andy tavalodet mobarak__3516_i1379501011_il3428654.exe

The application andy tavalodet mobarak__3516_i1379501011_il3428654.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www-squid.cluster12.fb-hosting-apps.com.
MD5:
f692566f3ea8fc8b396be1a839b77f4e

SHA-1:
34e617d8436fcb8dde04841f09ad991c86e13888

SHA-256:
22772b16056aa99b95fd913c4f21d3f5ba3446f8bf76b21b39cd22421d529434

Scanner detections:
19 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 4:23:29 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.167075
5517384

AhnLab V3 Security
PUP/Win32.Amonetize
2015.05.20

avast!
Win32:Amonetize-FH [PUP]
150414-0

AVG
Adware BundleApp.CUB
2014.0.4311

Bitdefender
Gen:Variant.Adware.Graftor.167075
1.0.20.700

Dr.Web
Adware.Downware.8860
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.167075
10.0.0.5366

ESET NOD32
Win32/Amonetize.BW potentially unwanted application
7.0.302.0

F-Secure
Gen:Variant.Adware.Graftor
5.13.68

G Data
Gen:Variant.Adware.Graftor.167075
15.5.25

IKARUS anti.virus
PUA.Amonetize
t3scan.1.8.9.0

MicroWorld eScan
Gen:Variant.Adware.Graftor.167075
16.0.0.420

NANO AntiVirus
Riskware.Win32.Downware.dgzodg
0.30.24.1357

Panda Antivirus
Generic Suspicious
15.05.20.12

Quick Heal
Trojan.Neop.G5
5.15.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
15.5.19.19

Sophos
Amonetizer
4.98

Vba32 AntiVirus
AdWare.Amonetize
3.12.26.4

Zillya! Antivirus
Adware.Amonetize.Win32.1442
2.0.0.2183

File size:
516.5 KB (528,854 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\andy tavalodet mobarak__3516_i1379501011_il3428654.exe

File PE Metadata
Compilation timestamp:
10/13/2014 6:21:50 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:98rSVLtRMm8AZJHAPFTK+7liDDuJzVfbuoWM7K:2rSVAAPHAdTKali/uJzxbnWj

Entry address:
0x11D8A

Entry point:
E8, E8, 69, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, 9C, 5E, 3A, 00, 00, 75, 18, E8, C7, 5E, 00, 00, 6A, 1E, E8, 11, 5D, 00, 00, 68, FF, 00, 00, 00, E8, 7C, F3, FF, FF, 59, 59, 8B, 45, 08, 85, C0, 75, 01, 40, 50, 6A, 00, FF, 35, 9C, 5E, 3A, 00, FF, 15, EC, A0, 39, 00, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 9C, 5E, 3A, 00, 00, 75, 18, E8, 7D, 5E, 00, 00, 6A, 1E, E8, C7, 5C, 00, 00, 68, FF, 00, 00, 00, E8, 32, F3, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3...
 
[+]

Entropy:
7.4517

Code size:
163 KB (166,912 bytes)

The file andy tavalodet mobarak__3516_i1379501011_il3428654.exe has been seen being distributed by the following URL.