» alrassamalarabifulldownload__7934_il14728.exe
Overview
Analysis
File Details
Downloads (1)

alrassamalarabifulldownload__7934_il14728.exe

The application alrassamalarabifulldownload__7934_il14728.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from 448714.download1234.website.

File name:

MD5:

85bc3b7822c9b1ee79d771aacebcf7f6

SHA-1:

f043e0261d106890ac273e384f9baa4b85da853c

SHA-256:

71f3def49b0694c32eb8f4a5cefa59e3c944c7868e2553d77c418447168f8604

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 9:04:58 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Amonetize.Installer (M)

16.8.10.18

File size:

587.5 KB (601,601 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\alrassamalarabifulldownload__7934_il14728.exe

File PE Metadata

Compilation timestamp:

8/8/2016 11:09:07 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:wyv3zqaSxqdbqk44TFVRqEM8+RTKQrpzwqN9:lvjqxqdbZ4QEEM8+RTKQVzrN9

Entry address:

0xCB0DC

Entry point:

60, E8, 00, 00, 00, 00, 58, 05, 5A, 0B, 00, 00, 8B, 30, 03, F0, 2B, C0, 8B, FE, 66, AD, C1, E0, 0C, 8B, C8, 50, AD, 2B, C8, 03, F1, 8B, C8, 57, 51, 49, 8A, 44, 39, 06, 88, 04, 31, 75, F6, 2B, C0, AC, 8B, C8, 80, E1, F0, 24, 0F, C1, E1, 0C, 8A, E8, AC, 0B, C8, 51, 02, CD, BD, 00, FD, FF, FF, D3, E5, 59, 58, 8B, DC, 8D, A4, 6C, 90, F1, FF, FF, 51, 2B, C9, 51, 51, 8B, CC, 51, 66, 8B, 17, C1, E2, 0C, 52, 57, 83, C1, 04, 51, 50, 83, C1, 04, 56, 51, E8, 5E, 00, 00, 00, 8B, E3, 5E, 5A, 2B, C0, 89, 04, 32, B4, 10... 
[+]

Entropy:

7.7378

Packer / compiler:

ASPack v1.08.04

Code size:

119 KB (121,856 bytes)

The file alrassamalarabifulldownload__7934_il14728.exe has been seen being distributed by the following URL.

http://448714.download1234.website/download.php?id=koray&title=Al-Rassam-Al-Arabi-Full-Download

Remove alrassamalarabifulldownload__7934_il14728.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.