bootmgr for vista_10924_i24854159_il345.exe

Ukra-2006 LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application bootmgr for vista_10924_i24854159_il345.exe by Ukra-2006 has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Ukra-2006 LLC  (signed and verified)

MD5:
3e608ca75ae6d10c9c93613b57a760b7

SHA-1:
653e982dcd0ab49360c6ed42c364f84227e16140

SHA-256:
a39d92c8a9bf15c2e259d737fad713478c79c6359ad3d5b8f61acc9b17870035

Scanner detections:
14 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/29/2024 7:03:35 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Amonetize
2015.02.24

Avira AntiVirus
Adware/Amonetize.kpa
7.11.212.40

avast!
Win32:Malware-gen
2014.9-150223

AVG
Ukra
2016.0.3189

Baidu Antivirus
PUA.Win32.Amonetize
4.0.3.15223

Comodo Security
Application.Win32.LoadMoney.IARS
21186

ESET NOD32
Win32/Amonetize.DK potentially unwanted application
7.0.302.0

K7 AntiVirus
Unwanted-Program
13.198.15057

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
15.0.0.543

NANO AntiVirus
Trojan.Nsis.Amonetize.dnxabb
0.30.0.296

Panda Antivirus
Generic Suspicious
15.02.23.01

Reason Heuristics
PUP.Amonetize
15.2.23.13

Sophos
PUA 'Amonetize'
5.10

VIPRE Antivirus
Threat.4657539
37588

File size:
310.7 KB (318,112 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\bootmgr for vista_10924_i24854159_il345.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
6/30/2014 8:00:00 PM

Valid to:
7/1/2015 7:59:59 PM

Subject:
CN=Ukra-2006 LLC, O=Ukra-2006 LLC, L=Kharkiv, S=Harkivska obl, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2B3200D1AF3CAC4253C00F000EF4BAB9

File PE Metadata
Compilation timestamp:
10/7/2014 12:40:33 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:j+dY5JZ6Uchzny+6kKKKhjX2nHr0UnIQ73YcpwSiDWp4iHlraWoD7bgaI:+YubhzB6dhjmLTIQ7/phi1iFWJD78f

Entry address:
0x337C

Entry point:
81, EC, D8, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 30, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, BC, 80, 40, 00, 55, FF, 15, AC, 82, 40, 00, 6A, 09, A3, 98, 4F, 43, 00, E8, 15, 2F, 00, 00, A3, E4, 4E, 43, 00, 55, 8D, 44, 24, 38, 68, B4, 02, 00, 00, 50, 55, 68, 10, B2, 42, 00, FF, 15, 7C, 81, 40, 00, 68, 7C, A3, 40, 00, 68, E0, 3E, 43, 00, E8, 80, 2B, 00, 00, FF, 15, 34, 81, 40, 00, BB, 00, F0, 43, 00, 50, 53, E8, 6E, 2B, 00, 00...
 
[+]

Entropy:
7.9247

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

The file bootmgr for vista_10924_i24854159_il345.exe has been seen being distributed by the following URL.

Remove bootmgr for vista_10924_i24854159_il345.exe - Powered by Reason Core Security