avast-free-antivirus-2014_9.0.2006.exe

Onekit Internet S,L

The application avast-free-antivirus-2014_9.0.2006.exe by Onekit Internet S,L has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the OneKit Downloader installer. The installer is marketed through download protals and search ads as the free AVAST Antivirus but will also install additional software offers which include adware, PUPs and browser toolbars. While running, it connects to the Internet address oneinstaller.com on port 80 using the HTTP protocol.
Publisher:
Onekit Internet S,L  (signed and verified)

MD5:
a5904abfaa22e160b6b10478d750c6b7

SHA-1:
1771fd01778af1110dec0abb4c41817167442a7e

SHA-256:
80075a03e23c01d665cc36f9be98f69680f530314a326b50d6d26c5018555d9d

Scanner detections:
12 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/24/2024 4:26:30 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Adware/Win32.Lollipop
2014.10.06

avast!
Win32:Adware-BER [Adw]
2014.9-141114

Baidu Antivirus
Trojan.Win32.OneInstaller
4.0.3.141114

ESET NOD32
Win32/OneInstaller
8.10513

G Data
NSIS.Adware.OneInstaller
14.11.24

McAfee
Artemis!A5904ABFAA22
5600.6947

NANO AntiVirus
Riskware.Nsis.Downloader.cuognw
0.28.2.62440

Reason Heuristics
PUP.OnekitInternetSL.a
14.11.14.10

Rising Antivirus
NORMAL:Trojan.DL.Script.Agent.am!1595604
23.00.65.141112

Sophos
Lollipop
4.98

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Onekit Installer
33684

File size:
87 KB (89,048 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OneKit Downloader (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\avast free antivirus 2014\avast-free-antivirus-2014_9.0.2006.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
4/15/2013 8:25:37 PM

Valid to:
5/18/2016 2:11:52 PM

Subject:
E=info@onekit.com, CN="Onekit Internet S,L", O="Onekit Internet S,L", L=Cerdanyola Del Valles, S=Barcelona, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216C6B688869B7980323D94C3965BBB528

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:upgpHzb9dZVX9fHMvG0D3XJ0INZ4ToxGnxg+JDMtEM3PNvfNMf2mIz:0gXdZt9P6D3XJ0uZ4ToxGlJYV3PNSOv

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.2712

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to oneinstaller.com  (93.189.35.51:80)

Remove avast-free-antivirus-2014_9.0.2006.exe - Powered by Reason Core Security