home

walter bonatti montagne d_10924_i67093663_il345.exe

InstallShield

A4 TOV

The application walter bonatti montagne d_10924_i67093663_il345.exe by A4 TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the InstallShield Setup installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Macrovision Corporation  (signed by A4 TOV)

Product:
InstallShield

Description:
Setup.exe

Version:
14.0.162

MD5:
428b16cfb1676df99b4af51a80f85804

SHA-1:
5d0ae68612445d4577ac5cc17a3d4c1783ae1d2c

SHA-256:
0f5f4708bb45132d080d7beb1efc8490ac79d2483102a2e05502940e73ddda38

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/13/2024 2:20:18 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonetize (M)
17.3.14.5

File size:
1.8 MB (1,919,968 bytes)

Product version:
14.0

Copyright:
Copyright (C) 2007 Macrovision Corporation

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Installer:
InstallShield Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\walter bonatti montagne d_10924_i67093663_il345.exe

Digital Signature
Signed by:
A4 TOV

Authority:
COMODO CA Limited

Valid from:
9/17/2015 2:00:00 AM

Valid to:
9/17/2016 1:59:59 AM

Subject:
CN=A4 TOV, O=A4 TOV, STREET=Bud. 29 vul.Shchorsa, L=Kiev, S=Kiev, PostalCode=01010, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
27FB5DEC4CCFD4F3CF69A6B639C6AD4B

File PE Metadata
Compilation timestamp:
10/4/2015 8:52:43 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x2476D7

Entry point:
68, 75, 68, F3, 9F, E8, E5, 5A, FF, FF, D6, F0, 9B, C3, 44, 20, 77, FA, 57, F6, E6, B9, 05, 28, 93, 12, DA, 9B, 43, 2E, F9, E2, 9B, 43, 30, 70, 08, FA, 57, ED, 76, 0E, 65, 3C, 29, 76, 10, 05, 28, 1B, AA, 30, FA, D7, 6C, 41, 6E, 64, 3C, 24, 8D, 57, 64, 3C, 9C, 73, 5D, 64, BC, 9A, 61, 85, 05, A8, 88, A5, 28, 9A, 43, 1F, 86, 72, FA, D7, E8, 84, 05, A8, FA, EA, 51, FA, D7, 80, A1, 53, 64, BC, 2D, 46, 83, 05, 28, 26, 6D, 61, FA, D7, F1, E0, 9B, 05, 28, D6, 97, 9B, 43, 09, F5, C0, 9B, 43, 5C, 16, FA, 57, 0D, C7...
 
[+]

Code size:
1.8 MB (1,875,968 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.