» privacyproteclp__8622_i997172588_il88.exe
Overview
Analysis
File Details
Downloads (1)

privacyproteclp__8622_i997172588_il88.exe

Ukra-2006 LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application privacyproteclp__8622_i997172588_il88.exe by Ukra-2006 has been detected as adware by 26 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Publisher:

Ukra-2006 LLC (signed and verified)

Version:

1.1.1.72

MD5:

6620c61ed40ad0d572d4103d87504e8d

SHA-1:

fc26cf7d9a2b4d1d631809a3689072ac03ccedd6

SHA-256:

d2f1572e92f677815e1901982388eb7fab532ceb2f216d08e8bb400155033f38

Scanner detections:

26 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/19/2024 12:30:19 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.Amonetize.8

566

Agnitum Outpost

PUA.Amonetize

7.1.1

AhnLab V3 Security

PUP/Win32.Amonetiz

2014.08.20

Avira AntiVirus

ADWARE/Adware.Gen

7.11.167.238

avast!

Win32:Amonetize-CK [PUP]

2014.9-150719

AVG

Ukra

2016.0.3044

Bitdefender

Gen:Variant.Application.Bundler.Amonetize.8

1.0.20.1000

Clam AntiVirus

Win.Adware.Graftor-163

0.98/21411

Dr.Web

Adware.Downware.5546

9.0.1.0200

ESET NOD32

Win32/Amonetize.BF.gen (variant)

9.10280

Fortinet FortiGate

Adware/Amonetize

7/19/2015

F-Secure

Gen:Variant.Application.Bundler

11.2015-19-07_1

G Data

Gen:Variant.Application.Bundler.Amonetize

15.7.24

IKARUS anti.virus

PUA.Bundler.Amonetize

t3scan.1.7.5.0

K7 AntiVirus

Trojan

13.183.13098

Kaspersky

not-a-virus:AdWare.Win32.Amonetize

14.0.0.1715

McAfee

Artemis!6620C61ED40A

5600.6700

MicroWorld eScan

Gen:Variant.Application.Bundler.Amonetize.8

16.0.0.600

NANO AntiVirus

Riskware.Win32.Amonetize.dbyopz

0.28.2.61721

Panda Antivirus

Trj/CI.A

15.07.19.12

Quick Heal

AdWare.Amonetize.r5 (Not a Virus)

7.15.14.00

Reason Heuristics

PUP.Amonetize.Ukra2006.Bundler (M)

15.7.19.0

Sophos

Generic PUA PM

4.98

Trend Micro House Call

TROJ_GEN.F0C2H00HB14

7.2.200

Vba32 AntiVirus

AdWare.Amonetize

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

32354

File size:

309.2 KB (316,624 bytes)

Product version:

1.1.1.72

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

TUGUU DomaIQ Setup

Language:

English (United States)

Common path:

C:\users\{user}\downloads\privacyproteclp__8622_i997172588_il88.exe

Digital Signature

Signed by:

Ukra-2006 LLC

Authority:

Thawte, Inc.

Valid from:

6/30/2014 7:00:00 PM

Valid to:

7/1/2015 6:59:59 PM

Subject:

CN=Ukra-2006 LLC, O=Ukra-2006 LLC, L=Kharkiv, S=Harkivska obl, C=UA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

2B3200D1AF3CAC4253C00F000EF4BAB9

File PE Metadata

Compilation timestamp:

7/1/2014 1:21:33 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:Dhil6grauhUTBVKXelQ7urKHhiM6jp8mGhkgVS/9K41:D6HauhUTO/7xHhifXGhGK41

Entry address:

0xC435

Entry point:

E8, 33, 47, 00, 00, E9, 89, FE, FF, FF, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 1C, DD, 41, 00, 00, 75, 18, E8, D8, 3D, 00, 00, 6A, 1E, E8, 22, 3C, 00, 00, 68, FF, 00, 00, 00, E8, 37, F6, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, 1C, DD, 41, 00, FF, 15, F0, 40, 41... 
[+]

Entropy:

7.4536

Code size:

74.5 KB (76,288 bytes)

The file privacyproteclp__8622_i997172588_il88.exe has been seen being distributed by the following URL.

http://ads.displayincloud.com/event/click/0/jsPG1NJNn84hAZgSEYg5JQa40FSfic_pYhu3_7sVAfgqDVK2rn5nkatXd0VHmnZVoJrjOWxW2a24BGJFDfNqiCbV5wIxv2HnuDw18Xnmu_-31pkNNABgY-VEvQQ5Tpk_1Wb4MrT3HbxZfpF6rd70q3qvuyk8BVaFyOoux0qBrlvDtj7g0ZOypVFN3xrIkpzI-AscJP0evOC1WLUyRpXzMGEqArQKXPCNT5NHkHMQkv04VkVR0GeEp8zd2Jsk0arOuVCcEkIVE5Mb8dxjfaNT-7M-1Goj5tlZ_B1JdN7sBWunrZGVcX0QI4wOIuCKq-YmtJGZKiptp-SflZ009aUJ81KaTUKeAAW5rmQN2NwbulU2HoFGSBnIxu92PKzSbAydJKXPYSs2Z7kpi0F03ivK2Q3KhvInhp6VsQS7/.../

Remove privacyproteclp__8622_i997172588_il88.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.