» u2.exe
Overview
Analysis
File Details
Downloads (4)

u2.exe

The file u2.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from cds.u3i2w8v2.hwcdn.net and multiple other hosts.

File name:

u2.exe

Version:

1.1.4.2

MD5:

dbb4c6174c4aaa7014a345a745fe6e8a

SHA-1:

c562a72fe77c507089c5cd80e4f21affed7e98af

SHA-256:

c0b562cc3203239b8c519f7c3557036a786d07bad3bb44223a0affeead226e08

Scanner detections:

15 / 68

Status:

Potentially unwanted

Analysis date:

5/3/2024 1:14:40 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.Amonetize.34

524

avast!

Win32:Dropper-gen [Drp]

2014.9-150829

Bitdefender

Gen:Variant.Application.Bundler.Amonetize.34

1.0.20.1205

Dr.Web

Win32.Siggen.7

9.0.1.0223

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.Amonetize.34

8.15.08.29.10

F-Secure

Riskware.Gen:Variant.Application.Bundler

11.2015-29-08_7

herdProtect (fuzzy)

variant of amiupdater112.exe

2015.8.29.22

K7 AntiVirus

Adware

13.207.16784

Malwarebytes

PUP.Optional.Amonetize.A

v2015.07.27.03

McAfee

Virus.W32/Virut.n.gen

5600.6677

Microsoft Security Essentials

Threat.Undefined

1.203.705.0

MicroWorld eScan

Gen:Variant.Application.Bundler.Amonetize.34

16.0.0.723

Norman

Gen:Variant.Application.Bundler.Amonetize.34

11.20150829

Reason Heuristics

Threat.Win.Reputation.IMP

15.8.10.23

VIPRE Antivirus

Threat.4150696

41424

File size:

1.7 MB (1,831,424 bytes)

Product version:

1.1.4.2

Original file name:

u2.exe

Common path:

C:\users\{user}\appdata\local\temp\bitd120.tmp

File PE Metadata

Compilation timestamp:

7/26/2015 12:20:33 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:NBbY9tF28SkTBqxHtIl3zyyY6gjRWcxyFNelPcccG+nc:NBbYjgYkJjWN8PjcG

Entry address:

0x3022B

Entry point:

E8, E1, C8, 00, 00, E9, 3A, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, 3C, F5, F0, D1, 46, 00, 00, 75, 13, 56, E8, 8D, 00, 00, 00, 59, 85, C0, 75, 08, 6A, 11, E8, 13, 95, 00, 00, 59, FF, 34, F5, F0, D1, 46, 00, E9, 38, 75, 02, 00, 5E, 5D, C3, E8, 88, 30, 00, 00, 85, C0, 75, 0A, FF, 74, 24, 04, 50, E9, F6, 84, FF, FF, 68, FF, 00, 00, 00, E8, C4, 93, 00, 00, 59, C3, 56, 57, BE, F0, D1, 46, 00, 8B, FE, 53, 8B, 1F, 85, DB, 74, 16, 83, 7F, 04, 01, 74, 10, 53, E9, 64, B9, FE, FF, 53, E8, FF, EF, FF, FF, 83, 27... 
[+]

Entropy:

6.0634

Code size:

357 KB (365,568 bytes)

The file u2.exe has been seen being distributed by the following 4 URLs.

http://cds.u3i2w8v2.hwcdn.net/.../Updater.exe

http://d22v5mkwhaawa0.cloudfront.net/.../Updater.exe

http://cds.x3u7n3a7.hwcdn.net/.../Updater.exe

http://cds.g8s7f3b7.hwcdn.net/.../Updater.exe

Remove u2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.