» keygen installer__9167_il2625679_2.exe
Overview
Analysis
File Details
Downloads (7)

keygen installer__9167_il2625679_2.exe

KOMPANIYA КRЕАТА LLC

Part of the Amonetize download manager, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application keygen installer__9167_il2625679_2.exe by KOMPANIYA КRЕАТА has been detected as adware by 19 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Publisher:

KOMPANIYA КRЕАТА LLC (signed and verified)

Version:

1.1.1.72

MD5:

d7be4101eb182b596e41a89a771b35a8

SHA-1:

c16ff3215fd077298f5b8c09bfc8c4401c1881d3

SHA-256:

920bc7a920255bb97c020ddd7db3195dac47e3c530f17be77177fd9a67d922e5

Scanner detections:

19 / 68

Status:

Adware

Analysis date:

6/24/2025 12:41:45 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.Amonetiz

2014.08.03

Avira AntiVirus

ADWARE/Adware.Gen2

7.11.165.4

avast!

Win32:Rootkit-gen [Rtk]

2014.9-140803

AVG

Generic

2015.0.3394

Baidu Antivirus

Adware.Win32.Amonetize

4.0.3.1483

Comodo Security

ApplicUnwnt

19062

ESET NOD32

Win32/Amonetize.BD (variant)

8.10193

Fortinet FortiGate

Riskware/Amonetize

8/3/2014

F-Prot

W32/Amonetize.A.gen

v6.4.7.1.166

G Data

Win32.Application.Amonetize

14.8.24

Kaspersky

not-a-virus:HEUR:AdWare.Win32.Amonetize

14.0.0.3464

Malwarebytes

PUP.Optional.Amonetize

v2014.08.03.04

McAfee

Artemis!D7BE4101EB18

5600.7050

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

PUP.Installer.KOMPANIYAR.c

14.8.3.4

Rising Antivirus

PE:Trojan.Win32.Generic.1710A1FC!386966012

23.00.65.14801

Sophos

Amonetize

4.98

Trend Micro House Call

Suspicious_GEN.F47V0731

7.2.215

VIPRE Antivirus

Amonetize

31860

File size:

344.7 KB (352,992 bytes)

Product version:

1.1.1.72

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\keygen installer__9167_il2625679_2.exe

Digital Signature

Signed by:

KOMPANIYA КRЕАТА LLC

Authority:

Thawte, Inc.

Valid from:

6/16/2014 3:30:00 AM

Valid to:

6/17/2015 3:29:59 AM

Subject:

CN=KOMPANIYA КRЕАТА LLC, O=KOMPANIYA КRЕАТА LLC, L=Kharkiv, S=Kharkiv, C=UA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

04CA5D77531C0E61E4DE2CB0E6E4B5B2

File PE Metadata

Compilation timestamp:

7/30/2014 12:32:26 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:O+Y81RI84Qr+z8sqpe7ixx+6u9BRkz7Pwpesm/BxQKvRyZrvEGgV9mTAy+sKqOxT:O+Y81RX4Qrzsqp9xx+6wRkzMwbv4Zrv+

Entry address:

0x29774

Entry point:

E8, 51, 92, 00, 00, E9, 89, FE, FF, FF, CC, CC, 53, 56, 8B, 44, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 14, 8B, 44, 24, 10, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 0C, F7, F1, 8B, D3, EB, 41, 8B, C8, 8B, 5C, 24, 14, 8B, 54, 24, 10, 8B, 44, 24, 0C, D1, E9, D1, DB, D1, EA, D1, D8, 0B, C9, 75, F4, F7, F3, 8B, F0, F7, 64, 24, 18, 8B, C8, 8B, 44, 24, 14, F7, E6, 03, D1, 72, 0E, 3B, 54, 24, 10, 77, 08, 72, 07, 3B, 44, 24, 0C, 76, 01, 4E, 33, D2, 8B, C6, 5E, 5B, C2, 10, 00, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00... 
[+]

Code size:

241 KB (246,784 bytes)

The file keygen installer__9167_il2625679_2.exe has been seen being distributed by the following 7 URLs.

http://nym1.ib.adnxs.com/click?tpRFq8P42D8xMbeQ_rnUP7gehetRuP4_MTG3kP651D-3lEWrw_jYP372uZ8UXWR_DY8bdDodFnl4HNxTAAAAAHkcLwCTBwAA_AcAAAIAAABWLwUB4n0GAAAAAQBVU0QAVVNEACwB-gC9LQAAkrEAAgUAAQIAAJIAnCnY4wAAAAA./cnd=!3gbOPwjV2JgCENbelAgY4vsZIAA./referrer=http://cdn.sharedaddomain.com/slider_anchored5_300x250_203.htm?cat=21&clientId=8a4b6de2-771a-4509-b2a6-3dbdf27e189e&l=http://herogamesworld.com/pokemon-games/pokemon-tower-defense-2&r=http://herogamesworld.com/pokemon-games&kw=Pokemon Tower Defense 2,Pokemon,Hero,Superhero,Cartoon ,Fun/clickenc=http://.../direct-download.html?version=1.1.1.72&ci=280&capp=FlashPlayer&ti1=nym1CI2e7qCnp4eLeRACGP7s5_3JopeyfyIOOTguMjI3LjE5OC4xMzMoATD4uPCeBQ..&ti2=3087481

