english explorer 1 workbook cevaplar__3038_i1395712326_il268732.exe

Shetef Solutions & Consulting (1998) Ltd.

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application english explorer 1 workbook cevaplar__3038_i1395712326_il268732.exe by Shetef Solutions & Consulting (1998) has been detected as adware by 22 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:

Version:
1.1.8.22

MD5:
d9b0e3234af9c734ece4a5bbef7be792

SHA-1:
3a90ab6a65f40408d3f1b0ff67875be1433ff92b

SHA-256:
50b18bc492e7cfadcb87938f43653af2b0cacba741af446e84b35cd139cceec2

Scanner detections:
22 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 5:03:58 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Jaik.4831
800

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.11.05

Avira AntiVirus
ADWARE/Adware.Gen4
7.11.183.24

avast!
Win32:Malware-gen
2014.9-141126

AVG
Generic
2015.0.3288

Bitdefender
Gen:Variant.Application.Jaik.4831
1.0.20.1650

Dr.Web
Adware.Downware.8996
9.0.1.0330

ESET NOD32
Win32/Amonetize.BY (variant)
8.10670

Fortinet FortiGate
Riskware/Amonetize
11/16/2014

F-Secure
Gen:Variant.Application.Jaik
11.2014-26-11_4

G Data
Gen:Variant.Application.Jaik.4831
14.11.24

K7 AntiVirus
Unwanted-Program
13.185.14021

Malwarebytes
PUP.Optional.Amonetize
v2014.11.16.12

McAfee
Artemis!75303E2A618E
5600.6934

MicroWorld eScan
Gen:Variant.Application.Jaik.4831
15.0.0.990

NANO AntiVirus
Riskware.Win32.Downware.difhzb
0.28.6.63362

Qihoo 360 Security
Win32/Application.0f2
1.0.0.1015

Reason Heuristics
PUP.Installer.ShetefSolutionsConsulting1998.?
14.11.16.12

Sophos
Generic PUA DK
4.98

Trend Micro House Call
Suspicious_GEN.F47V1115
7.2.330

VIPRE Antivirus
Trojan.Win32.Generic
34816

File size:
486.1 KB (497,744 bytes)

Product version:
1.1.8.22

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\english explorer 1 workbook cevaplar__3038_i1395712326_il268732.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
10/13/2014 12:02:37 PM

Valid to:
10/13/2015 12:02:37 PM

Subject:
CN=Shetef Solutions & Consulting (1998) Ltd., O=Shetef Solutions & Consulting (1998) Ltd., L=Rannana, S=Israel, C=IL

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B1B72BCEFC0E8

File PE Metadata
Compilation timestamp:
10/30/2014 12:41:41 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:NLFU2oitpf5hCPFZYdfUUgO3qZqf1bxAXKVN:N2ztZYRU1HK11YKVN

Entry address:
0x13CF6

Entry point:
E8, A8, 75, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, BC, A1, 3B, 00, 00, 75, 18, E8, 5E, 4E, 00, 00, 6A, 1E, E8, A8, 4C, 00, 00, 68, FF, 00, 00, 00, E8, 60, F5, FF, FF, 59, 59, 8B, 45, 08, 85, C0, 75, 01, 40, 50, 6A, 00, FF, 35, BC, A1, 3B, 00, FF, 15, F8, 10, 3B, 00, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, BC, A1, 3B, 00, 00, 75, 18, E8, 14, 4E, 00, 00, 6A, 1E, E8, 5E, 4C, 00, 00, 68, FF, 00, 00, 00, E8, 16, F5, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3...
 
[+]

Code size:
191 KB (195,584 bytes)

The file english explorer 1 workbook cevaplar__3038_i1395712326_il268732.exe has been seen being distributed by the following URL.