» 11_avast_launcher.exe
Overview
Analysis
File Details
Downloads (1)

11_avast_launcher.exe

mlru

Kolac

The application 11_avast_launcher.exe has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.perisigmoiditisgashing.site.

File name:

Publisher:

Kolac

Product:

mlru

Description:

fast install

Version:

30.217.220.158

MD5:

1e04c3d912faf5d4b11f03ff0baba5ac

SHA-1:

b8bbe427aa379e50df184fb71e40bae12407678f

SHA-256:

88588871561470797f332e0ade464a0ac42d5b2ad388d1b9f3ef1974f466acc3

Scanner detections:

5 / 68

Status:

Potentially unwanted

Analysis date:

6/28/2025 11:57:09 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Emsisoft Anti-Malware

Gen:Application.Imonetize

16.05.01

ESET NOD32

Win32/Amonetize.RF potentially unwanted application

8.0.319.0

F-Secure

Application.Imonetize.2

5.15.96

Norman

Gen:Application.Imonetize.2

02.04.2016 17:35:19

Reason Heuristics

Adware.Amonetize.ET (M)

16.5.1.2

File size:

1.2 MB (1,249,792 bytes)

Product version:

30.217.220.158

LC 2015

Trademarks:

Mark Cap

Original file name:

tinyinstall.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

5/1/2016 7:59:57 AM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:u019TsnVvcOLsVEtZz3A/KALQ5qU6S4jddcWw1e5o22zQqN:r19TsVvcOC0rACALQ5qmOdcIq

Entry address:

0x898B

Entry point:

E8, AC, 59, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, E4, A9, 42, 00, FF, 15, 54, 00, 42, 00, 85, C0, 75, 18, 56, E8, 70, 0C, 00, 00, 8B, F0, FF, 15, 50, 00, 42, 00, 50, E8, BB, 0C, 00, 00, 59, 89, 06, 5E, 5D, C3, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 5F, 00, 00, 00, C7, 06, 84, 18, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 5F, 00, 00, 00, C7, 06, 84, 18, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B... 
[+]

Entropy:

7.8127 (probably packed)

Code size:

123 KB (125,952 bytes)

The file 11_avast_launcher.exe has been seen being distributed by the following URL.

http://www.perisigmoiditisgashing.site/11_avast_launcher.exe

Remove 11_avast_launcher.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.