appdev windows phone 7 development using vs 2010 torrents__2789_i102287290_il4525297.exe

Installer

Shetef Solutions & Consulting (1998) Ltd.

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application appdev windows phone 7 development using vs 2010 torrents__2789_i102287290_il4525297.exe by Shetef Solutions & Consulting (1998) has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The file has been seen being downloaded from download.aminst.net and multiple other hosts. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
Amonétizé Ltd  (signed by Shetef Solutions & Consulting (1998) Ltd.)

Product:
Installer

Version:
1.1.5.98

MD5:
a892424ad6e1700baef6e1fa2107e664

SHA-1:
830f904dd6e31e889e1944348bc107d3fbe2bb63

SHA-256:
74401886b2224486a268d92a0f27d8840db233fdc40dbbe1ee7b5c25ae2d3a1d

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Bundles the Conduit Toolbar and/or Conduit Search Protect.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/23/2024 6:43:36 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.115.42

avast!
Win32:Malware-gen
2014.9-131223

Bkav FE
W32.Clodc4e.Trojan
1.3.0.4562

Comodo Security
ApplicUnwnt
17316

Dr.Web
Adware.Downware.1575
9.0.1.0357

ESET NOD32
Win32/Amonetize (variant)
7.9085

G Data
Win32.Trojan.Agent.3F5QSY
13.12.22

IKARUS anti.virus
Win32.Malware
t3scan.2.2.29

Malwarebytes
PUP.Optional.Amonetize
v2013.12.23.09

McAfee
Artemis!A892424AD6E1
5600.7272

Reason Heuristics
PUP.Installer.ShetefSolutionsConsulting1998.?
14.8.8.3

Trend Micro House Call
TROJ_GEN.F47V1017
7.2.357

VIPRE Antivirus
Conduit
23634

File size:
198.1 KB (202,880 bytes)

Product version:
2.1.12

Copyright:
(c) Amonétizé Ltd, 2012,2013. All rights reserved.

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\appdev windows phone 7 development using vs 2010 torrents__2789_i102287290_il4525297.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
7/23/2013 2:00:00 AM

Valid to:
7/24/2014 1:59:59 AM

Subject:
CN=Shetef Solutions & Consulting (1998) Ltd., O=Shetef Solutions & Consulting (1998) Ltd., L=Rannana, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7C23DBB97FAFBB9D28D413F836202024

File PE Metadata
Compilation timestamp:
10/17/2013 8:00:26 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:zjuj9cnhcC1oOudz1KgV4vuu+LOwwV495dMz:z6cFJudspz4CSdMz

Entry address:
0x69DC0

Entry point:
60, BE, 00, E0, 43, 00, 8D, BE, 00, 30, FC, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.8270

Packer / compiler:
UPX 2.90LZMA]

Code size:
176 KB (180,224 bytes)

The file appdev windows phone 7 development using vs 2010 torrents__2789_i102287290_il4525297.exe has been seen being distributed by the following 15 URLs.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)