adobe photoshop extended__6183_il103460.exe

Prodlogistyka LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application adobe photoshop extended__6183_il103460.exe by Prodlogistyka has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Prodlogistyka LLC  (signed and verified)

Version:
1.1.5.26

MD5:
7d5a0566a8c4468ff6493455bdfa4fb9

SHA-1:
06a86ec75ea4cb61f4396070ba7b635361fa6eca

SHA-256:
12b69810b1378b0dc0b2a2e6c041316e767ac237e90882c36190466e0f3d249b

Scanner detections:
17 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 5:52:29 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Amonetiz
2015.01.05

Avira AntiVirus
Adware/Amonetize.575176.3
7.11.198.178

avast!
Win32:Malware-gen
2014.9-150120

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.15120

Bkav FE
HW32.Packed
1.3.0.6267

Dr.Web
Trojan.Amonetize.341
9.0.1.01

ESET NOD32
Win32/Amonetize.CK (variant)
9.10941

Fortinet FortiGate
Adware/Amonetize
1/20/2015

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.2708

Malwarebytes
PUP.Optional.Amonetize.A
v2015.01.20.09

McAfee
Artemis!2FBDB9449C59
5600.6880

NANO AntiVirus
Riskware.Win32.Amonetize.dljdpe
0.30.0.64448

Panda Antivirus
Generic Suspicious
15.01.01.08

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.Prodlogistyka.h
15.1.4.13

Sophos
Generic PUA AG
4.98

Trend Micro House Call
TROJ_GEN.R047H07LT14
7.2.1

File size:
561.7 KB (575,176 bytes)

Product version:
1.1.5.26

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\adobe photoshop extended__6183_il103460.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
12/16/2014 2:00:00 AM

Valid to:
12/17/2015 1:59:59 AM

Subject:
CN=Prodlogistyka LLC, O=Prodlogistyka LLC, L=Kharkiv, S=Alabama, C=UA

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6EA4BF001566F2722AC7CE8C3A4F62AE

File PE Metadata
Compilation timestamp:
12/26/2014 8:07:40 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:6/XnAkW3fGh7oWkQ31XfeetyLj3687K4wPFDT+4:6/wkW2JfDtyLjBkFm4

Entry address:
0xB0FA

Entry point:
E8, 1A, 3E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, C4, 5B, 39, 00, FF, 15, A4, E0, 38, 00, 85, C0, 75, 18, 56, E8, 50, 2D, 00, 00, 8B, F0, FF, 15, 84, E0, 38, 00, 50, E8, 00, 2D, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 9A, ED, FF, FF, C7, 06, C0, EB, 38, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, C0, EB, 38, 00, E9, DE, ED, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, C0, EB, 38, 00, E8, CB, ED, FF, FF...
 
[+]

Code size:
115.5 KB (118,272 bytes)

The file adobe photoshop extended__6183_il103460.exe has been seen being distributed by the following URL.

Remove adobe photoshop extended__6183_il103460.exe - Powered by Reason Core Security