comptia a certification study downloader__3687_i1433240208_il1372438.exe

AMGRUP LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application comptia a certification study downloader__3687_i1433240208_il1372438.exe by AMGRUP has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
AMGRUP LLC  (signed and verified)

Version:
1.1.5.26

MD5:
f0830c0aa0da0332fed6b251af489751

SHA-1:
d7b98fc71ee3a85db809910c0540e8d72ad26f66

SHA-256:
53b273c52c7ebf414b3e46ce8251bb8407674ac8a61701d95e1f0df9c1dbc0e6

Scanner detections:
14 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 6:31:14 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2015.01.05

Avira AntiVirus
Adware/Amonetize.576192.16
7.11.199.126

AVG
Generic
2016.0.3237

Dr.Web
Trojan.Amonetize.341
9.0.1.06

Fortinet FortiGate
Riskware/Amonetize
1/6/2015

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.2682

Malwarebytes
PUP.Optional.Amonetize
v2015.01.06.01

McAfee
Artemis!F0830C0AA0DA
5600.6893

NANO AntiVirus
Riskware.Win32.Amonetize.dlfklg
0.30.0.64448

Reason Heuristics
PUP.Installer.AMGRUP.?
15.1.6.13

Trend Micro House Call
Suspicious_GEN.F47V1228
7.2.6

VIPRE Antivirus
Trojan.Win32.Generic
36372

Zillya! Antivirus
Adware.Amonetize.Win32.1872
2.0.0.2026

File size:
562.7 KB (576,192 bytes)

Product version:
1.1.5.26

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\comptia a certification study downloader__3687_i1433240208_il1372438.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
12/1/2014 4:00:00 PM

Valid to:
12/2/2015 3:59:59 PM

Subject:
CN=AMGRUP LLC, O=AMGRUP LLC, L=Kiev, S=Kiev, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7BEE5C2171C644AF5B917C9D0C4DC006

File PE Metadata
Compilation timestamp:
12/19/2014 2:07:19 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:/yxggGN465GSRZkXPcCSUdlo9geFD+figGF+E:axg1462ZSUdlo6eZIGF+E

Entry address:
0xAF83

Entry point:
E8, 21, 3E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, C4, 5B, 39, 00, FF, 15, A4, E0, 38, 00, 85, C0, 75, 18, 56, E8, 57, 2D, 00, 00, 8B, F0, FF, 15, 84, E0, 38, 00, 50, E8, 07, 2D, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, C1, ED, FF, FF, C7, 06, C0, EB, 38, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, C0, EB, 38, 00, E9, 05, EE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, C0, EB, 38, 00, E8, F2, ED, FF, FF...
 
[+]

Entropy:
7.6615

Code size:
115.5 KB (118,272 bytes)

The file comptia a certification study downloader__3687_i1433240208_il1372438.exe has been seen being distributed by the following URL.