» mommygotboobs.amy.anderssen.itchin.for.a.petition.torrent__6427_il4666373.exe
Overview
Analysis
File Details
Downloads (2)
Network (2)

mommygotboobs.amy.anderssen.itchin.for.a.petition.torrent__6427_il4666373.exe

Installer

The application mommygotboobs.amy.anderssen.itchin.for.a.petition.torrent__6427_il4666373.exe has been detected as a potentially unwanted program by 31 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.specificdownload.com and multiple other hosts. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

Product:

Installer

Version:

1.1.6.20

MD5:

e13bfae7ca824d2c5a5bae06c3ae410a

SHA-1:

206f3c8dac498c4386508628ae69d5b10166b694

SHA-256:

eeffc994bd7fee151b74eee83e6f0bf80d84c70e24dc54dcff359972542bf2f9

Scanner detections:

31 / 68

Status:

Potentially unwanted

Analysis date:

4/23/2024 7:23:10 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11011167

968

Agnitum Outpost

PUA.Downloader

7.1.1

AhnLab V3 Security

PUP/Win32.Amonetiz

2014.02.28

Avira AntiVirus

ADWARE/Adware.Gen2

7.11.133.236

avast!

Win32:Amonetize-F [PUP]

2014.9-140228

Baidu Antivirus

Adware.Win32.Amonetize

4.0.3.14228

Bitdefender

Trojan.Generic.11011167

1.0.20.815

Comodo Security

ApplicUnwnt

18428

Dr.Web

Adware.Downware.2160

9.0.1.059

Emsisoft Anti-Malware

Trojan.Generic.11011167

8.14.06.12.01

ESET NOD32

Win32/Amonetize.AG (variant)

8.9480

Fortinet FortiGate

Riskware/GameHack

2/28/2014

F-Secure

Trojan.Generic.11011167

11.2014-12-06_5

G Data

Win32.Application.Amonetize

14.2.24

IKARUS anti.virus

AdWare.Amonetize

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.178.12292

Kaspersky

not-a-virus:Downloader.Win32.Agent

14.0.0.3725

Malwarebytes

PUP.Optional.Amonetize.A

v2014.02.28.11

McAfee

Artemis!5FA48B32329F

5600.7102

MicroWorld eScan

Trojan.Generic.11011167

15.0.0.489

NANO AntiVirus

Trojan.Win32.Agent.cuozeg

0.28.0.60100

nProtect

Trojan.Generic.11011167

14.06.03.01

Panda Antivirus

Trj/CI.A

14.06.12.01

Qihoo 360 Security

Win32/Virus.Downloader.d61

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.6.12.1

Rising Antivirus

PE:Malware.Adware!6.1574

23.00.65.14610

Sophos

Amonetize

4.98

Trend Micro House Call

TROJ_GEN.F47V0227

7.2.59

Trend Micro

TROJ_SPNR.08C314

10.465.12

Vba32 AntiVirus

Downloader.Agent.bjqv

3.12.26.0

VIPRE Antivirus

Trojan-Downloader.Win32.Agent

29922

File size:

322.5 KB (330,240 bytes)

Product version:

2.1.12

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\mommygotboobs.amy.anderssen.itchin.for.a.petition.torrent__6427_il4666373.exe

File PE Metadata

Compilation timestamp:

2/27/2014 7:10:41 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:JgfgnrvR1PfGCfuxe2eI87BCHTwTTDepm20CyjOUZLvHLoKYb0XmRpKR:JgInrvRJfGCmxe2eI8FCHGzjBL/LoKAI

Entry address:

0x26E64

Entry point:

E8, BC, 95, 00, 00, E9, 89, FE, FF, FF, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00, 00, 00, 8B, D1, 83, E1, 7F, C1, EA, 07, 74, 65, EB, 06, 8D, 9B, 00, 00, 00, 00, 66, 0F, 6F, 06, 66, 0F, 6F, 4E, 10, 66, 0F, 6F, 56, 20, 66, 0F, 6F, 5E, 30, 66, 0F, 7F, 07, 66, 0F, 7F, 4F, 10, 66, 0F, 7F, 57, 20, 66, 0F, 7F, 5F, 30, 66, 0F, 6F, 66, 40, 66, 0F, 6F, 6E, 50, 66, 0F, 6F, 76, 60, 66, 0F, 6F, 7E, 70, 66, 0F, 7F, 67, 40, 66, 0F, 7F, 6F, 50, 66, 0F, 7F, 77, 60, 66, 0F, 7F, 7F, 70, 8D, B6, 80, 00, 00, 00, 8D, BF... 
[+]

Code size:

228.5 KB (233,984 bytes)

The file mommygotboobs.amy.anderssen.itchin.for.a.petition.torrent__6427_il4666373.exe has been seen being distributed by the following 2 URLs.

http://www.specificdownload.com/download.php?version=1.1.6.20&prefix= Stronghold 3 Pc Game Free Download Full Version&campid=5582&instid[appname]= Stronghold 3 Pc Game Free Download Full Version&instid[thankyoupage]=&instid[appsetupurl]=&instid[interrupted]=&instid[appimageurl]=http://s3.amazonaws.com/.../downloadall.png

http://www.singulardownload.com/download.php?version=1.1.6.20&campid=6427&instid[appsetupurl]=&instid[cmdline]=&instid[appimageurl]=http://images.torrentfrancais.com/managerscreenshot.png&instid[thankyoupage]=http://www.torrentfrancais.com&instid[interrupted]=http://www.torrentfrancais.eu/.../&prefix=Mommygotboobs.amy.anderssen.itchin.for.a.petition.torrent&instid[appname]=Mommygotboobs.amy.anderssen.itchin.for.a.petition.torrent

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

Remove mommygotboobs.amy.anderssen.itchin.for.a.petition.torrent__6427_il4666373.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.