00000000

Prodlogistyka LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file 00000000 by Prodlogistyka has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Prodlogistyka LLC  (signed and verified)

Version:
1.1.6.20

MD5:
2f07a4b0558bd1bd4ab19474ed02dd3d

SHA-1:
8872c0087c07e084066fb20d0e4d59da011a63e1

SHA-256:
32f32a54ca5902a5b245bee7b3e61815f3c1dd7f9b53f2cf855335ad2e78ce6d

Scanner detections:
11 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 5:41:21 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Amonetiz
2015.01.02

Avira AntiVirus
Adware/Amonetize.576200.5
7.11.198.252

Dr.Web
Trojan.Amonetize.341
9.0.1.08

Fortinet FortiGate
Adware/Amonetize
1/8/2015

K7 AntiVirus
Unwanted-Program
13.188.14496

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.2673

NANO AntiVirus
Riskware.Win32.Amonetize.dlgsuu
0.30.0.64448

Panda Antivirus
Generic Suspicious
15.01.08.10

Reason Heuristics
PUP.Installer.Prodlogistyka.I
15.1.8.10

Sophos
Generic PUA II
4.98

Trend Micro House Call
TROJ_GEN.R047H07LT14
7.2.8

File size:
562.7 KB (576,200 bytes)

Product version:
1.1.6.20

Original file name:
setup.exe

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\baidu\spark\profile\file system\000\t\00\00000000

Digital Signature
Authority:
thawte, Inc.

Valid from:
12/16/2014 7:00:00 AM

Valid to:
12/17/2015 6:59:59 AM

Subject:
CN=Prodlogistyka LLC, O=Prodlogistyka LLC, L=Kharkiv, S=Alabama, C=UA

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6EA4BF001566F2722AC7CE8C3A4F62AE

File PE Metadata
Compilation timestamp:
12/27/2014 1:07:40 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:J/XnAkWSH9a5td4pyxDwi2cnMxi2VFdwwr+F7T+r:J/wkWO66A1nyBHEFur

Entry address:
0xB0FA

Entry point:
E8, 1A, 3E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, C4, 5B, 39, 00, FF, 15, A4, E0, 38, 00, 85, C0, 75, 18, 56, E8, 50, 2D, 00, 00, 8B, F0, FF, 15, 84, E0, 38, 00, 50, E8, 00, 2D, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 9A, ED, FF, FF, C7, 06, C0, EB, 38, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, C0, EB, 38, 00, E9, DE, ED, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, C0, EB, 38, 00, E8, CB, ED, FF, FF...
 
[+]

Entropy:
7.6650

Code size:
115.5 KB (118,272 bytes)

Remove 00000000 - Powered by Reason Core Security