» 00000001
Overview
Analysis
File Details
Downloads (4)

00000001

Shetef Solutions & Consulting (1998) Ltd.

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file 00000001 by Shetef Solutions & Consulting (1998) has been detected as adware by 22 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

00000001

Publisher:

Shetef Solutions & Consulting (1998) Ltd. (signed and verified)

Version:

1.1.5.26

MD5:

0add156780e7d7ac33896a30587dca8d

SHA-1:

338a519360ee67ac914869a213dfdd6623ccc0df

SHA-256:

528c471803c0b715a08453aaaa3c0cf7745f79e21b829202629e9b8479687e91

Scanner detections:

22 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/23/2024 6:13:35 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.Amonetize.21

693

Agnitum Outpost

PUA.Amonetize

7.1.1

AhnLab V3 Security

PUP/Win32.Amonetiz

2015.03.09

Avira AntiVirus

ADWARE/Adware.Gen4

7.11.214.232

AVG

Generic

2016.0.3171

Bitdefender

Gen:Variant.Application.Bundler.Amonetize.21

1.0.20.360

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Adware.Downware.8996

9.0.1.072

ESET NOD32

Win32/Amonetize.BY potentially unwanted (variant)

9.11288

Fortinet FortiGate

Riskware/Amonetize

3/13/2015

F-Secure

Gen:Variant.Application.Bundler

11.2015-13-03_6

G Data

Gen:Variant.Application.Bundler.Amonetize.21

15.3.25

K7 AntiVirus

Unwanted-Program

13.200.15196

Malwarebytes

PUP.Optional.Amonetize

v2015.03.13.06

McAfee

Artemis!0ADD156780E7

5600.6827

MicroWorld eScan

Gen:Variant.Application.Bundler.Amonetize.21

16.0.0.216

NANO AntiVirus

Riskware.Win32.Downware.difhzb

0.30.0.296

Reason Heuristics

PUP.Installer.ShetefSolutionsConsulting1998

15.3.13.18

Sophos

Generic PUA DD

4.98

Vba32 AntiVirus

AdWare.Amonetize

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

38242

Zillya! Antivirus

Adware.Amonetize.Win32.1605

2.0.0.2091

File size:

486.1 KB (497,744 bytes)

Product version:

1.1.5.26

Original file name:

setup.exe

Bundler/Installer:

Amonetize Downloader

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\google\chrome\user data\default\file system\012\t\00\00000001

Digital Signature

Signed by:

Shetef Solutions & Consulting (1998) Ltd.

Authority:

GoDaddy.com, Inc.

Valid from:

10/13/2014 2:02:37 AM

Valid to:

10/13/2015 2:02:37 AM

Subject:

CN=Shetef Solutions & Consulting (1998) Ltd., O=Shetef Solutions & Consulting (1998) Ltd., L=Rannana, S=Israel, C=IL

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

4B1B72BCEFC0E8

File PE Metadata

Compilation timestamp:

10/29/2014 3:41:41 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:eLFU2oitpf5hCPFZYdfUU7dHvmMpAKs5Fm:e2ztZYRUOP7peFm

Entry address:

0x13CF6

Entry point:

E8, A8, 75, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, BC, A1, 3B, 00, 00, 75, 18, E8, 5E, 4E, 00, 00, 6A, 1E, E8, A8, 4C, 00, 00, 68, FF, 00, 00, 00, E8, 60, F5, FF, FF, 59, 59, 8B, 45, 08, 85, C0, 75, 01, 40, 50, 6A, 00, FF, 35, BC, A1, 3B, 00, FF, 15, F8, 10, 3B, 00, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, BC, A1, 3B, 00, 00, 75, 18, E8, 14, 4E, 00, 00, 6A, 1E, E8, 5E, 4C, 00, 00, 68, FF, 00, 00, 00, E8, 16, F5, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3... 
[+]

Entropy:

7.3796

Code size:

191 KB (195,584 bytes)

The file 00000001 has been seen being distributed by the following 4 URLs.

http://www.many-download.com/download.php?version=1.1.5.26&campid=3687&instid[appname]=Wifi Mot De Passe Pirater 2014 Downloader&instid[appsetupurl]=http://fastmediadownloads.com/download/Prompt-Downloader-1599372988.exe&instid[cmdline]=&instid[appimageurl]=http://.../logo.png&prefix=Wifi Mot De Passe Pirater 2014 Downloader&instid[interrupted]=http://.../?cancel&ti1=1599372988&instid[thankyoupage]=http://.../?success

http://www.fetch-files.com/.../Jurassic Park Rampage Edition__3435_il82227.exe

http://www.fetch-files.com/.../File.Downloader__9581_il141.exe

http://www.fetch-files.com/.../SSD__3472_i1395102578_il42.exe

Remove 00000001 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.