1clickzipsetup__10254_i1360808441_il13587.exe

The executable 1clickzipsetup__10254_i1360808441_il13587.exe has been detected as malware by 41 anti-virus scanners. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.your-tsunami-file.net.
Version:
1.1.5.89

MD5:
84ec3039ff93a3c4ad7f3b73b74b910e

SHA-1:
9dd54ea911ff420f8dc3e297a0468cd0a5093661

SHA-256:
6208122f41c51921b8852684aa2c17f84590a8b431d13fae357798ce0cb8ac69

Scanner detections:
41 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/30/2024 8:53:03 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Amonetize.15
5850519

Agnitum Outpost
Win32.Nimnul.Gen.2
7.1.1

AhnLab V3 Security
Win32/Ramnit.N
2014.10.27

Avira AntiVirus
W32/Ramnit.C
7.11.30.172

avast!
Win32:Amonetize-FE [PUP]
141119-1

AVG
Adware Generic_r.TX
2014.0.4189

Baidu Antivirus
Virus.Win32.Nimnul.$a
4.0.3.141127

Bitdefender
Win32.Ramnit.N
1.0.20.1655

Bkav FE
W32.FamVT.Nimnul.PE
1.3.0.6185

Clam AntiVirus
W32.Ramnit-1
0.98/21411

Comodo Security
Virus.Win32.Ramnit.K
19916

Dr.Web
Adware.Downware.8706
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.Amonetize.15
9.0.0.4570

ESET NOD32
Win32/Amonetize.BS potentially unwanted application
7.0.302.0

Fortinet FortiGate
W32/Ramnit.C
11/27/2014

F-Prot
W32/Ramnit.E
v6.4.6.5.141

F-Secure
Win32.Ramnit.N
11.2014-27-11_5

G Data
Win32.Ramnit
14.11.24

IKARUS anti.virus
Virus.Win32.Nimnul
t3scan.1.7.8.0

K7 AntiVirus
Virus
13.185.13805

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
15.0.0.463

Malwarebytes
Virus.Ramnit
v2014.11.27.11

McAfee
W32/Ramnit.a
5600.6933

Microsoft Security Essentials
Threat.Undefined
1.187.567.0

MicroWorld eScan
Win32.Ramnit.N
15.0.0.993

NANO AntiVirus
Virus.Win32.Nimnul.bmnup
0.28.2.62841

Norman
Virut.HL
11.20141127

nProtect
Virus/W32.SpyEye
14.10.27.01

Panda Antivirus
Trj/Genetic.gen
14.11.27.11

Qihoo 360 Security
Virus.Win32.Ramnit.A
1.0.0.1015

Quick Heal
W32.Ramnit.BA
11.14.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
14.11.27.23

Rising Antivirus
PE:Win32.Mgr.b!1594784
23.00.65.141125

Sophos
W32/Ramnit-A
4.98

Total Defense
Win32/Ramnit.C
37.0.11252

Trend Micro House Call
PE_RAMNIT.DEN
7.2.331

Trend Micro
PE_RAMNIT.DEN
10.465.27

Vba32 AntiVirus
Virus.Win32.Nimnul.b
3.12.26.3

VIPRE Antivirus
Threat.4732184
34232

ViRobot
Win32.Nimnul.A
2011.4.7.4223

Zillya! Antivirus
Virus.Nimnul.Win32.2
2.0.0.1967

File size:
384 KB (393,216 bytes)

Product version:
1.1.5.89

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\1clickzipsetup__10254_i1360808441_il13587.exe

File PE Metadata
Compilation timestamp:
10/3/2014 11:04:44 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:fxRRj07Lt+V4P3rBCArZBLy4TmG2bdOD7Pomf2hPGjdSBb5HN6lVxMmstetJ9DWj:fkLtLfUuZBLy4Tm/dOnojXbHNEE1wtnl

Entry address:
0x15E50

Entry point:
E8, 43, 6A, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, 44, 6E, 3C, 00, 00, 75, 18, E8, C2, 60, 00, 00, 6A, 1E, E8, 0C, 5F, 00, 00, 68, FF, 00, 00, 00, E8, B6, F4, FF, FF, 59, 59, 8B, 45, 08, 85, C0, 75, 01, 40, 50, 6A, 00, FF, 35, 44, 6E, 3C, 00, FF, 15, 58, E1, 3B, 00, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 44, 6E, 3C, 00, 00, 75, 18, E8, 78, 60, 00, 00, 6A, 1E, E8, C2, 5E, 00, 00, 68, FF, 00, 00, 00, E8, 6C, F4, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3...
 
[+]

Entropy:
7.2876

Code size:
178.5 KB (182,784 bytes)

The file 1clickzipsetup__10254_i1360808441_il13587.exe has been seen being distributed by the following URL.