5zfpwu_f.exe

TEHSNABSTROY LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file 5zfpwu_f.exe by TEHSNABSTROY has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
TechSnabStroy  (signed by TEHSNABSTROY LLC)

Description:
installer.exe

Version:
2.2.1.0

MD5:
b47d8ba337e83627c458dedb8369a4b7

SHA-1:
f5b5fe27c5a19200e113099951ed2cd5bdbe403a

SHA-256:
efc1066e2485f03f6b24ef9cc91f0f35216ded1c066b6013633e523648b4d9f2

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/24/2024 2:24:53 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonetize (M)
17.3.3.5

File size:
2.1 MB (2,183,168 bytes)

Product version:
1.0.0.0

Copyright:
All rights reserved. Copyright 2013-2014

Bundler/Installer:
Amonetize Downloader

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\5zfpwu_f.exe.part

Digital Signature
Authority:
COMODO CA Limited

Valid from:
6/18/2014 9:00:00 PM

Valid to:
6/19/2015 8:59:59 PM

Subject:
CN=TEHSNABSTROY LLC, O=TEHSNABSTROY LLC, STREET="UL. NIKOLYAMSKAYA, 9", L=G. MOSKVA, S=G. MOSKVA, PostalCode=109240, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F4B1A67457808CFF0300CD93C4050F05

File PE Metadata
Compilation timestamp:
8/28/2014 8:04:23 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x19ED6

Entry point:
55, 8B, EC, 6A, FF, 68, 50, D2, 41, 00, 68, C0, A0, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 08, B1, 41, 00, 59, 83, 0D, F0, DA, 60, 00, FF, 83, 0D, F4, DA, 60, 00, FF, FF, 15, 04, B1, 41, 00, 8B, 0D, EC, DA, 60, 00, 89, 08, FF, 15, D4, B0, 41, 00, 8B, 0D, E8, DA, 60, 00, 89, 08, A1, FC, B0, 41, 00, 8B, 00, A3, F8, DA, 60, 00, E8, 28, 01, 00, 00, 39, 1D, DC, DA, 60, 00, 75, 0C, 68, 6A, A0, 41, 00, FF, 15, F8, B0...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
104 KB (106,496 bytes)

Remove 5zfpwu_f.exe - Powered by Reason Core Security