» 11_nod32_launcher.exe
Overview
Analysis
File Details
Downloads (1)

11_nod32_launcher.exe

Must have files

Magor Mat

The application 11_nod32_launcher.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.markersoffredefy.site.

File name:

Publisher:

Magor Mat

Product:

Must have files

Description:

tiny install

Version:

29.153.179.110

MD5:

50eda2b82c76681d79ef2dda30bb2bf6

SHA-1:

7edab261351701e904460b07f5252787aec9517a

SHA-256:

d45beaddbcd062e36c097844bc46f64f6281f18697064cbeb1f2eb28db058d7a

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

6/29/2025 11:10:23 AM UTC (today)

Scan engine

Detection

Engine version

Emsisoft Anti-Malware

Gen:Variant.Application.Razy.12281

11.5.0.6191

Kaspersky

not-a-virus:HEUR:AdWare.Win32.Amonetize

15.0.0.562

Norman

Gen:Application.Imonetize.2

10.04.2016 15:29:17

File size:

1.1 MB (1,131,520 bytes)

Product version:

29.153.179.110

CL2016

Trademarks:

Pepcyc

Original file name:

build.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\11_nod32_launcher.exe

File PE Metadata

Compilation timestamp:

5/4/2016 2:56:38 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:ckrEhnO2m6LYNlSq4J2qDU1ToTqMn6RV7dU3XyGiqy6:cuWnOQ0vSLXUKTq46n7IiGiqy

Entry address:

0x5B96

Entry point:

E8, 0D, 36, 00, 00, E9, 6E, FE, FF, FF, 8B, FF, EB, 08, E8, F0, FF, FF, FF, EB, 00, B8, 90, 90, EB, 04, C3, B8, 83, F8, 55, 8B, EC, 83, 7D, 08, 00, 74, 40, FF, 75, 08, 6A, 00, FF, 35, 78, 09, 41, 00, FF, 15, 28, B0, 40, 00, 85, C0, 75, 2B, 56, EB, 03, EB, 00, E9, E8, 03, 00, 00, 00, 0F, 06, EB, 83, 04, 24, 09, C3, 00, E8, 52, 20, 00, 00, 8B, F0, FF, 15, 24, B0, 40, 00, 50, E8, 02, 20, 00, 00, 59, 89, 06, 5E, 5D, C3, C7, 01, C0, C2, 40, 00, E9, DC, F5, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, C0, C2... 
[+]

Code size:

40 KB (40,960 bytes)

The file 11_nod32_launcher.exe has been seen being distributed by the following URL.

http://www.markersoffredefy.site/14_nod32_launcher.exe

Remove 11_nod32_launcher.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.