f_00030f

Prodlogistyka LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file f_00030f by Prodlogistyka has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Prodlogistyka LLC  (signed and verified)

Version:
1.1.5.90

MD5:
37221e0ecbb6b1c39702d6db67cc81aa

SHA-1:
f48cd3282f82024fafd8cc13b623c6d4eed136f5

SHA-256:
5f96baa9ce88ca4d7cab573a61892d139738b73abdf09dea701e0c506f3073d7

Scanner detections:
12 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 5:46:21 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.12.30

Avira AntiVirus
Adware/Amonetize.576200.16
7.11.198.192

Dr.Web
Trojan.Amonetize.341
9.0.1.0364

ESET NOD32
Win32/Amonetize.CK (variant)
8.10942

Fortinet FortiGate
Adware/Amonetize
12/31/2014

K7 AntiVirus
Unwanted-Program
13.188.14496

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.2719

McAfee
Artemis!37221E0ECBB6
5600.6901

Panda Antivirus
Generic Suspicious
14.12.31.04

Reason Heuristics
PUP.Installer.Prodlogistyka.I
15.1.4.13

Sophos
Generic PUA PE
4.98

Trend Micro House Call
TROJ_GEN.R047H07LT14
7.2.364

File size:
563.7 KB (577,224 bytes)

Product version:
1.1.5.90

Original file name:
setup.exe

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\google\chrome\user data\default\cache\f_00030f

Digital Signature
Authority:
thawte, Inc.

Valid from:
12/16/2014 4:00:00 AM

Valid to:
12/17/2015 3:59:59 AM

Subject:
CN=Prodlogistyka LLC, O=Prodlogistyka LLC, L=Kharkiv, S=Alabama, C=UA

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6EA4BF001566F2722AC7CE8C3A4F62AE

File PE Metadata
Compilation timestamp:
12/26/2014 10:07:40 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:G/XnAkWODcT4p2fVq90z5fzNP/IPbf1kT+Gk:G/wkWwp2fgC5p/UL1H7

Entry address:
0xB0FA

Entry point:
E8, 1A, 3E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, C4, 5B, 39, 00, FF, 15, A4, E0, 38, 00, 85, C0, 75, 18, 56, E8, 50, 2D, 00, 00, 8B, F0, FF, 15, 84, E0, 38, 00, 50, E8, 00, 2D, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 9A, ED, FF, FF, C7, 06, C0, EB, 38, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, C0, EB, 38, 00, E9, DE, ED, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, C0, EB, 38, 00, E8, CB, ED, FF, FF...
 
[+]

Code size:
115.5 KB (118,272 bytes)

Remove f_00030f - Powered by Reason Core Security