home

setup.exe

Ninja Loader

CLICK YES BELOW LP

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe, “Setup Application” by CLICK YES BELOW LP has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
CLICK YES BELOW LP  (signed and verified)

Product:
Ninja Loader

Description:
Setup Application

Version:
192.0.0.1703

MD5:
45ea9187ba82ed324777c5c0062ceab9

SHA-1:
4a984ccf6d25e5f65f5b673c2306c1d5854b4049

SHA-256:
d2febea3ebd92229666a9688336ed3b038b13731d1be44d271c54540c99e70fb

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Injects advertisements in the web browser in the form or banner ads and popups.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
5/21/2024 7:49:27 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen
7.11.30.172

Clam AntiVirus
Win.Adware.Amonetize-511
0.98/20437

Dr.Web
Trojan.Click3.12246
9.0.1.0208

ESET NOD32
Win32/GigaClicks.AN potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Riskware/GigaClicks
7/27/2015

F-Secure
Riskware.Application.Generic.952794
11.2015-27-07_2

herdProtect (fuzzy)
variant of 528.exe (Adware)
2015.8.30.10

K7 AntiVirus
Adware
13.204.16131

Malwarebytes
PUP.Optional.NinjaLoader.A
v2015.07.27.08

McAfee
Trojan.Artemis!47997DDAB5E6
5600.6691

Norman
Gen:Variant.Strictor.67179
11.20150727

Reason Heuristics
PUP.Amonetize.CLICKYESBELOW.Bundler (M)
15.7.27.20

Rising Antivirus
PE:AdWare.Win32.Adpeak.c!1075356117
23.00.65.15725

Sophos
PUA 'Click Yes Below'
5.15

Trend Micro House Call
Suspici.121B598D
7.2.208

VIPRE Antivirus
Threat.4150696
40830

File size:
3.1 MB (3,254,112 bytes)

Product version:
1.0.0.0

Copyright:
© CLICK YES BELOW LP

Trademarks:
Ninja Loader is a trademark of CLICK YES BELOW LP

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader (using Nullsoft Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\setup.exe

Digital Signature
Signed by:
CLICK YES BELOW LP

Authority:
COMODO CA Limited

Valid from:
9/8/2014 5:00:00 PM

Valid to:
9/9/2015 4:59:59 PM

Subject:
CN=CLICK YES BELOW LP, O=CLICK YES BELOW LP, STREET="SUITE 4366 MITCHELL HOUSE, 5 MITCHELL STREET", L=EDINBURGH, S=EDINBURGH, PostalCode=EH6 7BD, C=GB

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
338A735EDFACCD649E222FB8833DB63C

File PE Metadata
Compilation timestamp:
10/6/2014 9:40:26 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:2V6OTNCntyhxPw0Pelu8G5UozmzY7KqMFkQDnUt47tS83jVLxwY4sw:2YwIntyFPeoVOoHXu/nUt4EAZeYa

Entry address:
0x322E

Entry point:
81, EC, D8, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 81, 40, 00, 55, FF, 15, AC, 82, 40, 00, 6A, 09, A3, 78, 4F, 43, 00, E8, FD, 2E, 00, 00, A3, C4, 4E, 43, 00, 55, 8D, 44, 24, 38, 68, B4, 02, 00, 00, 50, 55, 68, D8, B1, 42, 00, FF, 15, 7C, 81, 40, 00, 68, C0, A2, 40, 00, 68, C0, 3E, 43, 00, E8, 68, 2B, 00, 00, FF, 15, 38, 81, 40, 00, BB, 00, F0, 43, 00, 50, 53, E8, 56, 2B, 00, 00...
 
[+]

Entropy:
7.9934

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.