» installer40__7934_il20618.exe
Overview
Analysis
File Details

installer40__7934_il20618.exe

The application installer40__7934_il20618.exe has been detected as a potentially unwanted program by 17 anti-malware scanners. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Version:

1.1.5.90

MD5:

6e14b3f86cd39804ec994374d69eaf28

SHA-1:

60a0feb446bc53c2bce684433224e09cddebbbcd

SHA-256:

ba38f5b47f2f285432ce6b52e5559c7b1efeb0ad9dd6cf6361d8d254e5b4f687

Scanner detections:

17 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 11:25:26 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Barys.82

707

AhnLab V3 Security

PUP/Win32.Amonetiz

2015.02.28

Avira AntiVirus

ADWARE/Adware.Gen2

7.11.212.236

Baidu Antivirus

PUA.Win32.Amonetize

4.0.3.15227

Bitdefender

Gen:Variant.Barys.82

1.0.20.290

Bkav FE

HW32.Packed

1.3.0.6379

Emsisoft Anti-Malware

Gen:Variant.Barys.82

8.15.02.27.11

ESET NOD32

Win32/Amonetize.EA potentially unwanted (variant)

9.11246

Fortinet FortiGate

Riskware/Amonetize

2/27/2015

F-Secure

Gen:Variant.Barys.82

11.2015-27-02_6

G Data

Gen:Variant.Barys.82

15.2.25

Kaspersky

not-a-virus:AdWare.Win32.Amonetize

14.0.0.2420

Malwarebytes

PUP.Optional.Amonetize

v2015.02.27.11

McAfee

Artemis!6E14B3F86CD3

5600.6841

MicroWorld eScan

Gen:Variant.Barys.82

16.0.0.174

Qihoo 360 Security

HEUR/QVM16.0.Malware.Gen

1.0.0.1015

Quick Heal

(Suspicious) - DNAScan

2.15.14.00

File size:

704.5 KB (721,408 bytes)

Product version:

1.1.5.90

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\installer40__7934_il20618.exe

File PE Metadata

Compilation timestamp:

2/25/2015 11:01:10 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:lgRKascgkQKdGcVRc66FOhFoVzSnbZ8LHn2tgWKQLCtyLnm+zAoelq8f1C7V7+mW:I++UCFoVzSnbZeHcLCti5Aoelq8NaIpb

Entry address:

0x102383

Entry point:

E9, E6, 42, 00, 00, E8, 6C, 8E, 00, 00, 39, 4D, D6, 0D, 36, AD, 5B, E7, 06, 2E, E5, FA, DA, F2, 86, 42, 93, 19, FA, 60, DA, 32, 15, 2E, C5, 01, B4, 1D, 22, FC, B4, 8F, 85, 84, B6, 65, 3B, 3B, 08, C9, D9, F4, CD, 62, D9, F3, DE, 55, DD, A0, F3, 2A, 6C, 66, 4F, 59, 78, C1, BB, 83, 70, 2F, F4, EE, 4C, 43, 86, A3, 75, 19, 14, 17, 65, BB, 97, 33, F3, CF, B5, 13, B2, FA, A3, 6B, 5A, 52, 63, 49, 94, 18, B9, F3, 75, 53, 66, 46, AA, A0, 68, D3, 98, 4C, EA, DD, 85, 37, 87, A6, 26, CB, E1, 42, 5D, E7, 5F, DA, E6, 90... 
[+]

Packer / compiler:

Xtreme-Protector v1.05

Code size:

353 KB (361,472 bytes)

Remove installer40__7934_il20618.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.