» 00000000
Overview
Analysis
File Details
Downloads (1)

00000000

EVROPLAST LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file 00000000 by EVROPLAST has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

00000000

Publisher:

EVROPLAST LLC (signed and verified)

Version:

1.1.6.20

MD5:

6d74ee3210a89328aa454a10481d0a49

SHA-1:

8e337c3e0b604fea71db68a0344035c8f58b73af

SHA-256:

e67ba1d9127cf6705a4fcffb3b70e1f77c98c7661f7da2060384a26d5d055779

Scanner detections:

14 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/27/2024 2:53:42 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.Amonetiz

2015.01.03

Avira AntiVirus

Adware/Amonetize.576704.7

7.11.199.42

avast!

Win32:Adware-gen [Adw]

2014.9-150103

AVG

Generic

2016.0.3240

Dr.Web

Trojan.Amonetize.341

9.0.1.03

ESET NOD32

Win32/Amonetize.CK (variant)

9.10959

Fortinet FortiGate

Riskware/Amonetize

1/3/2015

K7 AntiVirus

Trojan

13.1814525

McAfee

Artemis!6D74EE3210A8

5600.6896

NANO AntiVirus

Riskware.Win32.Amonetize.dlgsuu

0.30.0.64448

Panda Antivirus

Generic Suspicious

15.01.03.06

Reason Heuristics

PUP.Installer.EVROPLAST.I

15.1.4.13

Sophos

Amonetize

4.98

Trend Micro House Call

Suspicious_GEN.F47V1230

7.2.3

File size:

563.2 KB (576,704 bytes)

Product version:

1.1.6.20

Original file name:

setup.exe

Bundler/Installer:

Amonetize Downloader

Common path:

C:\users\{user}\appdata\roaming\baidu\sparksafe\profile\file system\007\t\00\00000000

Digital Signature

Signed by:

EVROPLAST LLC

Authority:

thawte, Inc.

Valid from:

12/22/2014 2:00:00 AM

Valid to:

12/23/2015 1:59:59 AM

Subject:

CN=EVROPLAST LLC, O=EVROPLAST LLC, L=Donetsk, S=Alberta, C=UA

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

3A189EC1963AB0505C115175C20CD893

File PE Metadata

Compilation timestamp:

12/26/2014 8:07:40 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:L/XnAkWUDdK+Q98qcYLHyn6qdvXXcBBiacM+xDGOBA4F2T+c:L/wkWUhK+Q9oYLHyn6UXXk+DGkF1c

Entry address:

0xB0FA

Entry point:

E8, 1A, 3E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, C4, 5B, 39, 00, FF, 15, A4, E0, 38, 00, 85, C0, 75, 18, 56, E8, 50, 2D, 00, 00, 8B, F0, FF, 15, 84, E0, 38, 00, 50, E8, 00, 2D, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 9A, ED, FF, FF, C7, 06, C0, EB, 38, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, C0, EB, 38, 00, E9, DE, ED, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, C0, EB, 38, 00, E8, CB, ED, FF, FF... 
[+]

Entropy:

7.6642

Code size:

115.5 KB (118,272 bytes)

The file 00000000 has been seen being distributed by the following URL.

http://www.earthquake-file.com/.../[FREE PDF] USMLE Step 1 Made Ridiculously Simple (6th Ed.) . FREE PDF DOWNLOAD__9016_il487819.exe

Remove 00000000 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.