home

setup__2919_il436.exe

LLC

The application setup__2919_il436.exe by LLC has been detected as adware by 22 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. It is also typically executed from the user's temporary directory.
Publisher:
LLC   (signed and verified)

Version:
1.1.5.90

MD5:
ff5fe9b45946e03d23a6dd62327acba2

SHA-1:
6b4794c3e9390d06875bc184b7dc35514b011fac

SHA-256:
2914c436f0ffe30c88b137378b37012c88cbc43694460878503859363cc1bdf1

Scanner detections:
22 / 68

Status:
Adware

Analysis date:
4/26/2024 9:49:42 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Amonetize.34
551

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2015.07.31

Avira AntiVirus
ADWARE/Amonetize.A.908
8.3.1.6

Arcabit
Trojan.Application.Bundler.Amonetize.34
1.0.0.425

AVG
BundleApp
2016.0.3029

Baidu Antivirus
PUA.Win32.Amonetize
4.0.3.1582

Bitdefender
Gen:Variant.Application.Bundler.Amonetize.34
1.0.20.1070

Dr.Web
Trojan.Amonetize.4558
9.0.1.0214

ESET NOD32
Win32/Amonetize.GC.gen potentially unwanted (variant)
9.12021

Fortinet FortiGate
Riskware/Amonetize
8/2/2015

F-Prot
W32/Amonetize.U.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Application.Bundler
11.2015-02-08_1

G Data
Gen:Variant.Application.Bundler.Amonetize.34
15.8.25

K7 AntiVirus
Adware
13.207.16740

McAfee
Artemis!FF5FE9B45946
5600.6685

MicroWorld eScan
Gen:Variant.Application.Bundler.Amonetize.34
16.0.0.642

NANO AntiVirus
Trojan.Win32.Amonetize.dujuto
0.30.24.2668

Panda Antivirus
Trj/Genetic.gen
15.08.02.01

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Amonitize.Installer (M)
15.8.2.13

VIPRE Antivirus
Trojan.Win32.Generic
42474

File size:
1.5 MB (1,551,392 bytes)

Product version:
1.1.5.90

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\setup__2919_il436.exe

Digital Signature
Signed by:
LLC

Authority:
COMODO CA Limited

Valid from:
5/5/2015 8:00:00 PM

Valid to:
5/5/2016 7:59:59 PM

Subject:
CN="LLC ""HIPOP ART PROJECT""", O="LLC ""HIPOP ART PROJECT""", STREET="street 30 Victory, 22", L=Cherkasy, S=Cherkaska, PostalCode=18029, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CF829AE161807614D89E28BE052DF3AA

File PE Metadata
Compilation timestamp:
7/22/2015 6:24:02 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:0KXVE2sL///XkynUXXGIgPoavnFNl/48tYHa/WbFBP+A5iU62ejXJYDBnUFht6:0KlET8rX2PPFvnFNlA8tY6+P+AIlz5Yn

Entry address:
0x304B1

Entry point:
E8, 9C, C8, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, 3C, F5, F0, E1, 46, 00, 00, 75, 13, 56, E8, 91, 00, 00, 00, 59, 85, C0, 75, 08, 6A, 11, E8, 32, 94, 00, 00, 59, FF, 34, F5, F0, E1, 46, 00, FF, 15, 5C, B0, 45, 00, 5E, 5D, C3, E8, E0, 2F, 00, 00, 85, C0, 75, 0B, FF, 74, 24, 04, 50, FF, 15, 90, B0, 45, 00, 68, FF, 00, 00, 00, E8, DD, 92, 00, 00, 59, C3, 56, 57, BE, F0, E1, 46, 00, 8B, FE, 53, 8B, 1F, 85, DB, 74, 17, 83, 7F, 04, 01, 74, 11, 53, FF, 15, 64, B0, 45, 00, 53, E8, 75, EE, FF...
 
[+]

Entropy:
6.6796

Code size:
357.5 KB (366,080 bytes)

Remove setup__2919_il436.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.