» win7activator__10083_il30.exe
Overview
Analysis
File Details
Downloads (7)

win7activator__10083_il30.exe

The application win7activator__10083_il30.exe has been detected as a potentially unwanted program by 17 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.more-files.com and multiple other hosts.

File name:

Version:

1.1.6.20

MD5:

b29353e224022ba152f9a96a445b6587

SHA-1:

c3629a6a8c8550c89cd47f9da0b922cc64079644

SHA-256:

81ab56a5de3675d929821aaa0f262759cdc1a3fcce3f326fd3af253c36b0e8df

Scanner detections:

17 / 68

Status:

Potentially unwanted

Analysis date:

6/26/2025 6:39:14 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.Amonetize.11

871

AhnLab V3 Security

PUP/Win32.Amonetize

2014.09.15

Avira AntiVirus

ADWARE/Adware.Gen2

7.11.172.2

avast!

Win32:Amonetize-DQ [PUP]

2014.9-140916

Baidu Antivirus

Adware.Win32.Amonetize

4.0.3.14916

Bitdefender

Gen:Variant.Application.Bundler.Amonetize.11

1.0.20.1295

F-Secure

Gen:Variant.Application.Bundler

11.2014-16-09_3

G Data

Gen:Variant.Application.Bundler.Amonetize.11

14.9.24

Kaspersky

not-a-virus:AdWare.Win32.Amonetize

14.0.0.3241

Malwarebytes

PUP.Optional.Amonetize

v2014.09.16.07

MicroWorld eScan

Gen:Variant.Application.Bundler.Amonetize.11

15.0.0.777

NANO AntiVirus

Riskware.Win32.Amonetize.devzun

0.28.2.61942

Panda Antivirus

Trj/Chgt.F

14.09.16.07

Qihoo 360 Security

Win32/Application.639

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.9.16.19

Sophos

Generic PUA MD

4.98

Trend Micro House Call

TROJ_GEN.R02SH07IE14

7.2.259

File size:

343.5 KB (351,744 bytes)

Product version:

1.1.6.20

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\win7activator__10083_il30.exe

File PE Metadata

Compilation timestamp:

9/10/2014 6:03:49 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:BZdqDqITQjEBPj05T1otkohdYzPMdF+O/coiAsfvsnCFBg:zdqsjIPj05hovhKzPiF+MVpA

Entry address:

0x15764

Entry point:

E8, 6A, AB, 00, 00, E9, 89, FE, FF, FF, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 04, 16, 45, 00, 00, 74, 05, E9, D2, AB, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6, 8B, 44, 24, 08, 5F... 
[+]

Entropy:

6.4919

Code size:

233 KB (238,592 bytes)

The file win7activator__10083_il30.exe has been seen being distributed by the following 7 URLs.

http://www.more-files.com/alldd.html?myref=www.newhdplugin.org&version=1.1.6.20&prefix=FlashPlayerSetup&campid=4369&instid[appname]=FlashPlayer&instid[appsetupurl]=https://launchpad.net/lightspark/trunk/lightspark-0.5.3/ download/Lightspark-0.5.3-win32.exe&instid[appimageurl]=http://www.tsxnrey.com/i/White Smoke Inc/.../150x150_v1Logo.jpg&prefix=FlashPlayer&ti1=Mjg1MHwzMDE3fEdSfDN8MXx8|353f86c25b87bbe4c6601011c15e0056|ce5327a0-3541-11e4-9d01-0025b320a860&capp=FlashPlayer&AMt=1410369901192&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

http://www.leadingdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=OTE5fDE3MzR8TFR8M3wxfHw|f1083ef8b33baf993d96198897c89bb7|ad6055e0-3203-11e4-9b4b-002590f00f96

http://www.more-files.com/alldd.html?myref=www.newhdplugin.org&version=1.1.6.20&prefix=FlashPlayerSetup&campid=4369&instid[appname]=FlashPlayer&instid[appsetupurl]=https://launchpad.net/lightspark/trunk/lightspark-0.5.3/ download/Lightspark-0.5.3-win32.exe&instid[appimageurl]=http://www.tsxnrey.com/i/White Smoke Inc/.../150x150_v1Logo.jpg&prefix=FlashPlayer&ti1=Mjg1MHwzMDE3fFBMfDN8MXx8|353f86c25b87bbe4c6601011c15e0056|eb345ef0-3912-11e4-80fb-0025b320a860&capp=FlashPlayer&AMt=1410458000270&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

http://www.leadingdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=NzI0fDMwNDR8VE58M3wxfHw|65b474ca1849c607456c55c89fa520c1|e4a9ba60-3464-11e4-8ce6-002590f00f96

http://www.more-files.com/alldd.html?myref=www.newhdplugin.org&version=1.1.6.20&prefix=FlashPlayerSetup&campid=4369&instid[appname]=FlashPlayer&instid[appsetupurl]=https://launchpad.net/lightspark/trunk/lightspark-0.5.3/ download/Lightspark-0.5.3-win32.exe&instid[appimageurl]=http://www.tsxnrey.com/i/White Smoke Inc/.../150x150_v1Logo.jpg&prefix=FlashPlayer&ti1=MTgzN3w1MDY1fFROfDN8MXx8|0508bd5422e63360d703a307569c5540|8ff36660-3914-11e4-80fb-0025b320a860&capp=FlashPlayer&AMt=1410375311942&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

http://www.more-files.com/alldd.html?myref=www.newhdplugin.org&version=1.1.6.20&prefix=FlashPlayerSetup&campid=4369&instid[appname]=FlashPlayer&instid[appsetupurl]=https://launchpad.net/lightspark/trunk/lightspark-0.5.3/ download/Lightspark-0.5.3-win32.exe&instid[appimageurl]=http://www.tsxnrey.com/i/White Smoke Inc/.../150x150_v1Logo.jpg&prefix=FlashPlayer&ti1=MjU4Nnw1MDY1fFROfDN8MXx8|0508bd5422e63360d703a307569c5540|0f6af170-3919-11e4-80fb-0025b320a860&capp=FlashPlayer&AMt=1410374063659&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

http://www.factualdownload.com/tdownload.php?s1=5c7f757dfdbaafb2caac5688a7d09c791faa4078&t1=1410368082&myref=www.downloadthesefiles.com&version=1.1.6.20&prefix=win7activator&campid=10083&instid[appname]=win7activator&instid[thankyoupage]=&instid[appsetupurl]=&instid[interrupted]=&instid[appimageurl]=http://s3.amazonaws.com/.../downloadall.png&AMt=1410367893151&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

Remove win7activator__10083_il30.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.