adjustment program reset impressora epson wf 7011 luzes piscando.rar__3062_il139.exe

Installer

Amonetize ltd.

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application adjustment program reset impressora epson wf 7011 luzes piscando.rar__3062_il139.exe by Amonetize ltd has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Amonetize ltd.  (signed and verified)

Product:
Installer

Version:
1.1.5.26

MD5:
26a54404bf90079632dd42d39061dada

SHA-1:
0f309f2663c1ffddf262e04b8254bc071ac17161

SHA-256:
cee2a228807211926ebd551b15bf963f2f0b80a3e97b48b17a53a419045d6eef

Scanner detections:
19 / 68

Status:
Adware

Explanation:
This setup file is a re-distribution of the original program that bundles various adware offers during installation including toolbars and browser search extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/24/2024 2:19:27 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.03.07

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.135.72

avast!
Win32:Adware-BJY [PUP]
2014.9-140421

AVG
Generic5
2015.0.3498

Comodo Security
ApplicUnwnt
17897

Dr.Web
Adware.Downware.1655
9.0.1.0111

ESET NOD32
Win32/Amonetize.AG (variant)
8.9511

Fortinet FortiGate
Riskware/Amonetize
4/21/2014

G Data
Win32.Application.Amonetize
14.4.24

K7 AntiVirus
Unwanted-Program
13.176.11367

Kaspersky
not-a-virus:HEUR:Adware.Win32.Amonetize
14.0.0.3984

Malwarebytes
PUP.Optional.Amonetize
v2014.04.21.04

McAfee
Adware-Amonetize!26A54404BF90
5600.7154

Reason Heuristics
PUP.Installer.Amonetizeltd.
14.8.7.20

Sophos
Amonetize
4.98

Trend Micro House Call
TROJ_GEN.F47V0225
7.2.111

VIPRE Antivirus
Amonetize
27158

XVirus List
Win32.Detected
2.8.7

File size:
328 KB (335,912 bytes)

Product version:
2.1.12

Copyright:
Copyright(c), All Rights Reserved.

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\adjustment program reset impressora epson wf 7011 luzes piscando.rar__3062_il139.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
3/19/2013 7:00:00 AM

Valid to:
6/19/2015 6:59:59 AM

Subject:
CN=Amonetize ltd., O=Amonetize ltd., L=Raanana, S=Alberta, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
235E7B2F1D4E0152189F6381E2BA8C97

File PE Metadata
Compilation timestamp:
2/25/2014 5:40:50 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:UAYw2Kg5M8x4zagI0DEV1pBjNIQyy5e5gpUfKTnUZLH3jWaY4eXtihXXVppQ0:UAh2Kg5bx4zc0DEVtjNZxTOLXjWaBeXg

Entry address:
0x26E54

Entry point:
E8, BC, 95, 00, 00, E9, 89, FE, FF, FF, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00, 00, 00, 8B, D1, 83, E1, 7F, C1, EA, 07, 74, 65, EB, 06, 8D, 9B, 00, 00, 00, 00, 66, 0F, 6F, 06, 66, 0F, 6F, 4E, 10, 66, 0F, 6F, 56, 20, 66, 0F, 6F, 5E, 30, 66, 0F, 7F, 07, 66, 0F, 7F, 4F, 10, 66, 0F, 7F, 57, 20, 66, 0F, 7F, 5F, 30, 66, 0F, 6F, 66, 40, 66, 0F, 6F, 6E, 50, 66, 0F, 6F, 76, 60, 66, 0F, 6F, 7E, 70, 66, 0F, 7F, 67, 40, 66, 0F, 7F, 6F, 50, 66, 0F, 7F, 77, 60, 66, 0F, 7F, 7F, 70, 8D, B6, 80, 00, 00, 00, 8D, BF...
 
[+]

Entropy:
6.4534

Code size:
228.5 KB (233,984 bytes)

The file adjustment program reset impressora epson wf 7011 luzes piscando.rar__3062_il139.exe has been seen being distributed by the following 3 URLs.

http://www.rulerdownload.com/download.php?version=1.1.5.26&campid=3687&instid[appname]=Paysafecard Code Generator Setup Downloader&instid[appsetupurl]=http://fastmediadownloads.com/download/Prompt-Downloader-1503272037.exe&instid[cmdline]=&instid[appimageurl]=http://.../logo.png&prefix=Paysafecard Code Generator Set Downloader&instid[thankyoupage]=http://.../?success&instid[interrupted]=http://.../?cancel&ti1=1503272037

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.soledownload.com  (54.225.181.84:80)

TCP (HTTP):
Connects to www.activemonetizer.com  (23.23.96.46:80)

 
http://www.activemonetizer.com/index.php?Net2=v2.0.50727&Net4=&OSversion=NT5.1SP3&Slv=&Sysid=B24393442&Sysid1=B24393442&X64=N&admin=Y&browser=IEXPLORE.EXE&chver=&exe=ikjut__4177331&offver=&lang_DfltUser=04