3

G Data

Gen:Variant.Adware.Kazy.374109

16.1.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.7.5.0

K7 AntiVirus

Unwanted-Program

13.1712333

Kaspersky

not-a-virus:HEUR:AdWare.Win32.Agent

14.0.0.756

Malwarebytes

Adware.GamePlayLabs

v2016.01.26.07

McAfee

Artemis!B3F0DAC17AA9

5600.6508

MicroWorld eScan

Gen:Variant.Adware.Kazy.374109

17.0.0.78

Panda Antivirus

Trj/CI.A

16.01.26.07

Quick Heal

Adware.Crossid (Not a Virus)

1.16.12.00

Reason Heuristics

PUP.50OnRed.215Apps (M)

16.1.26.19

Sophos

AppRider

4.93

SUPERAntiSpyware

Trojan.Agent/Gen-Crossid

9361

Trend Micro House Call

ADW_CROSSID

7.2.26

Trend Micro

ADW_CROSSID

10.465.26

VIPRE Antivirus

GamePlayLabs

22226

Zillya! Antivirus

Backdoor.PePatch.Win32.67882

2.0.0.2193

File size:

431.8 KB (442,200 bytes)

Product version:

1.1.149.43

Original file name:

I Want This.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\i want this\i want this.exe

Digital Signature

Signed by:

215 Apps

Authority:

VeriSign, Inc.

Valid from:

10/25/2011 2:00:00 AM

Valid to:

10/25/2012 1:59:59 AM

Subject:

CN=215 Apps, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=215 Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4D064A782BC23A29CC9B8499A9F4AFB4

File PE Metadata

Compilation timestamp:

3/20/2012 11:43:16 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:V4k3ViprBlWaQBDrIrUgbVDgmb33cEfpjUb15R9xrd87:V4kWg0URXd+

Entry address:

0x41D23

Entry point:

E8, BA, 90, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, 74, D0, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, 40, 96, 46, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 44, A0, 45, 00... 
[+]

Code size:

352.5 KB (360,960 bytes)

The file I Want This.exe has been discovered within the following program.

I Want This by 215 Apps

I Want This (i want this.dll) is a web browser extension loaded with Internet Explorer via the I Want This BHO.

iw.antthis.com

88% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to s3-website-us-east-1.amazonaws.com (52.216.17.218:80)

Remove I Want This.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.