home

mediaplayer__3936_il446.exe

LLC BK UKRBUDMONTAZH

The application mediaplayer__3936_il446.exe by LLC BK UKRBUDMONTAZH has been detected as adware by 16 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. It is also typically executed from the user's temporary directory.
Publisher:
LLC BK UKRBUDMONTAZH  (signed and verified)

Version:
1.1.5.90

MD5:
44ca8eaffdb29201679ab3770b1b9eb4

SHA-1:
93ac51b07c989c9df98d9f2fbd016caf370d2b17

SHA-256:
5e2edf78d165dc1c140f2830d2a164ddae548f9d1596c51eda62fac7e24c32e0

Scanner detections:
16 / 68

Status:
Adware

Analysis date:
4/23/2024 12:51:16 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Amonetize.26
675

AhnLab V3 Security
PUP/Win32.Amonetiz
2015.04.01

Avira AntiVirus
ADWARE/Adware.Gen2
3.6.1.96

AVG
Generic
2016.0.3153

Bitdefender
Gen:Variant.Application.Bundler.Amonetize.26
1.0.20.450

Clam AntiVirus
Win.Adware.Amonetize-370
0.98/20278

Emsisoft Anti-Malware
Gen:Variant.Strictor.79179
8.15.03.31.11

ESET NOD32
Win32/Amonetize.EA potentially unwanted (variant)
9.11405

F-Secure
Gen:Variant.Strictor.79179
11.2015-31-03_3

G Data
Gen:Variant.Strictor.79179
15.3.25

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.2250

MicroWorld eScan
Gen:Variant.Strictor.79179
16.0.0.270

Panda Antivirus
Trj/Genetic.gen
15.04.02.11

Reason Heuristics
PUP.Installer.Amonitize
15.4.2.1

Sophos
Generic PUA JE
4.98

VIPRE Antivirus
Threat.4657539
38950

File size:
1.2 MB (1,286,672 bytes)

Product version:
1.1.5.90

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\mediaplayer__3936_il446.exe

Digital Signature
Signed by:
LLC BK UKRBUDMONTAZH

Authority:
COMODO CA Limited

Valid from:
3/1/2015 6:00:00 PM

Valid to:
3/1/2016 5:59:59 PM

Subject:
CN=LLC BK UKRBUDMONTAZH, O=LLC BK UKRBUDMONTAZH, STREET="street Kartvelishvili, 7/2", L=Kiev, S=Kiev, PostalCode=03148, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
34E84A9E0132F026B71D20920D491DAC

File PE Metadata
Compilation timestamp:
3/31/2015 6:44:11 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:mT1q4aX71E9Q+bsk0CPGbyGbx+UouP/H8nLd8tyH2a/AkafEwR4msziY72qJ9sC8:mT1hkCPEML+8H2a/zwKziY7dWaIJZD

Entry address:
0xA960B

Entry point:
E8, 07, 03, 01, 00, E9, 89, FE, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 74, 2E, 50, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 74, 2E, 50, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B...
 
[+]

Entropy:
5.9279

Code size:
903.5 KB (925,184 bytes)

Remove mediaplayer__3936_il446.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.