» i want thisgui.exe
Overview
Analysis
File Details
Programs (1)

i want thisgui.exe

I Want This

Amazing Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application i want thisgui.exe by Amazing Apps has been detected as adware by 27 anti-malware scanners. This file is typically installed with the program I Want This by 215 Apps which is a potentially unwanted software program. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.

File name:

i want thisgui.exe

Publisher:

215 Apps (signed by Amazing Apps)

Product:

I Want This

Description:

I Want This exe

Version:

1.1.143.50

MD5:

7cca6c472fc424a2022401c8f99f3e94

SHA-1:

7e72febb766b33ef9e799286f7f415bac0e9bdb0

SHA-256:

3de99f3bf809546e6daa9bae23a4fc86b8858574b6c6a654f9c3d7403fceea1f

Scanner detections:

27 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

4/26/2024 2:58:47 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.908120

364

Agnitum Outpost

PUA.Toolbar.CrossRider

7.1.1

Avira AntiVirus

Adware/Agent.2096984.1

7.11.113.0

AVG

SmartShopper.K

2017.0.2842

Baidu Antivirus

Adware.Win32.CrossAd

4.0.3.1625

Bitdefender

Adware.Generic.908120

1.0.20.180

Bkav FE

W32.Clod011.Trojan

1.3.0.4959

Comodo Security

UnclassifiedMalware

17485

Dr.Web

Adware.Plugin.14

9.0.1.036

Emsisoft Anti-Malware

Adware.Generic.519255

8.16.02.05.04

ESET NOD32

Win32/Toolbar.CrossRider.F potentially unwanted (variant)

10.11382

F-Prot

W32/GamePlay.D.gen

v6.4.7.1.166

F-Secure

Adware.Generic.908120

11.2016-05-02_6

G Data

Adware.Generic.519255

16.2.24

IKARUS anti.virus

AdWare.SuspectCRC

t3scan.1.6.1.0

K7 AntiVirus

Unwanted-Program

13.202.15395

Malwarebytes

PUP.CrossRider.BCA

v2016.02.05.04

McAfee

Artemis!ECF350A0E7E5

5600.6498

MicroWorld eScan

Adware.Generic.908120

17.0.0.108

NANO AntiVirus

Riskware.Win32.Plugin.dagozn

0.28.2.62671

Quick Heal

Adware.Crossid (Not a Virus)

2.16.12.00

Reason Heuristics

PUP.50OnRed.AmazingApps (M)

16.2.5.16

Sophos

AppRider

4.98

SUPERAntiSpyware

PUP.GamePlayLabs/Variant

9342

Trend Micro House Call

TROJ_GEN.R047H05D514

7.2.36

Trend Micro

TROJ_GEN.R0CBC0EIF13

10.465.05

VIPRE Antivirus

GamePlayLabs

19468

File size:

2 MB (2,096,000 bytes)

Product version:

1.1.143.50

Original file name:

I Want This.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\i want this\i want thisgui.exe

Digital Signature

Signed by:

Amazing Apps

Authority:

Thawte, Inc.

Valid from:

4/30/2012 7:00:00 PM

Valid to:

5/1/2013 6:59:59 PM

Subject:

CN=Amazing Apps, O=Amazing Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

2E307885017928B61D4F2CEF5EB10A05

File PE Metadata

Compilation timestamp:

11/23/2011 7:21:05 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:cC3Hfuya1T9bzNS+P2LkPobilcLqDrWxgx6r8DMG2Fqfk3YZGxHqF:c+fuya1T9vNSLLnbilOqDrWxgx634fkk

Entry address:

0xF6D90

Entry point:

E8, 79, 9F, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 20, 6A, 56, 00, 00, 75, 18, E8, F9, 96, 00, 00, 6A, 1E, E8, 43, 95, 00, 00, 68, FF, 00, 00, 00, E8, 71, FB, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, 20, 6A, 56, 00, FF, 15, 58, A2, 51, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, 24, 6A, 56, 00, 74, 0D, 53, E8, F0, 92, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, D4, 08, 00, 00, 89, 30, E8, CD, 08, 00, 00, 89... 
[+]

Code size:

1.1 MB (1,150,976 bytes)

The file i want thisgui.exe has been discovered within the following program.

I Want This by 215 Apps

I Want This (i want this.dll) is a web browser extension loaded with Internet Explorer via the I Want This BHO.

iw.antthis.com

88% remove it

Remove i want thisgui.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.