home

mediaplayer__6469_i1415938359_il97.exe

ITL-GROUP LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application mediaplayer__6469_i1415938359_il97.exe by ITL-GROUP has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
ITL-GROUP LLC  (signed and verified)

Version:
1.1.5.55

MD5:
9bf0490d3eefb965c3e97d6eaa26d594

SHA-1:
ba95d949e83a626a0c87531f44b0a568e7ec6f8d

SHA-256:
4524f345f7f459b4518e46187294c9ab6912e5bcf866c8337d0ef006251dc2e9

Scanner detections:
17 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/25/2024 7:20:05 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Strictor.68509
741

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.12.02

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.189.196

avast!
Win32:Amonetize-GN [PUP]
2014.9-150125

AVG
Generic
2016.0.3219

Bitdefender
Gen:Variant.Adware.Strictor.68509
1.0.20.125

ESET NOD32
Win32/Amonetize.BP (variant)
9.10811

F-Secure
Gen:Variant.Adware.Strictor.68509
11.2015-25-01_1

G Data
Gen:Variant.Adware.Strictor.68509
15.1.24

IKARUS anti.virus
not-a-virus:AdWare.Amonetize
t3scan.1.8.3.0

K7 AntiVirus
Unwanted-Program
13.186.14198

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.2589

Malwarebytes
PUP.Optional.Amonetize
v2015.01.25.02

MicroWorld eScan
Gen:Variant.Adware.Strictor.68509
16.0.0.75

NANO AntiVirus
Riskware.Win32.Amonetize.djmhrz
0.28.6.63850

Panda Antivirus
Trj/CI.A
15.01.25.02

Reason Heuristics
PUP.Installer.ITLGROUP
15.1.25.2

File size:
411.2 KB (421,096 bytes)

Product version:
1.1.5.55

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\mediaplayer__6469_i1415938359_il97.exe

Digital Signature
Signed by:
ITL-GROUP LLC

Authority:
Thawte, Inc.

Valid from:
10/19/2014 8:00:00 PM

Valid to:
10/20/2015 7:59:59 PM

Subject:
CN=ITL-GROUP LLC, O=ITL-GROUP LLC, L=Selyshche Doslidne, S=Selyshche Doslidne, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
080AA229F6377F023DF6C8F878AC3719

File PE Metadata
Compilation timestamp:
12/1/2014 9:03:22 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:UtLaR0Qi6m0C6IUA7azCWSE3ByLUuN1UkgQmkJkUU0lN018RwyKaAPH6oYs:KLwFklh3azCWSE5kSwJrUcN7GH5

Entry address:
0x262A4

Entry point:
E8, 2E, AC, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, E0, 09, 45, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 6C, F0, 43, 00, 33, C0, 39, 5D, 28, 53, 53, FF, 75, 18, 0F, 95, C0, FF, 75, 14, 8D, 04, C5, 01, 00, 00, 00, 50, FF, 75, 24, FF, D6, 8B, F8, 89...
 
[+]

Entropy:
6.6835

Code size:
245.5 KB (251,392 bytes)

Remove mediaplayer__6469_i1415938359_il97.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.