f_000111

The file f_000111 has been detected as a potentially unwanted program by 20 anti-malware scanners. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.our-hurricane-file.net.
Version:
1.1.8.22

MD5:
5c0419449120f380abb14811bb0b9b91

SHA-1:
18bc14bacd3149347acd73aa9446fb12136b1e68

SHA-256:
dc7d471c77fdc6f7ce3b9110f2617ac897f9f8927b66bc4778c306f8d574be9b

Scanner detections:
20 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 12:33:10 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Jatif.103
735

Avira AntiVirus
ADWARE/Adware.Gen4
7.11.205.178

avast!
Win32:Malware-gen
2014.9-150129

AVG
InstallPath.7F5
2016.0.3213

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.15129

Bitdefender
Gen:Variant.Application.Jatif.103
1.0.20.150

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Amonetize.441
9.0.1.029

Emsisoft Anti-Malware
Gen:Variant.Application.Jatif.103
8.15.01.30.12

ESET NOD32
Win32/Amonetize.DE (variant)
9.11086

F-Secure
Riskware.Gen:Variant.Application.Jatif
11.2015-30-01_6

G Data
Gen:Variant.Application.Jatif.103
15.1.25

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.2562

McAfee
Program.Artemis!F3FD47E592D1
5600.6869

MicroWorld eScan
Gen:Variant.Application.Jatif.103
16.0.0.90

NANO AntiVirus
Trojan.Win32.Amonetize.dnbrcn
0.30.0.65070

Panda Antivirus
Trj/Genetic.gen
15.01.29.01

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
15.1.30.12

Trend Micro House Call
TROJ_GEN.R0C1H07AS15
7.2.30

File size:
642.5 KB (657,920 bytes)

Product version:
1.1.8.22

Original file name:
setup.exe

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\google\chrome\user data\default\cache\f_000111

File PE Metadata
Compilation timestamp:
1/27/2015 2:17:49 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:mCJhcc5z/QT9mf4NUcuXuYCQ5WMG89dQjQUnw/sq:mCbcc5zoTIf4CcXSWP8ojw/s

Entry address:
0xE34A

Entry point:
E8, DF, 4A, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, EC, 1E, 38, 00, 00, 75, 18, E8, BD, 34, 00, 00, 6A, 1E, E8, 07, 33, 00, 00, 68, FF, 00, 00, 00, E8, EE, F8, FF, FF, 59, 59, 8B, 45, 08, 85, C0, 75, 01, 40, 50, 6A, 00, FF, 35, EC, 1E, 38, 00, FF, 15, 9C, 70, 37, 00, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, EC, 1E, 38, 00, 00, 75, 18, E8, 73, 34, 00, 00, 6A, 1E, E8, BD, 32, 00, 00, 68, FF, 00, 00, 00, E8, A4, F8, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3...
 
[+]

Entropy:
7.6102

Code size:
150.5 KB (154,112 bytes)

The file f_000111 has been seen being distributed by the following URL.

Remove f_000111 - Powered by Reason Core Security