» revolution.chapter.2..of._10924_i66481029_il345.exe
Overview
Analysis
File Details

revolution.chapter.2..of._10924_i66481029_il345.exe

InstallShield

A4 TOV

The application revolution.chapter.2..of._10924_i66481029_il345.exe by A4 TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the InstallShield Setup installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Publisher:

Macrovision Corporation (signed by A4 TOV)

Product:

InstallShield

Description:

Setup.exe

Version:

14.0.162

MD5:

1c36b0547739b8e8f39c216012a0695c

SHA-1:

bb37be59f2fab34d7d84fbdbae93cc004a323372

SHA-256:

cad084336d293b76992e563c617586d389fd43b5cbed5b919b176b1dc53f7ecb

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/13/2024 1:00:30 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Amonetize (M)

17.2.20.18

File size:

1.8 MB (1,905,632 bytes)

Product version:

14.0

Original file name:

Setup.exe

File type:

Executable application (Win32 EXE)

Installer:

InstallShield Setup

Language:

English (United States)

Common path:

C:\users\{user}\downloads\revolution.chapter.2..of._10924_i66481029_il345.exe

Digital Signature

Signed by:

A4 TOV

Authority:

COMODO CA Limited

Valid from:

9/17/2015 1:00:00 AM

Valid to:

9/17/2016 12:59:59 AM

Subject:

CN=A4 TOV, O=A4 TOV, STREET=Bud. 29 vul.Shchorsa, L=Kiev, S=Kiev, PostalCode=01010, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

27FB5DEC4CCFD4F3CF69A6B639C6AD4B

File PE Metadata

Compilation timestamp:

10/2/2015 3:32:44 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x2878B2

Entry point:

68, 00, 48, 2A, 1B, E8, 5A, FC, FA, FF, 00, 00, 47, 65, 74, 50, 72, 6F, 63, 65, 73, 73, 41, 66, 66, 69, 6E, 69, 74, 79, 4D, 61, 73, 6B, 00, 00, 00, 00, 4C, 6F, 61, 64, 49, 63, 6F, 6E, 57, 00, 68, 80, 84, 29, 09, E8, 2A, FC, FA, FF, 03, 79, 68, 80, 59, E4, 6B, 68, 00, BE, 58, 97, 97, 3F, 8A, 22, 5A, 68, C0, EE, 04, AC, 97, FF, 42, 7F, D6, 97, BF, D7, 84, 86, 97, FF, 24, 10, 6C, 68, 80, 3A, E8, 59, 68, C0, 3D, E5, D9, 68, 40, A7, 88, 22, 97, FF, EB, 0A, 8E, 97, 7F, 69, 3E, A9, 97, 3F, 9D, FF, DC, 68, 40, 5F... 
[+]

Code size:

1.8 MB (1,861,632 bytes)

Remove revolution.chapter.2..of._10924_i66481029_il345.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.