home

windows.8.1.rtm.lisanslama...aktivasyon.resimli.anlatim__7816_i1710215209_il44028.exe

LLC

The application windows.8.1.rtm.lisanslama...aktivasyon.resimli.anlatim__7816_i1710215209_il44028.exe by LLC has been detected as adware by 10 anti-malware scanners. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from mymediadownloadseighteen.com.
Publisher:
LLC   (signed and verified)

MD5:
f77346ab973ad85b159546e5a7bd9a97

SHA-1:
e7ca4daa2462cfa742c902cdbf0c6102ef0641bc

SHA-256:
cd1246bdc0a5ce5c4f4dfe5601a66dfa7eb8316ee8b5f83ec00547b29c51f07b

Scanner detections:
10 / 68

Status:
Adware

Analysis date:
5/17/2025 3:10:12 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Amonetize
2015.10.16

AVG
Generic
2016.0.2955

Baidu Antivirus
Hacktool.Win32.Agent
4.0.3.151015

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.1271

Malwarebytes
PUP.Optional.Amonetize
v2015.10.15.04

NANO AntiVirus
Trojan.Win32.Agent.dxmgor
0.30.26.3947

Panda Antivirus
Trj/Genetic.gen
15.10.15.04

Reason Heuristics
PUP.Amonitize (M)
15.10.15.16

Rising Antivirus
PE:Malware.RDM.15!5.15[F1]
23.00.65.151013

Vba32 AntiVirus
Signed-Downware.Amonetize
3.12.26.4

File size:
1 MB (1,091,744 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\windows.8.1.rtm.lisanslama...aktivasyon.resimli.anlatim\windows.8.1.rtm.lisanslama...aktivasyon.resimli.anlatim__7816_i1710215209_il44028.exe

Digital Signature
Signed by:
LLC

Authority:
COMODO CA Limited

Valid from:
7/11/2015 3:00:00 AM

Valid to:
7/11/2016 2:59:59 AM

Subject:
CN="LLC ""DEKA-SOFT""", O="LLC ""DEKA-SOFT""", STREET="str. Uralska, 8", L=Kamyanets-Podilskyy, S=Khmelnytska, PostalCode=32300, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009E72DC1CAE0AC1C46FB0692B93F1002C

File PE Metadata
Compilation timestamp:
10/15/2015 6:04:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:0Pwk1/JWRBj7UOW7UMV23nnerGozknVoQsxqVMSii6J:Tk1/JWP8KMV2XergVLOq4J

Entry address:
0xB68A

Entry point:
EB, 03, EB, 00, E9, E8, 03, 00, 00, 00, 0F, 06, EB, 83, 04, 24, 09, C3, 00, E8, C2, 40, 00, 00, E9, 42, FD, FF, FF, FF, 35, A8, 21, 43, 00, FF, 15, 50, 50, 42, 00, C3, FF, 35, A8, 21, 43, 00, FF, 15, 50, 50, 42, 00, 85, C0, 74, 02, FF, D0, 6A, 19, E8, C9, 2E, 00, 00, 6A, 01, 6A, 00, E8, 54, 47, 00, 00, 83, C4, 0C, E9, 6B, 47, 00, 00, 55, 8B, EC, 56, FF, 35, A8, 21, 43, 00, FF, 15, 50, 50, 42, 00, FF, 75, 08, 8B, F0, FF, 15, 4C, 50, 42, 00, A3, A8, 21, 43, 00, 8B, C6, 5E, 5D, C3, CC, 8B, 4C, 24, 04, F7, C1...
 
[+]

Code size:
141 KB (144,384 bytes)

The file windows.8.1.rtm.lisanslama...aktivasyon.resimli.anlatim__7816_i1710215209_il44028.exe has been seen being distributed by the following URL.

http://mymediadownloadseighteen.com/?dmVyc2lvbj0xLjEuNS4yNiZjYW1waWQ9MzY4NyZpbnN0aWRbYXBwbmFtZV09VmFpbGxhbnQlMjAyNDIlMjAyJTIwNSUyME1hbnVhbCUyMERvd25sb2FkZXImaW5zdGlkW2FwcHNldHVwdXJsXT1odHRwJTNBJTJGJTJGZmFzdG1lZGlhZG93bmxvYWRzLmNvbSUyRmRvd25sb2FkJTJGUHJvbXB0LURvd25sb2FkZXItMTAyMDM0NjY5NS5leGUmaW5zdGlkW2NtZGxpbmVdPSZpbnN0aWRbYXBwaW1hZ2V1cmxdPWh0dHAlM0ElMkYlMkZwcm9tcHRkb3dubG9hZGVyLmNvbSUyRmxvZ28ucG5nJnByZWZpeD1WYWlsbGFudCUyMDI0MiUyMDIlMjA1JTIwTWFudWFsJTIwRG93bmxvYWRlciZpbnN0aWRbaW50ZXJydXB0ZWRdPWh0dHAlM0ElMkYlMkZwcm9tcHRkb3dubG9hZGVyLmNvbSUyRiUzRmNhbmNlbCZ0aTE9MTAyMDM0NjY5NSZpbnN0aWRbdGhhbmt5b3VwYWdlXT1odHRwJTNBJTJGJTJGcHJvbXB0ZG93bmxvYWRlci5jb20lMkYlM0ZzdWNjZXNzJnRrbj0xNDQ0OTMwNjAzLjZkNWFmZWY5ZTA0OTE2NzhlMjM0M2JjNDNiMDE5OTJi

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.