» exploitedfame account generato downloader__3687_i1292870115_il1618885.exe
Overview
Analysis
File Details
Downloads (2)

exploitedfame account generato downloader__3687_i1292870115_il1618885.exe

Wilmaonline LTD.

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application exploitedfame account generato downloader__3687_i1292870115_il1618885.exe by Wilmaonline has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

Wilmaonline LTD. (signed and verified)

Version:

1.1.5.26

MD5:

7c3546c50cf0b5f1968a8e4dd41ee0c2

SHA-1:

2c87acdb81685e5499a04cc6e59df53e3630006f

SHA-256:

c15716ce74a280205d4ac03712d62d14a004615ede7711ad398b30b29942a6a6

Scanner detections:

15 / 68

Status:

Adware

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

1/13/2025 7:34:29 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.Amonetize.11

728

Avira AntiVirus

Adware/Amonetize.tzv

7.11.171.160

AVG

Generic

2016.0.3206

Baidu Antivirus

Adware.Win32.Amonetize

4.0.3.1526

Bitdefender

Gen:Variant.Application.Bundler.Amonetize.11

1.0.20.185

ESET NOD32

Win32/Amonetize.BK (variant)

9.10399

F-Secure

Gen:Variant.Application.Bundler

11.2015-06-02_6

G Data

Gen:Variant.Application.Bundler.Amonetize.11

15.2.24

Kaspersky

not-a-virus:AdWare.Win32.Amonetize

14.0.0.2526

Malwarebytes

PUP.Optional.Amonetize

v2015.02.06.06

McAfee

Artemis!7C3546C50CF0

5600.6862

MicroWorld eScan

Gen:Variant.Application.Bundler.Amonetize.11

16.0.0.111

Panda Antivirus

Trj/Genetic.gen

15.02.06.06

Qihoo 360 Security

Win32/Application.639

1.0.0.1015

Reason Heuristics

PUP.Installer.Brightcircle

15.2.6.18

File size:

339.2 KB (347,328 bytes)

Product version:

1.1.5.26

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

TUGUU DomaIQ Setup

Language:

English (United States)

Common path:

C:\users\{user}\downloads\exploitedfame account generato downloader__3687_i1292870115_il1618885.exe

Digital Signature

Signed by:

Wilmaonline LTD.

Authority:

Thawte, Inc.

Valid from:

7/6/2014 8:00:00 PM

Valid to:

8/6/2015 7:59:59 PM

Subject:

CN=Wilmaonline LTD., O=Wilmaonline LTD., L=Raanana, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

2B7DF4C242BFBB654DA05B78A86926AA

File PE Metadata

Compilation timestamp:

9/10/2014 9:03:25 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:vD+91jHQdQ5BiQ+KfqOtmWGhAHs/whu105y8FrnVnaKirjavJqMoCNTUeSw:S5HQ77OIWGhIhE78BVaDrjakYgep

Entry address:

0x20D44

Entry point:

E8, 2A, AB, 00, 00, E9, 89, FE, FF, FF, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 04, E6, 44, 00, 00, 74, 05, E9, 92, AB, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6, 8B, 44, 24, 08, 5F... 
[+]

Entropy:

6.5310

Code size:

226 KB (231,424 bytes)

The file exploitedfame account generato downloader__3687_i1292870115_il1618885.exe has been seen being distributed by the following 2 URLs.

http://rs-catalog.com/r/.../aWQ9NTgmc2lkPXJzY2F0Jm5hbWU9Q2lzY28lMjBQYWNrZXQlMjBUcmFjZXIlMjA2LjElMjAlMjh3aXRoJTIwdHV0b3JpYWxzJTI5JTIwLSUyMFN0dWRlbnQlMjB2ZXJzaW9u

http://www.positivedownload.com/download.php?version=1.1.5.26&campid=3687&instid[appname]=ExploitedFame Account Generator Downloader&instid[appsetupurl]=http://fastmediadownloads.com/download/Prompt-Downloader-1505337005.exe&instid[cmdline]=&instid[appimageurl]=http://.../logo.png&prefix=ExploitedFame Account Generato Downloader&instid[interrupted]=http://.../?cancel&ti1=1505337005&instid[thankyoupage]=http://.../?success

Remove exploitedfame account generato downloader__3687_i1292870115_il1618885.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.