» mxkeyemulator.rar__15047_i1755716679_il464888.exe
Overview
Analysis
File Details

mxkeyemulator.rar__15047_i1755716679_il464888.exe

LLC

The application mxkeyemulator.rar__15047_i1755716679_il464888.exe by LLC has been detected as adware by 9 anti-malware scanners. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Publisher:

LLC (signed and verified)

Version:

1.1.5.26

MD5:

a65fbc3fed4e73a3616d2b851729b225

SHA-1:

1bc2ece2c07a8aa7dc1bc13e0ed5f9a5e8ecb904

SHA-256:

3fe99922fb29848fac9e8bb34e063adab909d25fa919b72c369b13dd3186af03

Scanner detections:

9 / 68

Status:

Adware

Analysis date:

5/7/2024 10:58:38 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Dropper.Gen

8.3.2.4

AVG

Generic

2016.0.2909

ESET NOD32

Win32/Amonetize.LV potentially unwanted (variant)

9.12615

Malwarebytes

PUP.Optional.Amonetize

v2015.12.01.06

NANO AntiVirus

Trojan.Win32.Amonetize.dytukr

0.30.26.4751

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1077

Reason Heuristics

PUP.Amonitize.Installer (M)

15.12.1.6

SUPERAntiSpyware

PUP.Amonetize/Variant

9474

VIPRE Antivirus

Amonetize

45394

File size:

1.1 MB (1,177,776 bytes)

Product version:

1.1.5.26

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\programs\mxkeyemulator.rar__15047_i1755716679_il464888.exe

Digital Signature

Signed by:

LLC

Authority:

COMODO CA Limited

Valid from:

9/18/2015 5:00:00 PM

Valid to:

9/18/2016 4:59:59 PM

Subject:

CN="LLC ""KIPER - SOFT""", O="LLC ""KIPER - SOFT""", STREET=Bud. 6 vul.Pryashivska-Bichna, L=Mukacheve, S=Zakarpatska, PostalCode=89600, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00974D43D1437CC68DB94B6DEBA5289FEC

File PE Metadata

Compilation timestamp:

11/24/2015 2:15:09 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:eQ1VGPZY/am8e9GBArdjW2GXrSkzd5zS9rh/UQ:eQ1MRYwqGBepomod5zSVhMQ

Entry address:

0x426B

Entry point:

E8, 07, 23, 00, 00, E8, 00, 00, 00, 00, 50, B8, 18, FE, FF, FF, 03, 44, 24, 04, 89, 44, 24, 04, 58, C3, E8, 00, 00, 00, 00, 50, B8, BB, 29, 00, 00, 03, 44, 24, 04, 89, 44, 24, 04, 58, C3, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 5F, 00, 00, 00, C7, 06, 40, C4, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 5F, 00, 00, 00, C7, 06, 40, C4, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, A0, 00, 00, 00, C7, 06, 28, C4, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00... 
[+]

Entropy:

7.6919

Code size:

101 KB (103,424 bytes)

Remove mxkeyemulator.rar__15047_i1755716679_il464888.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.