» widgetlocker lockscreen apk v2.4.3 paid__4415_il24368.exe
Overview
Analysis
File Details
Downloads (14)
Network (3)

widgetlocker lockscreen apk v2.4.3 paid__4415_il24368.exe

Installer

The application widgetlocker lockscreen apk v2.4.3 paid__4415_il24368.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.specificdownload.com and multiple other hosts. While running, it connects to the Internet address server-52-84-25-137.sea32.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

Product:

Installer

Version:

1.1.6.20

MD5:

24372ae249e4a85a8444d0e0886c040d

SHA-1:

7e5f18550c47505187c277c34d34d3a6b7cc98ae

SHA-256:

12818858ff39730d40b8b1ccf8eb17a362719c5fc994088abe9fa23c8a21d032

Scanner detections:

13 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 5:43:36 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Amonetize

7.1.1

AhnLab V3 Security

PUP/Win32.Amonetiz

2014.02.24

Avira AntiVirus

ADWARE/Adware.Gen2

7.11.133.86

avast!

Win32:Amonetize-F [PUP]

2014.9-140223

Baidu Antivirus

Adware.Win32.Amonetize

4.0.3.14223

Dr.Web

Adware.Downware.2160

9.0.1.054

ESET NOD32

Win32/Amonetize.AG (variant)

8.9460

Fortinet FortiGate

Riskware/Amonetize

2/23/2014

G Data

Win32.Application.Amonetize

14.2.24

Malwarebytes

PUP.Optional.Amonetize

v2014.02.23.06

McAfee

Artemis!24372AE249E4

5600.7210

Reason Heuristics

Threat.Win.Reputation.IMP

14.3.31.13

Trend Micro House Call

TROJ_GEN.F47V0220

7.2.54

File size:

322.5 KB (330,240 bytes)

Product version:

2.1.12

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\widgetlocker lockscreen apk v2.4.3 paid__4415_il24368.exe

File PE Metadata

Compilation timestamp:

2/20/2014 4:13:42 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:dTYLOZQD3y7+TX8OocJICwB97Ks1Lqe+VN97+QGUZu0cTV+Y3QXzCNwTXHSpe:dTiOZQDi7+TsOocJN497wYQZu7TV+0Qa

Entry address:

0x26EC4

Entry point:

E8, BC, 95, 00, 00, E9, 89, FE, FF, FF, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00, 00, 00, 8B, D1, 83, E1, 7F, C1, EA, 07, 74, 65, EB, 06, 8D, 9B, 00, 00, 00, 00, 66, 0F, 6F, 06, 66, 0F, 6F, 4E, 10, 66, 0F, 6F, 56, 20, 66, 0F, 6F, 5E, 30, 66, 0F, 7F, 07, 66, 0F, 7F, 4F, 10, 66, 0F, 7F, 57, 20, 66, 0F, 7F, 5F, 30, 66, 0F, 6F, 66, 40, 66, 0F, 6F, 6E, 50, 66, 0F, 6F, 76, 60, 66, 0F, 6F, 7E, 70, 66, 0F, 7F, 67, 40, 66, 0F, 7F, 6F, 50, 66, 0F, 7F, 77, 60, 66, 0F, 7F, 7F, 70, 8D, B6, 80, 00, 00, 00, 8D, BF... 
[+]

Code size:

228.5 KB (233,984 bytes)

The file widgetlocker lockscreen apk v2.4.3 paid__4415_il24368.exe has been seen being distributed by the following 14 URLs.

http://www.specificdownload.com/download.php?version=1.1.6.20&prefix=Deep Freeze Enterprise 7.72.220.4535 Full version 2014, Crack,Patch&campid=3207&instid[appname]=Deep Freeze Enterprise 7.72.220.4535 Full version 2014, Crack,Patch&instid[thankyoupage]=&instid[appsetupurl]=&instid[interrupted]=&instid[appimageurl]=http://s3.amazonaws.com/.../downloadall.png

http://www.singulardownload.com/download.php?version=1.1.6.20&campid=6427&instid[appsetupurl]=&instid[cmdline]=&instid[appimageurl]=http://images.torrentfrancais.com/managerscreenshot.png&instid[thankyoupage]=http://www.torrentfrancais.com&instid[interrupted]=http://www.torrentfrancais.eu/.../&prefix=Joyeux.noel.french.subforced.brrip.torrent&instid[appname]=Joyeux.noel.french.subforced.brrip.torrent

