» command and conquer- generals zero hour game free download__4805_il5721.exe
Overview
Analysis
File Details
Downloads (9)
Network (3)

command and conquer- generals zero hour game free download__4805_il5721.exe

Installer

The application command and conquer- generals zero hour game free download__4805_il5721.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.specificdownload.com and multiple other hosts. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

Product:

Installer

Version:

1.1.6.20

MD5:

5fc1101e606986748b355b959208c3ca

SHA-1:

132db2a0694e32d0095e2bf7842d0301bb9070ac

SHA-256:

a46916d960064776e9d497d478852e13c72ae3146286659777a331f8a44e0a37

Scanner detections:

11 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 8:00:32 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.Amonetiz

2014.02.25

Avira AntiVirus

ADWARE/Adware.Gen2

7.11.133.122

avast!

Win32:Amonetize-F [PUP]

2014.9-140228

Baidu Antivirus

Adware.Win32.Amonetize

4.0.3.14228

Dr.Web

Adware.Downware.2160

9.0.1.059

ESET NOD32

Win32/Amonetize.AG (variant)

8.9464

Fortinet FortiGate

Riskware/Amonetize

2/28/2014

G Data

Win32.Application.Amonetize

14.2.24

Kaspersky

not-a-virus:AdWare.Win32.Amonetize

14.0.0.4240

Malwarebytes

PUP.Optional.Amonetize

v2014.02.28.10

Trend Micro House Call

TROJ_GEN.F47V0223

7.2.59

File size:

323 KB (330,752 bytes)

Product version:

2.1.12

Original file name:

Installer.exe

File type:

Executable application (Win64 EXE)

Common path:

C:\users\{user}\appdata\local\temp\command and conquer- generals zero hour game free download__4805_il5721.exe

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

6144:I3dOBl4mrOSUGPlEgA7gGBE2AH6+ieTAlrYh3uoNUZ1FyjlMIx8U9oFjXgWp:I3ABl4maSUGtEgA7gGE2nZo41sjlMO8B

Entry point:

E8, BC, 95, 00, 00, E9, 89, FE, FF, FF, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00, 00, 00, 8B, D1, 83, E1, 7F, C1, EA, 07, 74, 65, EB, 06, 8D, 9B, 00, 00, 00, 00, 66, 0F, 6F, 06, 66, 0F, 6F, 4E, 10, 66, 0F, 6F, 56, 20, 66, 0F, 6F, 5E, 30, 66, 0F, 7F, 07, 66, 0F, 7F, 4F, 10, 66, 0F, 7F, 57, 20, 66, 0F, 7F, 5F, 30, 66, 0F, 6F, 66, 40, 66, 0F, 6F, 6E, 50, 66, 0F, 6F, 76, 60, 66, 0F, 6F, 7E, 70, 66, 0F, 7F, 67, 40, 66, 0F, 7F, 6F, 50, 66, 0F, 7F, 77, 60, 66, 0F, 7F, 7F, 70, 8D, B6, 80, 00, 00, 00, 8D, BF... 
[+]

The file command and conquer- generals zero hour game free download__4805_il5721.exe has been seen being distributed by the following 9 URLs.

http://www.specificdownload.com/download.php?version=1.1.6.20&prefix=Download Game PC PES 2014 Full Version Gratis&campid=5208&instid[appname]=Download Game PC PES 2014 Full Version Gratis&instid[thankyoupage]=&instid[appsetupurl]=&instid[interrupted]=&instid[appimageurl]=http://s3.amazonaws.com/.../downloadall.png

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4411&capp=s7zip&prefix=GameSetup

http://www.conductdownload.com/download.php?version=1.1.6.20&prefix=Space Engineers Full Game ISO&campid=3613&ti1=BW&instid[appname]=Space Engineers Full Game ISO&instid[thankyoupage]=&instid[appsetupurl]=&instid[interrupted]=&instid[appimageurl]=http://s3.amazonaws.com/.../downloadall.png

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=NzI0fDE2NzR8RVN8M3wxfHw|f1083ef8b33baf993d96198897c89bb7

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=NzI0fDE3MTF8TVh8M3wxfHw|f1083ef8b33baf993d96198897c89bb7

http://www.singulardownload.com/download.php?version=1.1.6.20&campid=6427&instid[appsetupurl]=&instid[cmdline]=&instid[appimageurl]=http://images.torrentfrancais.com/managerscreenshot.png&instid[thankyoupage]=http://www.torrentfrancais.com&instid[interrupted]=http://www.torrentfrancais.eu/.../&prefix=Hoyle.card.games.torrent&instid[appname]=Hoyle.card.games.torrent

http://www.prudentdownload.com/.../S&instid[appimageurl]=&prefix=HackUpdated2014&instid[thankyoupage]=

http://q=http://.../1eyv5CE

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

TCP (HTTP):

Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com (54.221.252.69:80)

Remove command and conquer- generals zero hour game free download__4805_il5721.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.