facebookemoticonssetup_988465885_400612_3035.exe

Amazecell LTD.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The application facebookemoticonssetup_988465885_400612_3035.exe by Amazecell has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from wrapapp.net.
Publisher:
Amazecell LTD.  (signed and verified)

MD5:
ab88373de8a363b68a92ff934275a015

SHA-1:
a9915bd8eddb073fa657c4947870335365d94c0a

SHA-256:
5a61e9ff2e8068be92fe010b7c06a96ab65c8c9885cf445c80f3012cb4db8c7d

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Bundles the Conduit Toolbar and/or Conduit Search Protect.

Analysis date:
11/5/2024 2:28:40 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.MarketScore
7.1.1

Avira AntiVirus
ADSPY/NaviPromo.J
7.11.95.156

avast!
Win32:PUP-gen [PUP]
2014.9-141215

AVG
RelevantKnowledge
2015.0.3259

Bitdefender
Adware.Relevant.BH
1.0.20.1745

Comodo Security
ApplicUnwnt.Win32.AdWare.RK.~E
16722

Dr.Web
Adware.Relevant.81
9.0.1.0349

Emsisoft Anti-Malware
Adware.Relevant.BH
8.14.12.15.08

ESET NOD32
Win32/Adware.RK.AQ
8.8657

Fortinet FortiGate
Riskware/Agent
12/15/2014

F-Secure
Adware.Relevant.BH
11.2014-15-12_2

G Data
Adware.Relevant.BH
14.12.22

IKARUS anti.virus
not-a-virus:WebToolbar.Win32.Agent
t3scan.2.0.3.0

Kaspersky
not-a-virus:WebToolbar.Win32.Agent
14.0.0.2791

Malwarebytes
PUP.Optional.Conduit.A
v2014.12.15.08

MicroWorld eScan
Adware.Relevant.BH
15.0.0.1047

NANO AntiVirus
Riskware.Win32.InstallToolbar.bcidbl
0.26.0.53884

Reason Heuristics
PUP.Installer.Amazecell.m
14.12.15.20

Trend Micro House Call
TROJ_GEN.F47V0721
7.2.349

VIPRE Antivirus
Wajam
20230

File size:
679.2 KB (695,504 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\facebookemoticonssetup_988465885_400612_3035.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
10/29/2012 8:00:00 PM

Valid to:
10/30/2013 7:59:59 PM

Subject:
CN=Amazecell LTD., O=Amazecell LTD., L=Hertzlia, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
365C7458F9CB8CF4C99A5AB69879EFCC

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:AP6GKiCHnWE+inkpa2f0eFrggMlwcdr0zA3yKRdrvaG:AP6ACHnWal2NObdz3THrv

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9179

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file facebookemoticonssetup_988465885_400612_3035.exe has been seen being distributed by the following URL.