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=OTQwfDE3MzR8Q098M3wxfHw|f1083ef8b33baf993d96198897c89bb7

http://www.specificdownload.com/download.php?version=1.1.6.20&prefix=Download Corel Draw X6 Terbaru Full Version Keygen&campid=5203&instid[appname]=Download Corel Draw X6 Terbaru Full Version Keygen&instid[thankyoupage]=&instid[appsetupurl]=&instid[interrupted]=&instid[appimageurl]=http://s3.amazonaws.com/.../downloadall.png

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=OTQwfDE3MzR8VEh8M3wxfHw|f1083ef8b33baf993d96198897c89bb7

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=OTQwfDE3MzR8UEx8M3wxfHw|f1083ef8b33baf993d96198897c89bb7

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=MTI0M3wxNzM0fEVTfDN8MXx8|f1083ef8b33baf993d96198897c89bb7

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=NzI0fDE2NzR8TVh8M3wxfHw|f1083ef8b33baf993d96198897c89bb7

http://www.specificdownload.com/download.php?version=1.1.6.20&prefix=PES 2014 PRO EVOLUTION SOCCER FULL RELOADED UPDATE 1.01&campid=3228&instid[appname]=PES 2014 PRO EVOLUTION SOCCER FULL RELOADED UPDATE 1.01&instid[thankyoupage]=&instid[appsetupurl]=&instid[interrupted]=&instid[appimageurl]=http://s3.amazonaws.com/.../downloadall.png

http://www.singulardownload.com/download.php?version=1.1.6.20&campid=6427&instid[appsetupurl]=&instid[cmdline]=&instid[appimageurl]=http://images.torrentfrancais.com/managerscreenshot.png&instid[thankyoupage]=http://www.torrentfrancais.com&instid[interrupted]=http://www.torrentfrancais.eu/.../&prefix=Girls.tribbing.girls.3.xxx.dvdrip.x264.torrent&instid[appname]=Girls.tribbing.girls.3.xxx.dvdrip.x264.torrent

http://www.specificdownload.com/download.php?version=1.1.6.20&prefix=KMSmicro v5.0.1 Activator for Windows 8.1 and Office 2013&campid=4502&instid[appname]=KMSmicro v5.0.1 Activator for Windows 8.1 and Office 2013&instid[thankyoupage]=&instid[appsetupurl]=&instid[interrupted]=&instid[appimageurl]=http://s3.amazonaws.com/.../downloadall.png

http://www.singulardownload.com/download.php?version=1.1.6.20&campid=6189&instid[appname]=NPP.6.5.3.Installer&instid[appsetupurl]=https://dl.dropboxusercontent.com/s/.../Product4484_Distribution4702_Partner2528.exe

http://tiny.cc/NPP563

http://www.specificdownload.com/download.php?version=1.1.6.20&prefix=WidgetLocker Lockscreen Apk v2.4.3 Paid&campid=4415&instid[appname]=WidgetLocker Lockscreen Apk v2.4.3 Paid&instid[thankyoupage]=&instid[appsetupurl]=&instid[interrupted]=&instid[appimageurl]=http://s3.amazonaws.com/.../downloadall.png

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-52-84-25-234.sea32.r.cloudfront.net (52.84.25.234:80)

TCP (HTTP):

Connects to server-52-84-25-137.sea32.r.cloudfront.net (52.84.25.137:80)

TCP (HTTP):

Connects to ec2-54-243-162-153.compute-1.amazonaws.com (54.243.162.153:80)

Remove widgetlocker lockscreen apk v2.4.3 paid__4415_il24368.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.