» professor green ft tori kelly lullaby__3818_il499482.exe
Overview
Analysis
File Details
Downloads (2)

professor green ft tori kelly lullaby__3818_il499482.exe

Shetef Solutions & Consulting (1998) Ltd.

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application professor green ft tori kelly lullaby__3818_il499482.exe by Shetef Solutions & Consulting (1998) has been detected as adware by 26 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.care-download.com and multiple other hosts.

File name:

Publisher:

Shetef Solutions & Consulting (1998) Ltd. (signed and verified)

Version:

1.1.5.26

MD5:

913b53c18770403e8acb09c909ce6331

SHA-1:

101a7918ec2ecdef7adf38c81eb372be6972c67b

SHA-256:

66afd6de6a030bc1516156cc495a5bdc536373b3ab6916c1be244098b5eed7c1

Scanner detections:

26 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

5/16/2025 7:06:00 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Graftor.161610

762

Agnitum Outpost

PUA.Amonetize

7.1.1

AhnLab V3 Security

PUP/Win32.Amonetize

2014.11.17

Avira AntiVirus

ADWARE/Adware.Gen4

7.11.186.112

AVG

Downloader.Generic14

2016.0.3240

Baidu Antivirus

Adware.Win32.Amonetize

4.0.3.1513

Bitdefender

Gen:Variant.Adware.Graftor.161610

1.0.20.15

Comodo Security

ApplicUnwnt

20101

Dr.Web

Adware.Downware.8876

9.0.1.03

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.161610

8.15.01.03.07

ESET NOD32

Win32/Amonetize.BY (variant)

9.10732

Fortinet FortiGate

Riskware/Amonetize

1/3/2015

F-Prot

W32/A-f8584296

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Graftor.161610

11.2015-03-01_7

G Data

Gen:Variant.Adware.Graftor.161610

15.1.24

IKARUS anti.virus

PUA.Amonetize

t3scan.1.8.3.0

K7 AntiVirus

Unwanted-Program

13.185.14021

Malwarebytes

PUP.Optional.Amonetize

v2015.01.03.07

McAfee

Artemis!913B53C18770

5600.6896

MicroWorld eScan

Gen:Variant.Adware.Graftor.161610

16.0.0.9

NANO AntiVirus

Riskware.Win32.Downware.dhzzeg

0.28.6.63362

Reason Heuristics

PUP.Installer.ShetefSolutionsConsulting1998.u

15.1.3.19

Sophos

Generic PUA BA

4.98

Trend Micro House Call

TROJ_GEN.R02SH09JS14

7.2.3

VIPRE Antivirus

Trojan.Win32.Generic

34840

Zillya! Antivirus

Backdoor.PePatch.Win32.50090

2.0.0.1983

File size:

453.6 KB (464,464 bytes)

Product version:

1.1.5.26

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Amonetize Downloader

Language:

English (United States)

Digital Signature

Signed by:

Shetef Solutions & Consulting (1998) Ltd.

Authority:

GoDaddy.com, Inc.

Valid from:

10/13/2014 11:02:37 AM

Valid to:

10/13/2015 11:02:37 AM

Subject:

CN=Shetef Solutions & Consulting (1998) Ltd., O=Shetef Solutions & Consulting (1998) Ltd., L=Rannana, S=Israel, C=IL

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

4B1B72BCEFC0E8

File PE Metadata

Compilation timestamp:

10/20/2014 4:33:52 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:pIc0x8bs/GQY5quuECs4TsEvEi7z84/s9AHGJITiDF7:pIvKbhRjRmnbs9AHiRF7

Entry address:

0x11DE8

Entry point:

E8, 49, 6A, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, 94, 1E, 3B, 00, 00, 75, 18, E8, 5C, 4E, 00, 00, 6A, 1E, E8, A6, 4C, 00, 00, 68, FF, 00, 00, 00, E8, F9, F5, FF, FF, 59, 59, 8B, 45, 08, 85, C0, 75, 01, 40, 50, 6A, 00, FF, 35, 94, 1E, 3B, 00, FF, 15, 14, A1, 3A, 00, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 94, 1E, 3B, 00, 00, 75, 18, E8, 12, 4E, 00, 00, 6A, 1E, E8, 5C, 4C, 00, 00, 68, FF, 00, 00, 00, E8, AF, F5, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3... 
[+]

Code size:

161 KB (164,864 bytes)

The file professor green ft tori kelly lullaby__3818_il499482.exe has been seen being distributed by the following 2 URLs.

http://www.care-download.com/download.php?version=1.1.5.26&campid=3818&instid[appname]=Professor_Green_ft._Tori_Kelly_-_Lullaby_(get-tune.net).mp3&instid[appsetupurl]=http://stream.get-tune.net/mail/297459054/-34039722/1521999913/860be09566e5e2b2/Professor_Green_ft._Tori_Kelly_-_Lullaby_(get-tune.net).mp3&instid[appimageurl]=http://s3.amazonaws.com/.../downloadall.png&prefix=Professor Green ft Tori Kelly Lullaby

http://stream.get-tune.net/file/297459054/-34039722/1571548545/.../Professor_Green_ft._Tori_Kelly_-_Lullaby_(get-tune.net).mp3

Remove professor green ft tori kelly lullaby__3818_il499482.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.