bundle_flowsurfcb.exe

Chicago Blackhawks

Smart Marketyng Solyushynz, TOV

The application bundle_flowsurfcb.exe by Smart Marketyng Solyushynz, TOV has been detected as a potentially unwanted program by 6 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Chicago Blackhawks Ltd  (signed by Smart Marketyng Solyushynz, TOV)

Product:
Chicago Blackhawks

Description:
Philadelphia

Version:
3.6.12.2

MD5:
2e4fe8d830a104a12ddcce7ce2804674

SHA-1:
9d340a0dd69906095575a6cbaed7f6447589321e

SHA-256:
7f44aa69e9221a856f5286d4e10177ed40ca36efe93bce4b9fd690b7b2651bd8

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 10:22:34 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Amonetize.12893
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Graftor.275998
11.5.0.6191

ESET NOD32
Win32/Amonetize.SN potentially unwanted application
8.0.319.0

Kaspersky
not-a-virus:Downloader.Win32.AdLoad
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.217.1958.0

Reason Heuristics
PUP.Amonetize.SmartMar (M)
16.4.22.18

File size:
307.5 KB (314,904 bytes)

Product version:
3.6.0.0

Original file name:
hawks.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\bundle_flowsurfcb.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/17/2016 2:00:00 AM

Valid to:
4/18/2017 1:59:59 AM

Subject:
CN="Smart Marketyng Solyushynz, TOV", OU=IT, O="Smart Marketyng Solyushynz, TOV", STREET="VUL.Strutynskogo, 8", L=Kiev, S=Kiev, PostalCode=01010, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4EF50BB663E4541D536358DB34EADA49

File PE Metadata
Compilation timestamp:
4/21/2016 7:10:08 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:KjZGQcw2+goaDAMcwPPkY+CxodLvOglwuET/lH+rTnLI1dKTIQ:KlLPlCmnCdKMQ

Entry address:
0x369D

Entry point:
E8, 46, 25, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, C8, EF, 3B, 00, 89, 0D, C4, EF, 3B, 00, 89, 15, C0, EF, 3B, 00, 89, 1D, BC, EF, 3B, 00, 89, 35, B8, EF, 3B, 00, 89, 3D, B4, EF, 3B, 00, 66, 8C, 15, E0, EF, 3B, 00, 66, 8C, 0D, D4, EF, 3B, 00, 66, 8C, 1D, B0, EF, 3B, 00, 66, 8C, 05, AC, EF, 3B, 00, 66, 8C, 25, A8, EF, 3B, 00, 66, 8C, 2D, A4, EF, 3B, 00, 9C, 8F, 05, D8, EF, 3B, 00, 8B, 45, 00, A3, CC, EF, 3B, 00, 8B, 45, 04, A3, D0, EF, 3B, 00, 8D, 45, 08, A3, DC, EF, 3B...
 
[+]

Code size:
32.5 KB (33,280 bytes)

Remove bundle_flowsurfcb.exe - Powered by Reason Core Security