» snapchat__5459_il722.exe
Overview
Analysis
File Details
Downloads (4)
Network (2)

snapchat__5459_il722.exe

Installer

The application snapchat__5459_il722.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.specificdownload.com and multiple other hosts. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

Product:

Installer

Version:

1.1.6.20

MD5:

11d6c55cb9bf28eb573be86010a3967d

SHA-1:

df67c01d8f9a391d1059b891d3643460673d5353

SHA-256:

8d4e947d41cfb8c7b7bdf8637a85b7f89c6f04edb455c18c75e1f1e60352ecd3

Scanner detections:

10 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 2:02:20 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.Amonetiz

2014.02.20

Avira AntiVirus

ADWARE/Adware.Gen2

7.11.132.182

avast!

Win32:Amonetize-F [PUP]

2014.9-140425

Baidu Antivirus

Adware.Win32.Amonetize

4.0.3.14425

Dr.Web

Adware.Downware.2160

9.0.1.0115

ESET NOD32

Win32/Amonetize.AD (variant)

8.9446

G Data

Win32.Application.Amonetize

14.4.24

Malwarebytes

PUP.Optional.Amonetize

v2014.04.25.08

Reason Heuristics

Threat.Win.Reputation.IMP

14.4.25.8

Trend Micro House Call

TROJ_GEN.F47V0218

7.2.115

File size:

323.5 KB (331,264 bytes)

Product version:

2.1.12

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\snapchat__5459_il722.exe

File PE Metadata

Compilation timestamp:

2/18/2014 2:30:19 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:w3DswNWsyov811u0gw3RBiMibru29e6y53vCP3UZ8Tzj/eY3/SNVsXgIpXq:w3wwNWsZv8100gw37iMaBPe8vj/eS/Sq

Entry address:

0x27244

Entry point:

E8, BC, 95, 00, 00, E9, 89, FE, FF, FF, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00, 00, 00, 8B, D1, 83, E1, 7F, C1, EA, 07, 74, 65, EB, 06, 8D, 9B, 00, 00, 00, 00, 66, 0F, 6F, 06, 66, 0F, 6F, 4E, 10, 66, 0F, 6F, 56, 20, 66, 0F, 6F, 5E, 30, 66, 0F, 7F, 07, 66, 0F, 7F, 4F, 10, 66, 0F, 7F, 57, 20, 66, 0F, 7F, 5F, 30, 66, 0F, 6F, 66, 40, 66, 0F, 6F, 6E, 50, 66, 0F, 6F, 76, 60, 66, 0F, 6F, 7E, 70, 66, 0F, 7F, 67, 40, 66, 0F, 7F, 6F, 50, 66, 0F, 7F, 77, 60, 66, 0F, 7F, 7F, 70, 8D, B6, 80, 00, 00, 00, 8D, BF... 
[+]

Code size:

229.5 KB (235,008 bytes)

The file snapchat__5459_il722.exe has been seen being distributed by the following 4 URLs.

http://www.specificdownload.com/download.php?version=1.1.6.20&prefix=Cesur Brave 2012 Türkçe Dublaj Tek Link indir&campid=4415&instid[appname]=Cesur Brave 2012 Türkçe Dublaj Tek Link indir&instid[thankyoupage]=&instid[appsetupurl]=&instid[interrupted]=&instid[appimageurl]=http://s3.amazonaws.com/.../downloadall.png

http://www.specificdownload.com/download.php?version=1.1.6.20&prefix=Setup&campid=3644&instid[appname]=Setup&instid[thankyoupage]=&instid[appsetupurl]=&instid[interrupted]=&instid[appimageurl]=http://s3.amazonaws.com/.../downloadall.png

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=NzI0fDE2NzR8UEx8M3wxfHw|f1083ef8b33baf993d96198897c89bb7

http://www.specificdownload.com/download.php?version=1.1.6.20&prefix=Free Crack Key Serial Download&campid=5690&instid[appname]=Free Crack Key Serial Download&instid[thankyoupage]=&instid[appsetupurl]=&instid[interrupted]=&instid[appimageurl]=http://s3.amazonaws.com/.../downloadall.png

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

Remove snapchat__5459_il722.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.