f_00033b

ITL-GROUP LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file f_00033b by ITL-GROUP has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
ITL-GROUP LLC  (signed and verified)

Version:
1.1.5.26

MD5:
8d2862a6cf3210bf6098d7e30c54b33f

SHA-1:
0d0332fbfed56b0d51f29c18d28aa1e243ddda22

SHA-256:
b9b0b6c183143189c493ebd31be53176869eca8ec55f970f527c7bafe325b471

Scanner detections:
21 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/5/2024 7:09:35 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Strictor.68509
809

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.11.20

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.186.196

avast!
Win32:Amonetize-GA [PUP]
2014.9-141124

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.141124

Bitdefender
Gen:Variant.Adware.Strictor.68509
1.0.20.1605

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.68509
8.14.11.17.03

ESET NOD32
Win32/Amonetize.BP (variant)
8.10737

Fortinet FortiGate
Riskware/Amonetize
11/24/2014

F-Secure
Gen:Variant.Adware.Strictor.68509
11.2014-17-11_2

G Data
Gen:Variant.Adware.Strictor.68509
14.11.24

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.2898

McAfee
Artemis!36000A7E3390
5600.6937

MicroWorld eScan
Gen:Variant.Adware.Strictor.68509
15.0.0.963

Panda Antivirus
Trj/Genetic.gen
14.11.24.09

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.ITLGROUP.I
14.11.21.23

Rising Antivirus
PE:Trojan.Win32.Generic.17A6DC21!396811297
23.00.65.141122

Sophos
Generic PUA JG
4.98

Trend Micro House Call
TROJ_GEN.R0C1H09KJ14
7.2.328

VIPRE Antivirus
Threat.4150696
34948

File size:
399.7 KB (409,320 bytes)

Product version:
1.1.5.26

Original file name:
setup.exe

Bundler/Installer:
Amonetize Downloader

Common path:
C:\users\{user}\appdata\local\google\chrome\user data\default\cache\f_00033b

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
10/20/2014 4:00:00 AM

Valid to:
10/21/2015 3:59:59 AM

Subject:
CN=ITL-GROUP LLC, O=ITL-GROUP LLC, L=Selyshche Doslidne, S=Selyshche Doslidne, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
080AA229F6377F023DF6C8F878AC3719

File PE Metadata
Compilation timestamp:
11/17/2014 10:02:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:3AFfFgg7x2O9d58B/183EuUdn1BGCvHk9g+xDAZm51EIJ7m/3ayh7APiWj5hwPh:QD/9d58BwEJFGywggMZmUISmiE56h

Entry address:
0x24614

Entry point:
E8, 1E, AC, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, E0, D9, 44, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 6C, D0, 43, 00, 33, C0, 39, 5D, 28, 53, 53, FF, 75, 18, 0F, 95, C0, FF, 75, 14, 8D, 04, C5, 01, 00, 00, 00, 50, FF, 75, 24, FF, D6, 8B, F8, 89...
 
[+]

Code size:
236.5 KB (242,176 bytes)

The file f_00033b has been seen being distributed by the following URL.

Remove f_00033b - Powered by Reason Core Security