home

dvdfab 9.1.8.3 final__10924_i1445473076_il2465530.exe

AMGRUP LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application dvdfab 9.1.8.3 final__10924_i1445473076_il2465530.exe by AMGRUP has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
AMGRUP LLC  (signed and verified)

Version:
1.1.8.22

MD5:
6f4b40ab0b00238f752a6cf5b1ead9b1

SHA-1:
b50c9cad3c6b07258bf5409d1f91883488e73dbf

SHA-256:
c20154ec3638182facb8b8f26abb3798a1e66cc0f08807e9091f83c25d904ec6

Scanner detections:
25 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/23/2024 6:41:57 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Amonetize.21
745

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2015.01.19

Avira AntiVirus
ADWARE/Adware.Gen4
7.11.200.132

avast!
Win32:Amonetize-HQ [PUP]
2014.9-150120

AVG
Generic
2016.0.3230

Bitdefender
Gen:Variant.Application.Bundler.Amonetize.21
1.0.20.100

Dr.Web
Trojan.Adfltnet.71
9.0.1.014

ESET NOD32
Win32/Amonetize.CS (variant)
9.10998

Fortinet FortiGate
Adware/Amonetize
1/14/2015

F-Secure
Gen:Variant.Application.Bundler
11.2015-20-01_3

G Data
Gen:Variant.Application.Bundler.Amonetize.21
15.1.24

K7 AntiVirus
Trojan
13.191.14674

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.2612

Malwarebytes
PUP.Optional.Bundle
v2015.01.20.12

McAfee
Artemis!6F4B40AB0B00
5600.6886

MicroWorld eScan
Gen:Variant.Application.Bundler.Amonetize.21
16.0.0.60

NANO AntiVirus
Trojan.Win32.Adfltnet.dlwosi
0.30.0.64448

Panda Antivirus
Generic Suspicious
15.01.14.01

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.AMGRUP.o
15.1.14.1

Sophos
Generic PUA LF
4.98

Trend Micro House Call
TROJ_GEN.R02SH07AB15
7.2.14

VIPRE Antivirus
Trojan.Win32.Generic
36758

Zillya! Antivirus
Adware.Amonetize.Win32.1999
2.0.0.2038

File size:
465.2 KB (476,352 bytes)

Product version:
1.1.8.22

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\dvdfab 9.1.8.3 final__10924_i1445473076_il2465530.exe

Digital Signature
Signed by:
AMGRUP LLC

Authority:
Thawte, Inc.

Valid from:
12/1/2014 4:00:00 PM

Valid to:
12/2/2015 3:59:59 PM

Subject:
CN=AMGRUP LLC, O=AMGRUP LLC, L=Kiev, S=Kiev, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7BEE5C2171C644AF5B917C9D0C4DC006

File PE Metadata
Compilation timestamp:
1/8/2015 2:20:44 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:u71Wi01RV32J9I/p4NkIFrOIWv2HSKjm747ptEshHu+VtILnnVJYtEsGz2:u71WZz0IB+kIFYvbV49Ksxu+jenVrV2

Entry address:
0x11FB8

Entry point:
E8, 9B, 4B, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, 04, 2F, 3B, 00, 00, 75, 18, E8, 79, 35, 00, 00, 6A, 1E, E8, C3, 33, 00, 00, 68, FF, 00, 00, 00, E8, F0, F8, FF, FF, 59, 59, 8B, 45, 08, 85, C0, 75, 01, 40, 50, 6A, 00, FF, 35, 04, 2F, 3B, 00, FF, 15, C8, B0, 3A, 00, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 04, 2F, 3B, 00, 00, 75, 18, E8, 2F, 35, 00, 00, 6A, 1E, E8, 79, 33, 00, 00, 68, FF, 00, 00, 00, E8, A6, F8, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3...
 
