20141105165185.exe

The application 20141105165185.exe has been detected as a potentially unwanted program by 18 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from www.ntdlzone.com.
MD5:
1a9c757e2112eff0a32cd22d45f77835

SHA-1:
af3d4e746f5324768613f0cde8160316f4a800f2

SHA-256:
022e5999a780a5cdb4b6809158d148b17664cd1d0064e53706eaf7ca4014148f

Scanner detections:
18 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
12/23/2024 6:30:36 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.186.164

avast!
Win32:Adware-gen [Adw]
2014.9-160612

Baidu Antivirus
Adware.NSIS.Adwapper
4.0.3.16612

Dr.Web
Adware.Downware.918
9.0.1.0164

ESET NOD32
Win32/InstallMonetizer.BC
10.10735

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper
14.0.0.70

Malwarebytes
PUP.Optional.InstallMonetizer
v2016.06.12.12

McAfee
Artemis!1A9C757E2112
5600.6371

NANO AntiVirus
Riskware.Win32.MLW.ddylkr
0.28.6.63362

Panda Antivirus
Trj/CI.A
16.06.12.12

Quick Heal
AdWare.NSIS.r5 (Not a Virus)
6.16.14.00

Reason Heuristics
PUP.InstallMonetizer.ET (M)
16.6.12.0

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.16610

Sophos
AppMonetizer Installer
4.98

Trend Micro House Call
TROJ_GEN.R047C0EKB14
7.2.164

Trend Micro
TROJ_GEN.R047C0EKB14
10.465.12

VIPRE Antivirus
Adware.Monetizer
34864

File size:
396.5 KB (405,993 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\20141105165185.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:6FJ0Gbig4VpeFD7pJ59ExJuAZXwVCTtZ5t5q2pd5A8WwBWbpego364a9Zi+DGp8e:cer27pB6XwVC/5bJd5A8Yelari+DGpV

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file 20141105165185.exe has been seen being distributed by the following URL.

Remove 20141105165185.exe - Powered by Reason Core Security