» distro-amzn-installmonetizer-rs-2_13039225015995_1.exe
Overview
Analysis
File Details
Network (1)

distro-amzn-installmonetizer-rs-2_13039225015995_1.exe

Amazon Browser Bar

Browser Distribution Services, Inc.

The application distro-amzn-installmonetizer-rs-2_13039225015995_1.exe by Browser Distribution Services has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. While running, it connects to the Internet address server-204-246-169-223.jfk1.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

Publisher:

Browser Distribution Services, Inc. (signed and verified)

Product:

Amazon Browser Bar

Version:

1.0

MD5:

20c559b82877c2c8b62ccdcdec5cfc6d

SHA-1:

1229657475c3ecbea4da701f3399390e1843819f

SHA-256:

90398388f985d2cdc517d6ad88540c6f937d4fbe980a3c7588910d02a9068f57

Scanner detections:

6 / 68

Status:

Adware

Analysis date:

11/24/2024 3:01:46 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Downware.1611

9.0.1.072

ESET NOD32

Win32/Distromatic

8.9501

Malwarebytes

PUP.Optional.Searchprotect

v2014.03.13.07

Reason Heuristics

PUP.BrowserDistributionServices.s

14.8.7.21

Rising Antivirus

NS:AdWare.Script.VBS.StartPage.g!1579249

23.00.65.14311

Trend Micro House Call

TROJ_GEN.F47V0204

7.2.72

File size:

4.2 MB (4,441,520 bytes)

Product version:

1.0

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\windows\temp\28c507db-d7fb-4aec-9c80-02ec74bc9d8c\distro-amzn-installmonetizer-rs-2_13039225015995_1.exe

Digital Signature

Signed by:

Browser Distribution Services, Inc.

Authority:

COMODO CA Limited

Valid from:

1/31/2013 7:00:00 PM

Valid to:

2/1/2015 6:59:59 PM

Subject:

CN="Browser Distribution Services, Inc.", O="Browser Distribution Services, Inc.", STREET="2711 Centerville Road, Suite 400", L=Wilmington, S=DE, PostalCode=19808, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

3B259692789E76789FF829879954D882

File PE Metadata

Compilation timestamp:

12/7/2011 9:34:40 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

98304:7GAa+gFxyGah1GswoOpi2+PLDD+b3sAonAVucc2woQv/YZ7:7Ja+g7yJHDwoCx+X6sfAVIor

Entry address:

0x4040

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, E8, B3, 52, 00, 00, C7, 04, 24, 01, 80, 00, 00, E8, 5F, 4F, 00, 00, 56, C7, 04, 24, 00, 00, 00, 00, E8, C2, 52, 00, 00, 53, A3, 50, 5B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 3E, 32, 00, 00, A3, 00, 5C, 42, 00, 8D, 85, 84, FE, FF, FF, 51, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A4, B2, 40, 00, E8, EC, 51, 00, 00, 83, EC, 14, C7, 44, 24, 04, A5, B2, 40, 00, C7, 04, 24, 30, 5C... 
[+]

Code size:

33 KB (33,792 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to server-204-246-169-223.jfk1.r.cloudfront.net (204.246.169.223:80)

Remove distro-amzn-installmonetizer-rs-2_13039225015995_1.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.