home

keywordrequest__7934_il102766.exe

ITL-GROUP LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application keywordrequest__7934_il102766.exe by ITL-GROUP has been detected as adware by 27 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
ITL-GROUP LLC  (signed and verified)

Version:
1.1.5.90

MD5:
caf9a4b843b7b1ce6e942380923f137e

SHA-1:
3594707b07abffda33eee569fb80a1055cd8cefa

SHA-256:
558f4dfab92bbcc97a3a70edc1c5bf1c4f751fb6d86414e359498eb2e8b19c60

Scanner detections:
27 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 10:42:24 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Strictor.68509
784

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.11.19

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.186.230

avast!
Win32:Adware-gen [Adw]
2014.9-141212

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.141212

Bitdefender
Gen:Variant.Adware.Strictor.68509
1.0.20.1730

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.68509
8.14.12.12.11

ESET NOD32
Win32/Amonetize.BP (variant)
8.10742

Fortinet FortiGate
Riskware/Amonetize
12/12/2014

F-Secure
Gen:Variant.Adware.Strictor.68509
11.2014-12-12_6

G Data
Gen:Variant.Adware.Strictor.68509
14.12.24

McAfee
Artemis!CAF9A4B843B7
5600.6918

MicroWorld eScan
Gen:Variant.Adware.Strictor.68509
15.0.0.1038

Panda Antivirus
Generic Suspicious
14.12.12.11

Reason Heuristics
PUP.Installer.ITLGROUP.DD
14.12.12.23

Sophos
Generic PUA DF
4.98

Trend Micro House Call
Suspicious_GEN.F47V1117
7.2.346

VIPRE Antivirus
Trojan.Win32.Generic
34894

File size:
400.7 KB (410,344 bytes)

Product version:
1.1.5.90

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\keywordrequest__7934_il102766.exe

Digital Signature
Signed by:
ITL-GROUP LLC

Authority:
Thawte, Inc.

Valid from:
10/20/2014 1:00:00 AM

Valid to:
10/21/2015 12:59:59 AM

Subject:
CN=ITL-GROUP LLC, O=ITL-GROUP LLC, L=Selyshche Doslidne, S=Selyshche Doslidne, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
080AA229F6377F023DF6C8F878AC3719

File PE Metadata
Compilation timestamp:
11/17/2014 7:03:11 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:4ObXg1NEP3X316B+9johrdT36kVCMn0AmuGvzChtJEyFtQfRyZpA/8fU:4fcn16B+KdTVNnfiveht2yFn28s

Entry address:
0x24A64

Entry point:
E8, 7E, AB, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, E0, D9, 44, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 6C, D0, 43, 00, 33, C0, 39, 5D, 28, 53, 53, FF, 75, 18, 0F, 95, C0, FF, 75, 14, 8D, 04, C5, 01, 00, 00, 00, 50, FF, 75, 24, FF, D6, 8B, F8, 89...
 
[+]

Entropy:
6.6873

Code size:
237.5 KB (243,200 bytes)

The file keywordrequest__7934_il102766.exe has been seen being distributed by the following URL.

http://v4download.com/download.php?id=dorely&title=keyword_request

Remove keywordrequest__7934_il102766.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.