destinymoddingtool__6858_il2137605.exe

The application destinymoddingtool__6858_il2137605.exe has been detected as a potentially unwanted program by 18 anti-malware scanners. This is a setup program which is used to install the application. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.v4download.com.
Version:
1.1.5.90

MD5:
4baf58f33370f6107ebb107d9e35e214

SHA-1:
6917933e5468b71394f82da2baa953532be9e23f

SHA-256:
ba54ec5849895c5214d9a773bb0f0b3f62ee0bf49bbc7166c173588ca694dab4

Scanner detections:
18 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 4:21:29 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1965627
814

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.11.11

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.183.246

avast!
Win32:Dropper-gen [Drp]
2014.9-141112

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.141112

Bitdefender
Trojan.GenericKD.1965627
1.0.20.1580

Bkav FE
W32.HfsAutoA
1.3.0.4959

Emsisoft Anti-Malware
Trojan.GenericKD.1965627
8.14.11.12.05

ESET NOD32
Win32/Amonetize.BP (variant)
8.10701

G Data
Trojan.GenericKD.1965627
14.11.24

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.2956

Malwarebytes
PUP.Optional.Amonetize
v2014.11.12.05

McAfee
RDN/Generic PUP.x!cpv
5600.6948

MicroWorld eScan
Trojan.GenericKD.1965627
15.0.0.948

nProtect
Trojan.GenericKD.1965627
14.11.10.01

Panda Antivirus
Trj/Chgt.K
14.11.12.05

Quick Heal
(Suspicious) - DNAScan
11.14.14.00

Sophos
Generic PUA GJ
4.98

File size:
432.6 KB (442,960 bytes)

Product version:
1.1.5.90

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\destinymoddingtool__6858_il2137605.exe

File PE Metadata
Compilation timestamp:
11/6/2014 6:54:19 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:EzgYUCNJxOojB+ad7YSyTmdLZ4kgRWepuuqqzU26Ny04HZfva:EzuCNJxzjB+sYbuWgyVzU/OH1va

Entry address:
0xAC898

Entry point:
60, C6, 44, 24, 14, 81, 60, 8D, 64, 24, 40, 0F, 83, 01, 1B, 03, 00, 68, 31, 5D, 7B, 24, 55, 9C, 68, 61, 20, 90, CF, C7, 44, 24, 08, EB, 2B, 55, AA, 60, 68, 5C, 96, 28, 82, 8D, 64, 24, 2C, E9, 40, 69, 03, 00, E8, 9B, 68, B3, 3C, 22, 76, 9F, AC, 67, 02, AD, C1, AA, C1, 1F, 78, 7C, B3, A9, 7E, A5, 8E, 6D, F6, 86, 9D, 9E, 91, 8A, 81, 92, 75, AE, 09, E3, 48, 34, 8C, 93, E5, 5D, BA, EE, 22, E5, D8, B7, 8C, 18, 5B, 58, 43, D5, 09, DF, E3, 6F, 51, 93, 78, B0, 28, 98, 53, 8A, 0E, AC, 37, AE, FD, E7, 5D, 42, D6, C9...
 
[+]

Entropy:
7.9025  (probably packed)

Code size:
225.5 KB (230,912 bytes)

The file destinymoddingtool__6858_il2137605.exe has been seen being distributed by the following URL.

Remove destinymoddingtool__6858_il2137605.exe - Powered by Reason Core Security