iwantthis_us.exe

I Want This

215 Apps

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application iwantthis_us.exe, “I Want This Installer” by 215 Apps has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.
Remove iwantthis_us.exe - Powered by Reason Core Security
Publisher:
215 Apps  (signed and verified)

Product:
I Want This

Description:
I Want This Installer

Version:
1.9.146.147

MD5:
8a57b8b2e0f0c2ebabccaefdb3ec23cc

SHA-1:
95b6b25088053285692ac42d7a65c95162487e32

SHA-256:
8f6915c5d376c17e76f612a770805c381bfc5293a75f0442368d4019d097dcd2

Scanner detections:
15 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
12/8/2016 7:14:09 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
SmartShopper.K
2015.0.3447

Baidu Antivirus
Trojan.Win32.Toolbar
4.0.3.14610

Comodo Security
Heur.Suspicious
17137

Dr.Web
Adware.GamePlayLabs.17
9.0.1.0161

ESET NOD32
Win32/Toolbar.CrossRider (variant)
8.8943

F-Prot
W32/GamePlay.D.gen
v6.4.7.1.166

K7 AntiVirus
Adware
13.173.9916

Kingsoft AntiVirus
VIRUS_UNKNOWN
331020.49267

Malwarebytes
Adware.GamePlayLabs
v2014.06.10.01

Quick Heal
Adware.Crossid (Not a Virus)
6.14.12.00

Reason Heuristics
PUP.Installer.215Apps.M
14.8.7.17

Sophos
AppRider
4.93

Trend Micro House Call
ADW_GAMEPLAYLABS
7.2.161

Trend Micro
ADW_GAMEPLAYLABS
10.465.10

VIPRE Antivirus
GamePlayLabs
22588

Remove iwantthis_us.exe - Powered by Reason Core Security
File size:
1.9 MB (2,010,944 bytes)

Copyright:
Copyright 215 Apps

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\iwantthis_us.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
10/24/2011 8:00:00 PM

Valid to:
10/24/2012 7:59:59 PM

Subject:
CN=215 Apps, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=215 Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4D064A782BC23A29CC9B8499A9F4AFB4

File PE Metadata
Compilation timestamp:
1/5/2010 7:09:27 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
49152:X8tPzkdYt+6BBE5TNOG1LxcsN/exbpLH5CfizjnsH7NsaysE5T5t+6O:spzIYQMO0G1Lxd/ephZ9zjntaDO5Qx

Entry address:
0x3E13

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, E8, 98, 52, 00, 00, C7, 04, 24, 01, 80, 00, 00, E8, 3C, 4F, 00, 00, 53, C7, 04, 24, 00, 00, 00, 00, E8, A7, 52, 00, 00, A3, 48, 5C, 42, 00, 51, C7, 04, 24, 08, 00, 00, 00, E8, 27, 32, 00, 00, A3, F8, 5C, 42, 00, 8D, 85, 84, FE, FF, FF, 52, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 4C, B2, 40, 00, E8, D1, 51, 00, 00, 83, EC, 14, C7, 44, 24, 04, 4D, B2, 40, 00, C7, 04, 24, 28, 5D...
 
[+]

Entropy:
7.9931  (probably packed)

Code size:
32.5 KB (33,280 bytes)

Remove iwantthis_us.exe - Powered by Reason Core Security