» 645507df32_10924_i25497916_il345.exe.zip
Overview
Analysis
File Details
Downloads (2)

645507df32_10924_i25497916_il345.exe.zip

The file 645507df32_10924_i25497916_il345.exe.zip has been detected as a potentially unwanted program by 21 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from tesla.plunder.com and multiple other hosts.

File name:

MD5:

cd329453819ece31a28685beb1d75066

SHA-1:

660fb8a6ba205139b1223e790e3b21538828ec7f

SHA-256:

4fbb55e9003365664dacf4fa68118fb7884a0bf75d910f6c76ac7944c4c8eb4b

Scanner detections:

21 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 2:28:37 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Kazy.597341

5701870

Avira AntiVirus

ADWARE/Amonetize.Gen7

8.3.1.6

Arcabit

Trojan.Adware.Kazy.D91D5D

1.0.0.425

avast!

Win32:Amonetize-JO [PUP]

2014.9-150630

AVG

Generic

2016.0.3063

Bitdefender

Gen:Variant.Adware.Kazy.597341

1.0.20.905

Comodo Security

Application.Win32.LoadMoney.IARS

22627

Dr.Web

infected with Trojan.Amonetize

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Kazy.597341

10.0.0.5366

ESET NOD32

Win32/Amonetize.DW potentially unwanted application

7.0.302.0

F-Prot

W32/S-53544127

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Kazy

11.2015-30-06_3

G Data

Gen:Variant.Adware.Kazy.597341

15.6.25

Kaspersky

not-a-virus:Downloader.Win32.Agent

15.0.0.543

Malwarebytes

PUP.Optional.Amonetize

v2015.06.30.10

MicroWorld eScan

Gen:Variant.Adware.Kazy.597341

16.0.0.543

Norman

Gen:Variant.Adware.Kazy.597341

02.06.2015 14:23:46

Panda Antivirus

Trj/Genetic.gen

15.06.30.10

Quick Heal

PUA.Bershnetll.Gen

6.15.14.00

Sophos

PUA 'Amonetize'

5.15

VIPRE Antivirus

Amonetize

41582

File size:

1.4 MB (1,513,836 bytes)

Common path:

C:\users\{user}\downloads\645507df32_10924_i25497916_il345.exe.zip

The file 645507df32_10924_i25497916_il345.exe.zip has been seen being distributed by the following 2 URLs.

http://tesla.plunder.com/x/$aQ-sb1-GWMWpMYDyEtQNA_pAhcbhq7ma/.../645507df32_10924_i25497916_il345.exe.zip

http://downprov.brown1switch.com/direct?version=1.1.8.22&campid=10924&instid[appname]=645507df32_Downloader&instid[appsetupurl]=http://go.downloadboutique.com/getfast/download.cgi?9&ti1=3515000&ti2=1&ti3=2015-06-30T09:39:53.786101 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.downloadboutique.com/d1/logo150x150.png&prefix=645507df32&instid[thankyoupage]=http://download.downloadboutique.com/.../thank_you.php?ti1=3515000&ti2=1&ti3=2015-06-30T09:39:53.786101 00:00&parameter=645507df32&instid[interrupted]=http://download.downloadboutique.com/.../interrupted.php?ti1=3515000&ti2=1&ti3=2015-06-30T09:39:53.786101 00:00&parameter=645507df32&ti1=3515000&ti2=1&ti3=2015-06-30T09:39:53.786101 00:00&_dest=files.red-4-small-button.com

Remove 645507df32_10924_i25497916_il345.exe.zip - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.