00000001

Shetef Solutions & Consulting (1998) Ltd.

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file 00000001 by Shetef Solutions & Consulting (1998) has been detected as adware by 22 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:

Version:
1.1.5.26

MD5:
0add156780e7d7ac33896a30587dca8d

SHA-1:
338a519360ee67ac914869a213dfdd6623ccc0df

SHA-256:
528c471803c0b715a08453aaaa3c0cf7745f79e21b829202629e9b8479687e91

Scanner detections:
22 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/23/2024 10:50:04 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Amonetize.21
693

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2015.03.09

Avira AntiVirus
ADWARE/Adware.Gen4
7.11.214.232

AVG
Generic
2016.0.3171

Bitdefender
Gen:Variant.Application.Bundler.Amonetize.21
1.0.20.360

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Downware.8996
9.0.1.072

ESET NOD32
Win32/Amonetize.BY potentially unwanted (variant)
9.11288

Fortinet FortiGate
Riskware/Amonetize
3/13/2015

F-Secure
Gen:Variant.Application.Bundler
11.2015-13-03_6

G Data
Gen:Variant.Application.Bundler.Amonetize.21
15.3.25

K7 AntiVirus
Unwanted-Program
13.200.15196

Malwarebytes
PUP.Optional.Amonetize
v2015.03.13.06

McAfee
Artemis!0ADD156780E7
5600.6827

MicroWorld eScan
Gen:Variant.Application.Bundler.Amonetize.21
16.0.0.216

NANO AntiVirus
Riskware.Win32.Downware.difhzb
0.30.0.296

Reason Heuristics
PUP.Installer.ShetefSolutionsConsulting1998
15.3.13.18

Sophos
Generic PUA DD
4.98

Vba32 AntiVirus
AdWare.Amonetize
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
38242

Zillya! Antivirus
Adware.Amonetize.Win32.1605
2.0.0.2091

File size:
486.1 KB (497,744 bytes)

Product version:
1.1.5.26

Original file name:
setup.exe

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\google\chrome\user data\default\file system\012\t\00\00000001

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
10/13/2014 2:02:37 AM

Valid to:
10/13/2015 2:02:37 AM

Subject:
CN=Shetef Solutions & Consulting (1998) Ltd., O=Shetef Solutions & Consulting (1998) Ltd., L=Rannana, S=Israel, C=IL

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B1B72BCEFC0E8

File PE Metadata
Compilation timestamp:
10/29/2014 3:41:41 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:eLFU2oitpf5hCPFZYdfUU7dHvmMpAKs5Fm:e2ztZYRUOP7peFm

Entry address:
0x13CF6

Entry point:
E8, A8, 75, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, BC, A1, 3B, 00, 00, 75, 18, E8, 5E, 4E, 00, 00, 6A, 1E, E8, A8, 4C, 00, 00, 68, FF, 00, 00, 00, E8, 60, F5, FF, FF, 59, 59, 8B, 45, 08, 85, C0, 75, 01, 40, 50, 6A, 00, FF, 35, BC, A1, 3B, 00, FF, 15, F8, 10, 3B, 00, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, BC, A1, 3B, 00, 00, 75, 18, E8, 14, 4E, 00, 00, 6A, 1E, E8, 5E, 4C, 00, 00, 68, FF, 00, 00, 00, E8, 16, F5, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3...
 
[+]

Entropy:
7.3796

Code size:
191 KB (195,584 bytes)

The file 00000001 has been seen being distributed by the following 4 URLs.

http://www.many-download.com/download.php?version=1.1.5.26&campid=3687&instid[appname]=Wifi Mot De Passe Pirater 2014 Downloader&instid[appsetupurl]=http://fastmediadownloads.com/download/Prompt-Downloader-1599372988.exe&instid[cmdline]=&instid[appimageurl]=http://.../logo.png&prefix=Wifi Mot De Passe Pirater 2014 Downloader&instid[interrupted]=http://.../?cancel&ti1=1599372988&instid[thankyoupage]=http://.../?success

http://www.fetch-files.com/.../Jurassic Park Rampage Edition__3435_il82227.exe

Remove 00000001 - Powered by Reason Core Security