home

bundle.exe

The application bundle.exe has been detected as a potentially unwanted program by 27 anti-malware scanners. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from d3ijsb1ryk5jd8.cloudfront.net and multiple other hosts.
MD5:
bd2aeb3c65ba3901238a2b9ae48b4337

SHA-1:
94a7150b821118e02bf7464cd6260f4e50b9334e

SHA-256:
38dc719336e30a425cd989d98065df1268b18f3efeb4a854599850a11e38e37f

Scanner detections:
27 / 68

Status:
Potentially unwanted

Analysis date:
11/2/2024 5:27:01 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.12368233
695

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
Trojan/Win32.Gen
2015.03.05

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.213.118

avast!
Win32:Amonetize-FS [PUP]
141214-1

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.141216

Bitdefender
Trojan.Generic.12368233
1.0.20.350

Dr.Web
Trojan.Amonetize.342
9.0.1.070

Emsisoft Anti-Malware
Trojan.Generic.12368233
8.15.03.11.06

ESET NOD32
Win32/Amonetize.BQ potentially unwanted application
7.0.302.0

Fortinet FortiGate
Adware/Amonetize
3/11/2015

F-Secure
Trojan.Generic.12368233
11.2015-11-03_4

G Data
Trojan.Generic.12368233
15.3.25

K7 AntiVirus
Trojan
13.200.15157

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.2789

McAfee
RDN/Generic PUP.x!cq3
5600.6829

MicroWorld eScan
Trojan.Generic.12368233
16.0.0.210

NANO AntiVirus
Riskware.Win32.Amonetize.dkoipa
0.30.0.296

nProtect
Trojan.Generic.12368233
15.03.04.01

Panda Antivirus
Trj/CI.A
15.03.11.06

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Quick Heal
AdWare.Amonetize.r5 (Not a Virus)
3.15.14.00

Sophos
Generic PUA JE
4.98

Trend Micro House Call
TROJ_GEN.F0C2C00LT14
7.2.70

Trend Micro
TROJ_GEN.F0C2C00LT14
10.465.11

Vba32 AntiVirus
AdWare.Amonetize
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
38116

File size:
297 KB (304,128 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\bundle.exe

File PE Metadata
Compilation timestamp:
12/16/2014 10:53:59 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:ZueGIA+ILnIlnzohjXZJtU9wkcPl7AVzjH:lQx7IlnzipJtU9wkAl7AV

Entry address:
0x1A6BA

Entry point:
E8, 80, F0, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 77, 9E, FF, FF, C7, 06, 00, 19, 44, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 00, 19, 44, 00, E9, BB, 9E, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 00, 19, 44, 00, E8, A8, 9E, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 9E, 89, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Code size:
248.5 KB (254,464 bytes)

The file bundle.exe has been seen being distributed by the following 5 URLs.

http://d3ijsb1ryk5jd8.cloudfront.net/cl/inst/bundles/Wajam_Amonetize/.../downloadb.exe

http://dmrm038s4vkzd.cloudfront.net/cl/inst/bundles/PicColor_Amonetize/.../downloadb.exe

http://www.2ndrequest.me/.../310714_am2.exe

http://d1pg43ots40sgg.cloudfront.net/bundle/Wajam_Amonetize/.../downloadb.exe

http://2ndrequest.me/.../310714_am2.exe

Remove bundle.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.