home

quicktime mpeg2 component__10924_i1454476773_il1297074.exe

Install Path Ltd

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application quicktime mpeg2 component__10924_i1454476773_il1297074.exe by Install Path has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Install Path Ltd  (signed and verified)

Version:
1.1.8.22

MD5:
187557b57f8ada32e9290cf87b610a32

SHA-1:
0fa41cd0f39e253c81895d247ab29221d3562bd6

SHA-256:
f71b1b19d416f5c4407c15dd6acf52fefe5e30e107c17c92df6b066c2116e812

Scanner detections:
23 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/19/2024 1:10:08 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Jatif.103
734

AhnLab V3 Security
PUP/Win32.Amonetiz
2015.02.01

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.206.62

avast!
Win32:Adware-gen [Adw]
2014.9-150201

AVG
Generic_r
2016.0.3212

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.1521

Bitdefender
Gen:Variant.Application.Jatif.103
1.0.20.160

Bkav FE
W32.HfsAdware
1.3.0.6379

ESET NOD32
Win32/Amonetize.CX potentially unwanted (variant)
9.11102

Fortinet FortiGate
Riskware/Amonetize
2/1/2015

F-Secure
Gen:Variant.Application.Jatif
11.2015-01-02_1

G Data
Gen:Variant.Application.Jatif.103
15.2.25

K7 AntiVirus
Unwanted-Program
13.193.14818

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.2554

McAfee
Artemis!187557B57F8A
5600.6868

MicroWorld eScan
Gen:Variant.Application.Jatif.103
16.0.0.96

NANO AntiVirus
Riskware.Win32.Amonetize.dmsseo
0.30.0.65070

Panda Antivirus
PUP/MultiToolbar.A
15.02.01.04

Reason Heuristics
PUP.Installer.Amonetize
15.2.1.5

Sophos
Generic PUA AP
4.98

Trend Micro House Call
TROJ_GEN.F0C2C00AT15
7.2.32

Trend Micro
TROJ_GEN.F0C2C00AT15
10.465.01

VIPRE Antivirus
Trojan.Win32.Generic
37124

File size:
509.6 KB (521,832 bytes)

Product version:
1.1.8.22

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\quicktime mpeg2 component__10924_i1454476773_il1297074.exe

Digital Signature
Signed by:
Install Path Ltd

Authority:
COMODO CA Limited

Valid from:
1/19/2015 7:00:00 PM

Valid to:
1/20/2016 6:59:59 PM

Subject:
CN=Install Path Ltd, OU=Install Path Ltd, O=Install Path Ltd, POBox=5252006, STREET=5 Jabotinsky, L=Ramat Gan, S=Israel, PostalCode=5252006, C=IL

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2E1A17FA8AA2A44E9135D585D48E6C41

File PE Metadata
Compilation timestamp:
1/22/2015 5:05:01 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:67NiCcRe2ByBNIbkD9CwDxsC7V7+mI3ukpd:w2ByGkDQwDSaIp3ukX

Entry address:
0x28CD4

Entry point:
E8, F7, AC, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, 00, 4A, 45, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 6C, 20, 44, 00, 33, C0, 39, 5D, 28, 53, 53, FF, 75, 18, 0F, 95, C0, FF, 75, 14, 8D, 04, C5, 01, 00, 00, 00, 50, FF, 75, 24, FF, D6, 8B, F8, 89...
 
[+]

Entropy:
6.9084

Code size:
257 KB (263,168 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.