home

setup.exe

Ninja Loader

CLICK YES BELOW LP

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe, “Setup Application” by CLICK YES BELOW LP has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
CLICK YES BELOW LP  (signed and verified)

Product:
Ninja Loader

Description:
Setup Application

Version:
192.0.0.1703

MD5:
e4c60d3380a343616528ca55de153559

SHA-1:
be3cf216dd38c3d4aaa4404dcb0a10d0b5c838ef

SHA-256:
59915946e30eeefd15605a577567b4c43b99babed232bfb179007e3ace57b7ee

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Injects advertisements in the web browser in the form or banner ads and popups.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/25/2024 11:04:50 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen
7.11.30.172

Clam AntiVirus
Win.Adware.Amonetize-511
0.98/20437

Dr.Web
Trojan.Click3.12246
9.0.1.0215

ESET NOD32
Win32/GigaClicks.AN potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Riskware/GigaClicks
8/3/2015

F-Secure
Riskware.Application.Generic.952794
11.2015-03-08_2

herdProtect (fuzzy)
variant of 528.exe (Adware)
2015.9.8.0

K7 AntiVirus
Adware
13.204.16131

Malwarebytes
PUP.Optional.NinjaLoader.A
v2015.08.03.05

McAfee
Trojan.Artemis!47997DDAB5E6
5600.6685

Norman
Gen:Variant.Strictor.67179
11.20150803

Reason Heuristics
PUP.Amonetize.CLICKYESBELOW.Bundler (M)
15.8.3.5

Rising Antivirus
PE:AdWare.Win32.Adpeak.c!1075356117
23.00.65.15801

Sophos
PUA 'Click Yes Below'
5.15

Trend Micro House Call
Suspici.121B598D
7.2.215

VIPRE Antivirus
Threat.4150696
40830

File size:
3.1 MB (3,254,112 bytes)

Product version:
1.0.0.0

Copyright:
© CLICK YES BELOW LP

Trademarks:
Ninja Loader is a trademark of CLICK YES BELOW LP

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader (using Nullsoft Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\o54hje2l\setup.exe

Digital Signature
Signed by:
CLICK YES BELOW LP

Authority:
COMODO CA Limited

Valid from:
9/8/2014 8:00:00 PM

Valid to:
9/9/2015 7:59:59 PM

Subject:
CN=CLICK YES BELOW LP, O=CLICK YES BELOW LP, STREET="SUITE 4366 MITCHELL HOUSE, 5 MITCHELL STREET", L=EDINBURGH, S=EDINBURGH, PostalCode=EH6 7BD, C=GB

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
338A735EDFACCD649E222FB8833DB63C

File PE Metadata
Compilation timestamp:
10/7/2014 12:40:26 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:zR6OTNCntyhxPw0Pelu8G5UozmzY7KqMFkQDnUt47tS83jVLxwY4sU:zcwIntyFPeoVOoHXu/nUt4EAZeYC

Entry address:
0x322E

Entry point:
81, EC, D8, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 81, 40, 00, 55, FF, 15, AC, 82, 40, 00, 6A, 09, A3, 78, 4F, 43, 00, E8, FD, 2E, 00, 00, A3, C4, 4E, 43, 00, 55, 8D, 44, 24, 38, 68, B4, 02, 00, 00, 50, 55, 68, D8, B1, 42, 00, FF, 15, 7C, 81, 40, 00, 68, C0, A2, 40, 00, 68, C0, 3E, 43, 00, E8, 68, 2B, 00, 00, FF, 15, 38, 81, 40, 00, BB, 00, F0, 43, 00, 50, 53, E8, 56, 2B, 00, 00...
 
[+]

Entropy:
7.9934

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.