home

cum.fiesta.becky.grind.on.torrent__6427_il6734154.exe

Installer

The application cum.fiesta.becky.grind.on.torrent__6427_il6734154.exe has been detected as a potentially unwanted program by 7 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.conductdownload.com and multiple other hosts. While running, it connects to the Internet address server-54-230-149-169.sin2.r.cloudfront.net on port 80 using the HTTP protocol.
Product:
Installer

Version:
1.1.6.20

MD5:
bf205a0548c6098c5842b767773bc875

SHA-1:
5eb53b83b1c19d2594726c97028b46832cac568b

SHA-256:
61c16be120ee6cb67a03d654728b2ad95b3a6a3dd0b7fe0d7f199e0e87c804d2

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
6/17/2025 4:09:18 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.134.156

avast!
Win32:Adware-BJY [PUP]
2014.9-140303

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.1433

ESET NOD32
Win32/Amonetize.AG (variant)
8.9496

Malwarebytes
PUP.Optional.Amonetize.A
v2014.03.03.08

Sophos
Amonetize
4.98

Trend Micro House Call
TROJ_GEN.F47V0302
7.2.62

File size:
323.5 KB (331,264 bytes)

Product version:
2.1.12

Copyright:
Copyright(c), All Rights Reserved.

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\cum.fiesta.becky.grind.on.torrent__6427_il6734154.exe

File PE Metadata
Compilation timestamp:
3/2/2014 8:00:52 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:ew8Pb0lRVsXFPTDpCPecQB2tUZDJpeQrFDxgutrUeReDaT9l8ajithjmgbAXGKTq:ewqb0lRVwFPTNCPecY2tCSSPkDaTz8aZ

Entry address:
0x27174

Entry point:
E8, BC, 95, 00, 00, E9, 89, FE, FF, FF, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00, 00, 00, 8B, D1, 83, E1, 7F, C1, EA, 07, 74, 65, EB, 06, 8D, 9B, 00, 00, 00, 00, 66, 0F, 6F, 06, 66, 0F, 6F, 4E, 10, 66, 0F, 6F, 56, 20, 66, 0F, 6F, 5E, 30, 66, 0F, 7F, 07, 66, 0F, 7F, 4F, 10, 66, 0F, 7F, 57, 20, 66, 0F, 7F, 5F, 30, 66, 0F, 6F, 66, 40, 66, 0F, 6F, 6E, 50, 66, 0F, 6F, 76, 60, 66, 0F, 6F, 7E, 70, 66, 0F, 7F, 67, 40, 66, 0F, 7F, 6F, 50, 66, 0F, 7F, 77, 60, 66, 0F, 7F, 7F, 70, 8D, B6, 80, 00, 00, 00, 8D, BF...
 
[+]

Code size:
229.5 KB (235,008 bytes)

The file cum.fiesta.becky.grind.on.torrent__6427_il6734154.exe has been seen being distributed by the following 17 URLs.

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=NzI0fDIzNDR8TVh8M3wxfHw|b3779383227887b67fde0a18f177a90f|1f92e0e0-86bc-11e3-8eaf-0025b320a860

http://www.singulardownload.com/download.php?version=1.1.6.20&campid=6601&instid[appname]=http://downlite.net/download/DownLiteSilent2.exe&instid[cmdline]=&instid[appimageurl]=http://downlite.net/.../Logo_150.png&prefix=Avicii True Album All Bonus Tracks Deluxe Edition 320kbp&instid[thankyoupage]=

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=MTI0M3wxNzM0fFNBfDN8MXx8|f1083ef8b33baf993d96198897c89bb7|68399cd0-9ecc-11e3-8af7-0025b320a860

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=MTI0M3wxNzM0fEJBfDN8MXx8|f1083ef8b33baf993d96198897c89bb7|a0a130e0-a301-11e3-8af7-0025b320a860

http://www.singulardownload.com/download.php?version=1.1.6.20&campid=6601&instid[appname]=http://downlite.net/download/DownLiteSilent2.exe&instid[cmdline]=&instid[appimageurl]=http://downlite.net/.../Logo_150.png&prefix=&instid[thankyoupage]=

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=MTI0M3wxNzM0fElOfDN8MXx8|f1083ef8b33baf993d96198897c89bb7|c25ec330-9e1c-11e3-9046-002590f00f96

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=NzI0fDIzMzZ8UEx8M3wxfHw|b3779383227887b67fde0a18f177a90f|791d4d42-9296-11e3-903a-0025b320a860

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=MTI0M3wxNzM0fENPfDN8MXx8|f1083ef8b33baf993d96198897c89bb7|a0071300-a26d-11e3-9046-002590f00f96

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=NzI0fDIzNDR8UEx8M3wxfHw|b3779383227887b67fde0a18f177a90f|acc337e0-97fa-11e3-903a-0025b320a860

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=5642&capp=s7zip&prefix=GameSetup

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=MTI0M3wxNzM0fEVTfDN8MXx8|f1083ef8b33baf993d96198897c89bb7|b705e710-98a5-11e3-903a-0025b320a860

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=NzI0fDIzNjZ8U0F8M3wxfHw|b3779383227887b67fde0a18f177a90f|e2071bc0-a398-11e3-8af7-0025b320a860

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=MTI0M3wxNzM0fE5MfDN8MXx8|f1083ef8b33baf993d96198897c89bb7|67225e30-a1f2-11e3-9046-002590f00f96

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=NzI0fDIzMzh8SU58M3wxfHw|b3779383227887b67fde0a18f177a90f|8199ced0-9e2b-11e3-a424-0025b320a860

http://www.specificdownload.com/download.php?version=1.1.6.20&prefix=Free Download Hard Disk Sentinel Professional Crack Patch Latest 2013 Full Version&campid=5820&instid[appname]=Free Download Hard Disk Sentinel Professional Crack Patch Latest 2013 Full Version&instid[thankyoupage]=&instid[appsetupurl]=&instid[interrupted]=&instid[appimageurl]=http://s3.amazonaws.com/.../downloadall.png

http://www.singulardownload.com/download.php?version=1.1.6.20&campid=6601&instid[appname]=http://downlite.net/download/DownLiteSilent2.exe&instid[cmdline]=&instid[appimageurl]=http://downlite.net/.../Logo_150.png&prefix=Wiz Khalifa &instid[thankyoupage]=

http://www.specificdownload.com/download.php?version=1.1.6.20&prefix=Adobe® Photoshop® Touch APK Full v1.5.1&campid=4415&instid[appname]=Adobe® Photoshop® Touch APK Full v1.5.1&instid[thankyoupage]=&instid[appsetupurl]=&instid[interrupted]=&instid[appimageurl]=http://s3.amazonaws.com/.../downloadall.png

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-149-169.sin2.r.cloudfront.net  (54.230.149.169:80)

TCP (HTTP):
Connects to ec2-107-20-147-93.compute-1.amazonaws.com  (107.20.147.93:80)

TCP (HTTP):
Connects to 195-154-179-210.rev.dedibox.fr  (195.154.179.210:80)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.