home

f_0002c2

AMGRUP LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file f_0002c2 by AMGRUP has been detected as adware by 27 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
AMGRUP LLC  (signed and verified)

Version:
1.1.6.20

MD5:
1220ac76d9a3e1cdd7dfe9d085c92777

SHA-1:
5ae083c9ea517e6f1d52eb3972926d1f7e80df48

SHA-256:
f9961439c7e9d28ba5da4d45bc839530328ce478d2591aee16b904ec2eec005b

Scanner detections:
27 / 68

Status:
Adware

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/27/2024 2:42:03 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Amonetize.AO
757

AhnLab V3 Security
PUP/Win32.Amonetiz
2015.01.09

Avira AntiVirus
Adware/Amonetize.477888
7.11.200.58

avast!
Win32:Dropper-gen [Drp]
2014.9-150112

AVG
Generic
2016.0.3235

Baidu Antivirus
PUA.Win32.Amonetize
4.0.3.15112

Bitdefender
Application.Bundler.Amonetize.AO
1.0.20.45

Bkav FE
HW32.Packed
1.3.0.6267

Dr.Web
Trojan.Adfltnet.71
9.0.1.09

Emsisoft Anti-Malware
Trojan.GenericKD.2067331
8.15.01.12.10

ESET NOD32
Win32/Amonetize.CS (variant)
9.10986

Fortinet FortiGate
Adware/Amonetize
1/9/2015

F-Secure
Application.Bundler.Amonetize
11.2015-09-01_6

G Data
Application.Bundler.Amonetize.AO
15.1.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.190.14587

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.2668

Malwarebytes
PUP.Optional.Bundler
v2015.01.09.10

McAfee
Artemis!1220AC76D9A3
5600.6891

MicroWorld eScan
Application.Bundler.Amonetize.AO
16.0.0.27

NANO AntiVirus
Trojan.Win32.Adfltnet.dlwosi
0.30.0.64448

nProtect
Trojan.GenericKD.2067331
15.01.09.01

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.AMGRUP.I
15.1.9.10

Sophos
Generic PUA FK
4.98

Trend Micro House Call
TROJ_GEN.R047H07A615
7.2.9

ViRobot
Adware.Agent.477888[h]
2014.3.20.0

File size:
466.7 KB (477,888 bytes)

Product version:
1.1.6.20

Original file name:
setup.exe

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\google\chrome\user data\default\cache\f_0002c2

Digital Signature
Signed by:
AMGRUP LLC

Authority:
Thawte, Inc.

Valid from:
12/2/2014 2:00:00 AM

Valid to:
12/3/2015 1:59:59 AM

Subject:
CN=AMGRUP LLC, O=AMGRUP LLC, L=Kiev, S=Kiev, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7BEE5C2171C644AF5B917C9D0C4DC006

File PE Metadata
Compilation timestamp:
1/5/2015 9:54:45 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:FirysgLHnGOLfep3llT4vG/nObckjx6tvFM:k+s+HnGOE3zTCG/nObckjxcvFM

Entry address:
0x12458

Entry point:
E8, 9B, 4B, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, 04, 2F, 3B, 00, 00, 75, 18, E8, 79, 35, 00, 00, 6A, 1E, E8, C3, 33, 00, 00, 68, FF, 00, 00, 00, E8, F0, F8, FF, FF, 59, 59, 8B, 45, 08, 85, C0, 75, 01, 40, 50, 6A, 00, FF, 35, 04, 2F, 3B, 00, FF, 15, C8, B0, 3A, 00, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 04, 2F, 3B, 00, 00, 75, 18, E8, 2F, 35, 00, 00, 6A, 1E, E8, 79, 33, 00, 00, 68, FF, 00, 00, 00, E8, A6, F8, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3...
 
[+]

Entropy:
7.4500

Code size:
166.5 KB (170,496 bytes)

The file f_0002c2 has been seen being distributed by the following 7 URLs.

http://www.earthquake-file.com/.../<.exe

http://www.earthquake-file.com/.../Adobe Photoshop CS6 Portable Full Version__6495_il456.exe

http://www.earthquake-file.com/.../Download Film Doraemon Stand By Me [2014] 3D Subtitle Indonesia__6490_il26.exe

http://www.our-hurricane-file.net/.../GRATIS MANUAL COMPLETO DE COSTURA Editorial El Drac PDF__11568_il856473.exe

http://www.earthquake-file.com/.../Game Onet 2__5695_il2906.exe

http://www.earthquake-file.com/.../Setup__4508_il838.exe

http://www.earthquake-file.com/.../GoogleChrome__6090_i1444670556_il2075904.exe

Remove f_0002c2 - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.