bundle_flowsurfcb.exe

Chicago Blackhawks

Smart Marketyng Solyushynz, TOV

The application bundle_flowsurfcb.exe by Smart Marketyng Solyushynz, TOV has been detected as a potentially unwanted program by 25 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Chicago Blackhawks Ltd  (signed by Smart Marketyng Solyushynz, TOV)

Product:
Chicago Blackhawks

Description:
Philadelphia

Version:
3.6.12.2

MD5:
02e7c9ca360d4f829d987bf66e39783f

SHA-1:
6b8fdc4f6d51d34e9e881fe2dd2c2e9f2ecd2614

SHA-256:
65808440ce79cea81c5d3be71f9f2f1e4aef05fcd112f5c5817a8351bc8ee179

Scanner detections:
25 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 11:15:27 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.281318
283

AegisLab AV Signature
AdWare.W32.Amonetize.m8Z9
2.1.4+

AhnLab V3 Security
PUP/Win32.Amonetize
2016.04.24

Avira AntiVirus
ADWARE/Amonetize.nxap
8.3.3.4

Arcabit
Trojan.Graftor.D44AE6
1.0.0.672

AVG
Generic
2017.0.2761

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.16426

Bitdefender
Gen:Variant.Graftor.281318
1.0.20.585

Dr.Web
Trojan.Amonetize.12893
9.0.1.0117

Emsisoft Anti-Malware
Gen:Variant.Graftor.281318
8.16.04.26.03

ESET NOD32
Win32/Amonetize.SN potentially unwanted (variant)
10.13381

Fortinet FortiGate
Riskware/Adload
4/26/2016

F-Secure
Gen:Variant.Graftor.281318
11.2016-26-04_3

G Data
Gen:Variant.Graftor.281318
16.4.25

IKARUS anti.virus
PUA.Amonetize
t3scan.2.0.9.0

K7 AntiVirus
Unwanted-Program
13.222.19399

Kaspersky
not-a-virus:Downloader.Win32.AdLoad
14.0.0.302

Malwarebytes
PUP.Optional.Amonetize
v2016.04.26.03

Microsoft Security Essentials
SoftwareBundler:Win32/Mizenota
1.1.12603.0

MicroWorld eScan
Gen:Variant.Graftor.281318
17.0.0.351

Panda Antivirus
Trj/Genetic.gen
16.04.26.03

Qihoo 360 Security
QVM10.1.Malware.Gen
1.0.0.1120

Reason Heuristics
PUP.Amonetize (M)
16.4.26.15

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16424

Vba32 AntiVirus
Signed-Downware.Amonetize
3.12.26.4

File size:
307 KB (314,392 bytes)

Product version:
3.6.0.0

Original file name:
hawks.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\bundle_flowsurfcb.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/17/2016 2:00:00 AM

Valid to:
4/18/2017 1:59:59 AM

Subject:
CN="Smart Marketyng Solyushynz, TOV", OU=IT, O="Smart Marketyng Solyushynz, TOV", STREET="VUL.Strutynskogo, 8", L=Kiev, S=Kiev, PostalCode=01010, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4EF50BB663E4541D536358DB34EADA49

File PE Metadata
Compilation timestamp:
4/21/2016 1:10:26 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:Fjhy7RpioNcSMAqKz7jjXJqsI7+M7XFdJjZOpZ7nNsMuGBlfP:zyCSmujXJqH1iRXlfP

Entry address:
0x372D

Entry point:
E8, 46, 25, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, C8, EF, 3B, 00, 89, 0D, C4, EF, 3B, 00, 89, 15, C0, EF, 3B, 00, 89, 1D, BC, EF, 3B, 00, 89, 35, B8, EF, 3B, 00, 89, 3D, B4, EF, 3B, 00, 66, 8C, 15, E0, EF, 3B, 00, 66, 8C, 0D, D4, EF, 3B, 00, 66, 8C, 1D, B0, EF, 3B, 00, 66, 8C, 05, AC, EF, 3B, 00, 66, 8C, 25, A8, EF, 3B, 00, 66, 8C, 2D, A4, EF, 3B, 00, 9C, 8F, 05, D8, EF, 3B, 00, 8B, 45, 00, A3, CC, EF, 3B, 00, 8B, 45, 04, A3, D0, EF, 3B, 00, 8D, 45, 08, A3, DC, EF, 3B...
 
[+]

Code size:
32.5 KB (33,280 bytes)

Remove bundle_flowsurfcb.exe - Powered by Reason Core Security