das dao der teufelskerle free download__3516_i347294250_il4121730.exe

Installer

Amonetize ltd.

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application das dao der teufelskerle free download__3516_i347294250_il4121730.exe by Amonetize ltd has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.
Publisher:
Amônétízé Ltd  (signed by Amonetize ltd.)

Product:
Installer

Version:
1.1.1.20

MD5:
aa2fdd8d837d2eb74d9719f29f3e7883

SHA-1:
ae8d713a0027b133b5780b8481eafeeded40c7a7

SHA-256:
8f88cf76a6dc62e5ef3b14cbe320f3d67750fddc85d55750877115e6b8ffecdf

Scanner detections:
19 / 68

Status:
Adware

Explanation:
This setup file is a re-distribution of the original program that bundles various adware offers during installation including toolbars and browser search extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/2/2024 7:19:30 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.03.09

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.135.186

avast!
Win32:Amonetize-E [PUP]
2014.9-141026

AVG
Generic_r
2015.0.3310

Comodo Security
ApplicUnwnt
17905

Dr.Web
Adware.Downware.1655
9.0.1.0299

Emsisoft Anti-Malware
Win32.Parite
8.14.10.26.10

ESET NOD32
Win32/Amonetize.AG (variant)
8.9518

Fortinet FortiGate
Riskware/Amonetize
10/26/2014

G Data
Win32.Application.Amonetize
14.10.24

K7 AntiVirus
Unwanted-Program
13.176.11378

Kaspersky
not-a-virus:HEUR:Adware.Win32.Amonetize
14.0.0.3043

Malwarebytes
PUP.Optional.InstallMonetizer
v2014.10.26.10

McAfee
Adware-Amonetize!AA2FDD8D837D
5600.6966

Qihoo 360 Security
HEUR/Malware.QVM10.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.Amonetizeltd.?
14.10.26.10

Sophos
Amonetize
4.98

Trend Micro House Call
TROJ_GEN.F47V0210
7.2.299

VIPRE Antivirus
Amonetize
27224

File size:
331.5 KB (339,496 bytes)

Product version:
2.1.12

Copyright:
(c) Amônétízé Ltd, 2012,2013. All rights reserved.

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\das dao der teufelskerle free download__3516_i347294250_il4121730.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
3/19/2013 1:00:00 AM

Valid to:
6/19/2015 1:59:59 AM

Subject:
CN=Amonetize ltd., O=Amonetize ltd., L=Raanana, S=Alberta, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
235E7B2F1D4E0152189F6381E2BA8C97

File PE Metadata
Compilation timestamp:
2/10/2014 2:29:59 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:xwIZhBTGuhwNEqKFkWB9BJuSse4+TDJEb0FECou/SMllpV:xw8hBTLhwN/KFk29BMGDJZF1l/HpV

Entry address:
0x273B4

Entry point:
E8, 9A, 95, 00, 00, E9, 89, FE, FF, FF, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00, 00, 00, 8B, D1, 83, E1, 7F, C1, EA, 07, 74, 65, EB, 06, 8D, 9B, 00, 00, 00, 00, 66, 0F, 6F, 06, 66, 0F, 6F, 4E, 10, 66, 0F, 6F, 56, 20, 66, 0F, 6F, 5E, 30, 66, 0F, 7F, 07, 66, 0F, 7F, 4F, 10, 66, 0F, 7F, 57, 20, 66, 0F, 7F, 5F, 30, 66, 0F, 6F, 66, 40, 66, 0F, 6F, 6E, 50, 66, 0F, 6F, 76, 60, 66, 0F, 6F, 7E, 70, 66, 0F, 7F, 67, 40, 66, 0F, 7F, 6F, 50, 66, 0F, 7F, 77, 60, 66, 0F, 7F, 7F, 70, 8D, B6, 80, 00, 00, 00, 8D, BF...
 
[+]

Code size:
231 KB (236,544 bytes)

The file das dao der teufelskerle free download__3516_i347294250_il4121730.exe has been seen being distributed by the following 4 URLs.

http://download.getlinksinaseconds.com/.../get.php?q=Pulp.Fiction.1994.1080p.BrRip.x264.YIFY.mp4.mp4&ti1=500000&ti2=1&ti3=2014-02-10T21:13:24.242994 00:00

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.soledownload.com  (54.225.181.84:80)

TCP (HTTP):
Connects to www.activemonetizer.com  (23.23.96.46:80)

 
http://www.activemonetizer.com/index.php?Net2=v2.0.50727&Net4=&OSversion=NT5.1SP3&Slv=&Sysid=B212724563&Sysid1=B212724563&X64=N&admin=Y&browser=IEXPLORE.EXE&chver=&exe=ikjut__12508452&offver=&lang_DfltUser=04