home

monopoly3setup.exe

Installation-Wizard

dailytools GmbH

The application monopoly3setup.exe by dailytools GmbH has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.joosoft.com.
Publisher:
dailytools GmbH  (signed and verified)

Product:
Installation-Wizard

Version:
1.0.0.5

MD5:
516d09f4b9f6ad821981adbf6b34885b

SHA-1:
5ae2d7952a658798dc315b78454a950261bd1303

SHA-256:
fec56a2f52d8868de943cd56f90f2799819405fe0ee993d7301dbe8ae084a6c4

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/26/2024 10:16:18 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.dailytools.Installer (M)
16.1.25.18

File size:
730 KB (747,512 bytes)

Product version:
1.0.0.5

Copyright:
(c) Dailytools GmbH. All rights reserved.

Original file name:
install.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\monopoly3setup.exe

Digital Signature
Signed by:
dailytools GmbH

Authority:
DigiCert Inc

Valid from:
3/31/2014 2:00:00 AM

Valid to:
6/1/2017 2:00:00 PM

Subject:
CN=dailytools GmbH, O=dailytools GmbH, L=Zug, S=Zug, C=CH, PostalCode=6300, STREET=Unter Altstadt 10, SERIALNUMBER=CHE-202.738.833, OID.1.3.6.1.4.1.311.60.2.1.3=CH, OID.2.5.4.15=Private Organization

Issuer:
CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0B9A96E11B57D155C12F7811BF1B8CF3

File PE Metadata
Compilation timestamp:
7/26/2014 12:55:09 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:DjH6gpRCK3/J3GgvJQ50cAIvga0zgK51577dKClGFW:DjH6gpR//J3TD1IX0zgKf77drGFW

Entry address:
0x344C8

Entry point:
E8, 76, 73, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 85, F6, 75, 04, 33, C0, EB, 61, 83, 7D, 08, 00, 75, 13, E8, 86, 2F, 00, 00, 6A, 16, 5E, 89, 30, E8, 70, 75, 00, 00, 8B, C6, EB, 48, 83, 7D, 10, 00, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, 0D, 23, 00, 00, 83, C4, 0C, EB, C7, FF, 75, 0C, 6A, 00, FF, 75, 08, E8, 6B, 26, 00, 00, 83, C4, 0C, 83, 7D, 10, 00, 74, BB, 39, 75, 0C, 73, 0E, E8, 3C, 2F, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, B2, 6A, 16, 58, 5E, 5D, C3, 8B...
 
[+]

Code size:
319 KB (326,656 bytes)

The file monopoly3setup.exe has been seen being distributed by the following URL.

http://www.joosoft.com/de/.../monopoly

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ec2-54-228-203-27.eu-west-1.compute.amazonaws.com  (54.228.203.27:80)

Remove monopoly3setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.