» 00000000
Overview
Analysis
File Details
Downloads (2)

00000000

AMGRUP LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file 00000000 by AMGRUP has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

00000000

Publisher:

AMGRUP LLC (signed and verified)

Version:

1.1.6.20

MD5:

97dab16580af055b6acdf430090604f1

SHA-1:

a973ec347bb58391e5c88f33fcb74796175b6485

SHA-256:

c0712e78562f25f9fd64a6b80bb01fac97d72e7b6638ad74d1d032af0efc531c

Scanner detections:

11 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/27/2024 2:53:13 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Amonetize

7.1.1

AhnLab V3 Security

PUP/Win32.Amonetiz

2014.12.28

Avira AntiVirus

Adware/Amonetize.574656

7.11.198.70

AVG

Generic

2016.0.3238

Dr.Web

Trojan.Amonetize.341

9.0.1.05

ESET NOD32

Win32/Amonetize.CK (variant)

9.10935

Fortinet FortiGate

Riskware/Amonetize

1/5/2015

McAfee

Artemis!97DAB16580AF

5600.6894

Reason Heuristics

PUP.Installer.AMGRUP.I

15.1.5.20

Trend Micro House Call

Suspicious_GEN.F47V1226

7.2.5

VIPRE Antivirus

Trojan.Win32.Generic

36150

File size:

561.2 KB (574,656 bytes)

Product version:

1.1.6.20

Original file name:

setup.exe

Bundler/Installer:

Amonetize Downloader

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\google\chrome\user data\default\file system\001\t\00\00000000

Digital Signature

Signed by:

AMGRUP LLC

Authority:

Thawte, Inc.

Valid from:

12/2/2014 12:00:00 AM

Valid to:

12/2/2015 11:59:59 PM

Subject:

CN=AMGRUP LLC, O=AMGRUP LLC, L=Kiev, S=Kiev, C=UA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7BEE5C2171C644AF5B917C9D0C4DC006

File PE Metadata

Compilation timestamp:

12/19/2014 10:07:19 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:byxggGN4tKeLhM4gO9+vUvzan3ZyhuQWM11JXFgg:exg14YU9+cWnJy3JLXFgg

Entry address:

0xAF83

Entry point:

E8, 21, 3E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, C4, 5B, 39, 00, FF, 15, A4, E0, 38, 00, 85, C0, 75, 18, 56, E8, 57, 2D, 00, 00, 8B, F0, FF, 15, 84, E0, 38, 00, 50, E8, 07, 2D, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, C1, ED, FF, FF, C7, 06, C0, EB, 38, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, C0, EB, 38, 00, E9, 05, EE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, C0, EB, 38, 00, E8, F2, ED, FF, FF... 
[+]

Entropy:

7.6527

Code size:

115.5 KB (118,272 bytes)

The file 00000000 has been seen being distributed by the following 2 URLs.

http://www.earthquake-file.com/.../Download Hotspot Shield 3.37 Elite Full Version with Crack__2773_il147849.exe

http://www.earthquake-file.com/.../Download Film Doraemon Stand By Me (2014) 3D Bluray Subtitle Indonesia__6166_il16.exe

Remove 00000000 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.