alrassamalarabifulldownload__7934_il14728.exe

The application alrassamalarabifulldownload__7934_il14728.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from 448714.download1234.website.
MD5:
85bc3b7822c9b1ee79d771aacebcf7f6

SHA-1:
f043e0261d106890ac273e384f9baa4b85da853c

SHA-256:
71f3def49b0694c32eb8f4a5cefa59e3c944c7868e2553d77c418447168f8604

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/22/2024 8:44:20 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Amonetize.Installer (M)
16.8.10.18

File size:
587.5 KB (601,601 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\alrassamalarabifulldownload__7934_il14728.exe

File PE Metadata
Compilation timestamp:
8/8/2016 11:09:07 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:wyv3zqaSxqdbqk44TFVRqEM8+RTKQrpzwqN9:lvjqxqdbZ4QEEM8+RTKQVzrN9

Entry address:
0xCB0DC

Entry point:
60, E8, 00, 00, 00, 00, 58, 05, 5A, 0B, 00, 00, 8B, 30, 03, F0, 2B, C0, 8B, FE, 66, AD, C1, E0, 0C, 8B, C8, 50, AD, 2B, C8, 03, F1, 8B, C8, 57, 51, 49, 8A, 44, 39, 06, 88, 04, 31, 75, F6, 2B, C0, AC, 8B, C8, 80, E1, F0, 24, 0F, C1, E1, 0C, 8A, E8, AC, 0B, C8, 51, 02, CD, BD, 00, FD, FF, FF, D3, E5, 59, 58, 8B, DC, 8D, A4, 6C, 90, F1, FF, FF, 51, 2B, C9, 51, 51, 8B, CC, 51, 66, 8B, 17, C1, E2, 0C, 52, 57, 83, C1, 04, 51, 50, 83, C1, 04, 56, 51, E8, 5E, 00, 00, 00, 8B, E3, 5E, 5A, 2B, C0, 89, 04, 32, B4, 10...
 
[+]

Entropy:
7.7378

Packer / compiler:
ASPack v1.08.04

Code size:
119 KB (121,856 bytes)

The file alrassamalarabifulldownload__7934_il14728.exe has been seen being distributed by the following URL.