command and conquer- generals zero hour game free download__4805_il5721.exe

Installer

The application command and conquer- generals zero hour game free download__4805_il5721.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.specificdownload.com and multiple other hosts. While running, it connects to the Internet address www.ibbalance.com on port 443.
Product:
Installer

Version:
1.1.6.20

MD5:
5fc1101e606986748b355b959208c3ca

SHA-1:
132db2a0694e32d0095e2bf7842d0301bb9070ac

SHA-256:
a46916d960064776e9d497d478852e13c72ae3146286659777a331f8a44e0a37

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 4:56:12 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.02.25

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.133.122

avast!
Win32:Amonetize-F [PUP]
2014.9-140228

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.14228

Dr.Web
Adware.Downware.2160
9.0.1.059

ESET NOD32
Win32/Amonetize.AG (variant)
8.9464

Fortinet FortiGate
Riskware/Amonetize
2/28/2014

G Data
Win32.Application.Amonetize
14.2.24

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.4240

Malwarebytes
PUP.Optional.Amonetize
v2014.02.28.10

Trend Micro House Call
TROJ_GEN.F47V0223
7.2.59

File size:
323 KB (330,752 bytes)

Product version:
2.1.12

Copyright:
Copyright(c), All Rights Reserved.

Original file name:
Installer.exe

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\temp\command and conquer- generals zero hour game free download__4805_il5721.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
6144:I3dOBl4mrOSUGPlEgA7gGBE2AH6+ieTAlrYh3uoNUZ1FyjlMIx8U9oFjXgWp:I3ABl4maSUGtEgA7gGE2nZo41sjlMO8B

Entry point:
E8, BC, 95, 00, 00, E9, 89, FE, FF, FF, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00, 00, 00, 8B, D1, 83, E1, 7F, C1, EA, 07, 74, 65, EB, 06, 8D, 9B, 00, 00, 00, 00, 66, 0F, 6F, 06, 66, 0F, 6F, 4E, 10, 66, 0F, 6F, 56, 20, 66, 0F, 6F, 5E, 30, 66, 0F, 7F, 07, 66, 0F, 7F, 4F, 10, 66, 0F, 7F, 57, 20, 66, 0F, 7F, 5F, 30, 66, 0F, 6F, 66, 40, 66, 0F, 6F, 6E, 50, 66, 0F, 6F, 76, 60, 66, 0F, 6F, 7E, 70, 66, 0F, 7F, 67, 40, 66, 0F, 7F, 6F, 50, 66, 0F, 7F, 77, 60, 66, 0F, 7F, 7F, 70, 8D, B6, 80, 00, 00, 00, 8D, BF...
 
[+]

The file command and conquer- generals zero hour game free download__4805_il5721.exe has been seen being distributed by the following 9 URLs.

http://www.specificdownload.com/download.php?version=1.1.6.20&prefix=Download Game PC PES 2014 Full Version Gratis&campid=5208&instid[appname]=Download Game PC PES 2014 Full Version Gratis&instid[thankyoupage]=&instid[appsetupurl]=&instid[interrupted]=&instid[appimageurl]=http://s3.amazonaws.com/.../downloadall.png

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4411&capp=s7zip&prefix=GameSetup

http://q=http://.../1eyv5CE

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):