[+]

Entropy:
7.4526

Code size:
165 KB (168,960 bytes)

The file dvdfab 9.1.8.3 final__10924_i1445473076_il2465530.exe has been seen being distributed by the following 8 URLs.

http://downprov.thesoftwarenow.com/links?version=1.1.8.22&campid=10924&instid[appname]=Empire State and Society: Britain.rar_Downloader&instid[appsetupurl]=http://go.venturecdn.com/getfast/download.cgi?9&ti1=1005000&ti2=1&ti3=2015-01-11T21:23:51.935132 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.venturecdn.com/d1/logo150x150.png&prefix=Empire State and Society: Britain.rar&instid[thankyoupage]=http://download.venturecdn.com/.../thank_you.php?ti1=1005000&ti2=1&ti3=2015-01-11T21:23:51.935132 00:00&parameter=Empire State and Society: Britain.rar&instid[interrupted]=http://download.venturecdn.com/.../interrupted.php?ti1=1005000&ti2=1&ti3=2015-01-11T21:23:51.935132 00:00&parameter=Empire State and Society: Britain.rar&ti1=1005000&ti2=1&ti3=2015-01-11T21:23:51.935132 00:00

http://downprov.thesoftwarenow.com/links?version=1.1.8.22&campid=10924&instid[appname]=daemon tools no cd key_Downloader&instid[appsetupurl]=http://go.downloadboutique.com/getfast/download.cgi?9&ti1=1405000&ti2=0&ti3=DD1_2015-01-11T16:24:55.735030 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.downloadboutique.com/d1/logo150x150.png&prefix=daemon tools no cd key&instid[thankyoupage]=http://download.downloadboutique.com/.../thank_you.php?ti1=1405000&ti2=0&ti3=DD1_2015-01-11T16:24:55.735030 00:00&parameter=daemon tools no cd key&instid[interrupted]=http://download.downloadboutique.com/.../interrupted.php?ti1=1405000&ti2=0&ti3=DD1_2015-01-11T16:24:55.735030 00:00&parameter=daemon tools no cd key&ti1=1405000&ti2=0&ti3=DD1_2015-01-11T16:24:55.735030 00:00

http://downprov.thesoftwarenow.com/links?version=1.1.8.22&campid=10924&instid[appname]=saints row 4 cracked steam api.dll_Downloader&instid[appsetupurl]=http://go.downloadboutique.com/getfast/download.cgi?9&ti1=3310000&ti2=3&ti3=DD1_2015-01-11T12:42:23.353095 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.downloadboutique.com/d1/logo150x150.png&prefix=saints row 4 cracked steam api.dll&instid[thankyoupage]=http://download.downloadboutique.com/.../thank_you.php?ti1=3310000&ti2=3&ti3=DD1_2015-01-11T12:42:23.353095 00:00&parameter=saints row 4 cracked steam api.dll&instid[interrupted]=http://download.downloadboutique.com/.../interrupted.php?ti1=3310000&ti2=3&ti3=DD1_2015-01-11T12:42:23.353095 00:00&parameter=saints row 4 cracked steam api.dll&ti1=3310000&ti2=3&ti3=DD1_2015-01-11T12:42:23.353095 00:00

http://squid.cluster1.amber1graph.com/download.php?version=1.1.8.22&campid=10924&instid[appname]=dishwashing liquid dispenser_Downloader&instid[appsetupurl]=http://go.downloadboutique.com/getfast/download.cgi?9&ti1=1460000&ti2=0&ti3=DD1_2015-01-11T23:59:21.038881 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.downloadboutique.com/d1/logo150x150.png&prefix=dishwashing liquid dispenser&instid[thankyoupage]=http://download.downloadboutique.com/.../thank_you.php?ti1=1460000&ti2=0&ti3=DD1_2015-01-11T23:59:21.038881 00:00&parameter=dishwashing liquid dispenser&instid[interrupted]=http://download.downloadboutique.com/.../interrupted.php?ti1=1460000&ti2=0&ti3=DD1_2015-01-11T23:59:21.038881 00:00&parameter=dishwashing liquid dispenser&ti1=1460000&ti2=0&ti3=DD1_2015-01-11T23:59:21.038881 00

