» the little brown compact hand downloader__3687_i1454188928_il1179018.exe
Overview
Analysis
File Details

the little brown compact hand downloader__3687_i1454188928_il1179018.exe

Shetef Solutions & Consulting (1998) Ltd.

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application the little brown compact hand downloader__3687_i1454188928_il1179018.exe by Shetef Solutions & Consulting (1998) has been detected as adware by 27 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Publisher:

Shetef Solutions & Consulting (1998) Ltd. (signed and verified)

Version:

1.1.5.26

MD5:

cdf53e000ec1f20af475b980b3cc8346

SHA-1:

feea8166054bcb254bab782c1aa44c31920f3304

SHA-256:

cd92326e309453268631da1fce5c7bcd11ec2b59d0689f51e38ece58fb677cab

Scanner detections:

27 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/26/2024 6:54:11 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Strictor.75886

676

Agnitum Outpost

PUA.Amonetize

7.1.1

AhnLab V3 Security

PUP/Win32.Amonetiz

2015.03.16

Avira AntiVirus

ADWARE/Adware.Gen2

7.11.217.124

avast!

Win32:Adware-gen [Adw]

2014.9-150331

AVG

Generic_r

2016.0.3154

Bitdefender

Gen:Variant.Adware.Strictor.75886

1.0.20.450

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

ApplicUnwnt

21422

Emsisoft Anti-Malware

Gen:Variant.Adware.Strictor.75886

8.15.03.31.03

ESET NOD32

Win32/Amonetize.DU potentially unwanted (variant)

9.11323

Fortinet FortiGate

Riskware/Amonetize

3/31/2015

F-Secure

Gen:Variant.Adware.Strictor

11.2015-31-03_3

G Data

Gen:Variant.Adware.Strictor.75886

15.3.25

K7 AntiVirus

Trojan

13.200.15263

Kaspersky

not-a-virus:AdWare.Win32.Amonetize

14.0.0.2264

Malwarebytes

PUP.Optional.Bundler

v2015.03.31.03

McAfee

Artemis!CDF53E000EC1

5600.6810

MicroWorld eScan

Gen:Variant.Adware.Strictor.75886

16.0.0.270

NANO AntiVirus

Riskware.Win32.Amonetize.dmtxuw

0.30.0.296

Panda Antivirus

Trj/CI.A

15.03.31.03

Reason Heuristics

PUP.Installer.ShetefSolutionsConsulting1998

15.3.31.3

Sophos

Generic PUA PO

4.98

Trend Micro House Call

TROJ_GEN.R02SB01B715

7.2.90

Vba32 AntiVirus

AdWare.Amonetize

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

38446

Zillya! Antivirus

Adware.Amonetize.Win32.2168

2.0.0.2100

File size:

507.6 KB (519,760 bytes)

Product version:

1.1.5.26

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Amonetize Downloader

Language:

English (United States)

Common path:

C:\users\{user}\downloads\the little brown compact hand downloader__3687_i1454188928_il1179018.exe

Digital Signature

Signed by:

Shetef Solutions & Consulting (1998) Ltd.

Authority:

GoDaddy.com, Inc.

Valid from:

10/13/2014 5:02:37 AM

Valid to:

10/13/2015 5:02:37 AM

Subject:

CN=Shetef Solutions & Consulting (1998) Ltd., O=Shetef Solutions & Consulting (1998) Ltd., L=Rannana, S=Israel, C=IL

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

4B1B72BCEFC0E8

File PE Metadata

Compilation timestamp:

1/21/2015 7:03:19 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:tyPg2Zh3YODbSPj3IidURf5NeYsC7V7+m4YDRD:+g4DbSDURPeTaIZYDZ

Entry address:

0x28794

Entry point:

E8, F9, AC, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, 00, 3A, 45, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 6C, 10, 44, 00, 33, C0, 39, 5D, 28, 53, 53, FF, 75, 18, 0F, 95, C0, FF, 75, 14, 8D, 04, C5, 01, 00, 00, 00, 50, FF, 75, 24, FF, D6, 8B, F8, 89... 
[+]

Entropy:

6.9099

Code size:

255.5 KB (261,632 bytes)

Remove the little brown compact hand downloader__3687_i1454188928_il1179018.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.