dvmediaplayer__6701_i1416370968_il103.exe

ITL-GROUP LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application dvmediaplayer__6701_i1416370968_il103.exe by ITL-GROUP has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
ITL-GROUP LLC  (signed and verified)

Version:
1.1.6.20

MD5:
bde0556ac9bd95fbfee174614e38a2bc

SHA-1:
f5fd90f718df2d964f4bda60556ea3be93d03da9

SHA-256:
60efbc9d6517d7d8eb1f130889712f6c808aaa1ee3bb21ff9515f53a1cf95d36

Scanner detections:
19 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 12:36:29 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Strictor.68509
793

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.12.03

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.190.4

avast!
Win32:Amonetize-GN [PUP]
2014.9-141203

AVG
Generic
2015.0.3271

Bitdefender
Gen:Variant.Adware.Strictor.68509
1.0.20.1685

ESET NOD32
Win32/Amonetize.BP (variant)
8.10817

Fortinet FortiGate
Adware/Amonetize
12/3/2014

F-Secure
Gen:Variant.Adware.Strictor.68509
11.2014-03-12_4

G Data
Gen:Variant.Adware.Strictor.68509
14.12.24

K7 AntiVirus
Unwanted-Program
13.186.14210

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.2852

Malwarebytes
PUP.Optional.Amonetize
v2014.12.03.03

McAfee
Artemis!BDE0556AC9BD
5600.6927

MicroWorld eScan
Gen:Variant.Adware.Strictor.68509
15.0.0.1011

NANO AntiVirus
Riskware.Win32.Amonetize.djmhrz
0.28.6.63850

Reason Heuristics
PUP.Installer.ITLGROUP.f
14.12.3.15

Sophos
Generic PUA PF
4.98

VIPRE Antivirus
Trojan.Win32.Generic
35370

File size:
411.2 KB (421,096 bytes)

Product version:
1.1.6.20

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\dvmediaplayer__6701_i1416370968_il103.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
10/20/2014 2:00:00 AM

Valid to:
10/21/2015 1:59:59 AM

Subject:
CN=ITL-GROUP LLC, O=ITL-GROUP LLC, L=Selyshche Doslidne, S=Selyshche Doslidne, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
080AA229F6377F023DF6C8F878AC3719

File PE Metadata
Compilation timestamp:
12/2/2014 7:03:53 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:MW7yurY6peY/NJLsd7xTLmUtugh5Qm0czXU0dz+B0Mzc/pCyb+AvAWQF:H7y+fLsd7xdNocrUsz+B0M00GAVF

Entry address:
0x26254

Entry point:
E8, 2E, AC, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, E0, 09, 45, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 6C, F0, 43, 00, 33, C0, 39, 5D, 28, 53, 53, FF, 75, 18, 0F, 95, C0, FF, 75, 14, 8D, 04, C5, 01, 00, 00, 00, 50, FF, 75, 24, FF, D6, 8B, F8, 89...
 
[+]

Entropy:
6.6815

Code size:
245.5 KB (251,392 bytes)

The file dvmediaplayer__6701_i1416370968_il103.exe has been seen being distributed by the following URL.

Remove dvmediaplayer__6701_i1416370968_il103.exe - Powered by Reason Core Security