http://downprov.thesoftwarenow.com/links?version=1.1.8.22&campid=10924&instid[appname]=dishwashing liquid dispenser_Downloader&instid[appsetupurl]=http://go.downloadboutique.com/getfast/download.cgi?9&ti1=1460000&ti2=0&ti3=DD1_2015-01-11T23:59:21.038881 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.downloadboutique.com/d1/logo150x150.png&prefix=dishwashing liquid dispenser&instid[thankyoupage]=http://download.downloadboutique.com/.../thank_you.php?ti1=1460000&ti2=0&ti3=DD1_2015-01-11T23:59:21.038881 00:00&parameter=dishwashing liquid dispenser&instid[interrupted]=http://download.downloadboutique.com/.../interrupted.php?ti1=1460000&ti2=0&ti3=DD1_2015-01-11T23:59:21.038881 00:00&parameter=dishwashing liquid dispenser&ti1=1460000&ti2=0&ti3=DD1_2015-01-11T23:59:21.038881 00:00

http://downprov.thesoftwarenow.com/links?version=1.1.8.22&campid=10924&instid[appname]=dishwashing liquid dispenser_Downloader&instid[appsetupurl]=http://go.downloadboutique.com/getfast/download.cgi?9&ti1=1460000&ti2=0&ti3=DD1_2015-01-11T23:59:21.038881 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.downloadboutique.com/d1/logo150x150.png&prefix=dishwashing liquid dispenser&instid[thankyoupage]=http://download.downloadboutique.com/.../thank_you.php?ti1=1460000&ti2=0&ti3=DD1_2015-01-11T23:59:21.038881 00:00&parameter=dishwashing liquid dispenser&instid[interrupted]=http://download.downloadboutique.com/.../interrupted.php?ti1=1460000&ti2=0&ti3=DD1_2015-01-11T23:59:21.038881 00:00&parameter=dishwashing liquid dispenser&ti1=1460000&ti2=0&ti3=DD1_2015-01-11T23:59:21.038881 00:00

http://downprov.thesoftwarenow.com/links?version=1.1.8.22&campid=10924&instid[appname]=The Blacklist Season 1 Complete 720p_Downloader&instid[appsetupurl]=http://go.venturecdn.com/getfast/download.cgi?9&ti1=1005000&ti2=1&ti3=2015-01-11T19:32:26.710410 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.venturecdn.com/d1/logo150x150.png&prefix=The Blacklist Season 1 Complete 720p&instid[thankyoupage]=http://download.venturecdn.com/.../thank_you.php?ti1=1005000&ti2=1&ti3=2015-01-11T19:32:26.710410 00:00&parameter=The Blacklist Season 1 Complete 720p&instid[interrupted]=http://download.venturecdn.com/.../interrupted.php?ti1=1005000&ti2=1&ti3=2015-01-11T19:32:26.710410 00:00&parameter=The Blacklist Season 1 Complete 720p&ti1=1005000&ti2=1&ti3=2015-01-11T19:32:26.710410 00:00

http://downprov.thesoftwarenow.com/links?version=1.1.8.22&campid=10924&instid[appname]=windump wpcap.dll_Downloader&instid[appsetupurl]=http://go.downloadboutique.com/getfast/download.cgi?9&ti1=3180000&ti2=1&ti3=DD1_2015-01-12T00:05:02.450055 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.downloadboutique.com/d1/logo150x150.png&prefix=windump wpcap.dll&instid[thankyoupage]=http://download.downloadboutique.com/.../thank_you.php?ti1=3180000&ti2=1&ti3=DD1_2015-01-12T00:05:02.450055 00:00&parameter=windump wpcap.dll&instid[interrupted]=http://download.downloadboutique.com/.../interrupted.php?ti1=3180000&ti2=1&ti3=DD1_2015-01-12T00:05:02.450055 00:00&parameter=windump wpcap.dll&ti1=3180000&ti2=1&ti3=DD1_2015-01-12T00:05:02.450055 00:00

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.