http://sin1.g.adnxs.com/click?FTiYe1SIgD8OhiD2qnF7P2iR7Xw_Na4_DoYg9qpxez8VOJh7VIiAP-FA5H-Vw7BbAhrN0OiK5gmW691TAAAAAGscLwCTBwAAdgIAAAIAAAASoNQA4n0GAAAAAQBVU0QAVVNEACwB-gChLQAAMYgAAgUAAQIAAJIAQibHGwAAAAA./cnd=!bgZeOQidhdgBEJLA0gYY4vsZIAI./referrer=http://cdn.sharedaddomain.com/slider_anchored5_300x250_203.htm?cat=21,107&clientId=49a2a401-1d14-4ac2-bc8c-5572a1916939&l=http://game.24h.com.vn/tri-tue/chu-khi-buon-19-c119g2325b32.html&r=http://game.24h.com.vn/&kw=chu khi buon 19, game chu khi buon 19, tro choi chu khi buon 19, game tri tue, game tinh diem, game hay, game.24h.com.vn, game 24h, game/clickenc=http://.../direct-download.html?version=1.1.1.72&ci=5561&capp=FlashPlayer&ti1=sin1CIK0tIaN3aLzCRACGOGBkf_X8rDYWyINMTEzLjIzLjUxLjE0NigBMJbX954F&ti2=3087467&ti3=${APN}

http://nym1.ib.adnxs.com/click?uh2q26G6vT8K16NwPQq3PwrXo3A9Crc_4w-sNVC6wj-Zd6zyNSrIPxj-B1_sI_ceZbEFWEXGTUgjg91TAAAAAHIKJQCZBwAA_AcAAAIAAABYLwUBF9cFAAAAAQBVU0QAVVNEANgCWgASBwAAbKwAAgUAAQIAAI4ALST2_AAAAAA./cnd=!FQZsOgjFsJ8CENjelAgYl64XIAA./referrer=http://www.youtube.com/watch?v=9Q7Vr3yQYWQ/clickenc=http://.../direct-download.html?version=1.1.1.72&ci=280&capp=FlashPlayer&ti1=nym1COXilsDVyPGmSBACGJj8n_jF_cj7HiIKNzYuMTguMC45NigBMKOG9p4F&ti2=2427506

http://ams1.ib.adnxs.com/click?AAAAAAAAAAAAAAAAAAAAAOkmMQisHO4_AAAAAAAAAAAAAAAAAAAAAL7AwoYIWAUFxH-mE5kHKgxC_txTAAAAALb1LwAWCgAA_AcAAAIAAABoWgABe80GAAAAAQBVU0QAVVNEANgCWgBAGAAAdboAAgUAAQIAAJQA8RU1kAAAAAA./cnd=!UQYwOwidjP8BEOi0gQgY-5obIAI./referrer=http://www.youtube.com/watch?v=21wm1_0XGNM/clickenc=http://.../direct-download.html?version=1.1.1.72&ci=280&capp=FlashPlayer&ti1=ams1CMT_mZ2R84GVDBACGL6Bi7aIgdaCBSILNjIuMzQuMTYwLjgoATDC_POeBQ..&ti2=3143094

http://www.generaldownload.com/tdownload.php?s1=6174f063bac1e5d51b53a355dc2d1f89f8a78fdc&t1=1407006778&myref=dm&campid=9167&version=1.1.1.72&instid[appname]=Keygen Installer&instid[appsetupurl]=https://ynnod0524.box.com/shared/static/8mrz5jginy61zsascap6.zip&instid[appimageurl]=https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTxoLer5Ytu9PdnrF1WsTHD2cC_Wa2IxWG84gDglmylAXRXLvQu&prefix=Keygen Installer&instid[thankyoupage]=http://cdn2.business2community.com/wp-content/uploads/2013/.../thank-you-page-295x300.jpg&AMt=1407006579486&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

http://www.more-manger-files.com/allddT.html?myref=dm&campid=9167&version=1.1.5.90&instid[appname]=Keygen Installer&instid[appsetupurl]=http://get.file2desktop.com/DownloadManager/Get?p=7392&d=10083&l=9525&n=1&instid[appimageurl]=https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTxoLer5Ytu9PdnrF1WsTHD2cC_Wa2IxWG84gDglmylAXRXLvQu&prefix=Keygen Installer&instid[thankyoupage]=http://cdn2.business2community.com/wp-content/uploads/2013/.../thank-you-page-295x300.jpg&AMt=1407007742719&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

http://www.more-manger-files.com/allddT.html?myref=dm&campid=9167&version=1.1.5.90&instid[appname]=Keygen Installer&instid[appsetupurl]=https://ynnod0524.box.com/shared/static/8mrz5jginy61zsascap6.zip&instid[appimageurl]=https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTxoLer5Ytu9PdnrF1WsTHD2cC_Wa2IxWG84gDglmylAXRXLvQu&prefix=Keygen Installer&instid[thankyoupage]=http://cdn2.business2community.com/wp-content/uploads/2013/.../thank-you-page-295x300.jpg&AMt=1407006579486&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

Remove keygen installer__9167_il2625679_2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.