fast file downloader__3338_i404923439_il179177.exe

Install

Shetef Solutions & Consulting (1998) Ltd.

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application fast file downloader__3338_i404923439_il179177.exe by Shetef Solutions & Consulting (1998) has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:

Product:
Install

Version:
1.1.1.72

MD5:
4f0d2b78c4bd9b4fcb0203cd1d73e41f

SHA-1:
36a9841e843826261343b7edb21fed9b5438eca5

SHA-256:
55893987d9c17b606851d131b85a4feda3e839b68a2b743d35e97b58299334c8

Scanner detections:
18 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/5/2024 2:44:57 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
14.04.20

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.144.106

avast!
Win32:Amonetize-M [PUP]
2014.9-140420

AVG
Generic_r
2015.0.3499

Dr.Web
Adware.Downware.1575
9.0.1.0110

ESET NOD32
Win32/Amonetize.AJ (variant)
8.9700

Fortinet FortiGate
Riskware/Amonetize
4/20/2014

K7 AntiVirus
Trojan
13.176.11806

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Amonetize
14.0.0.3989

Malwarebytes
PUP.Optional.Amonetize.A
v2014.04.20.06

McAfee
Artemis!4F0D2B78C4BD
5600.7155

NANO AntiVirus
Riskware.Win32.Amonetize.cwgnry
0.28.0.59288

Qihoo 360 Security
Win32/Virus.Adware.932
1.0.0.1015

Reason Heuristics
PUP.ShetefSolutionsConsulting1998.o
14.8.8.3

Sophos
Amonetize
4.98

Trend Micro House Call
TROJ_GEN.F47V0304
7.2.110

VIPRE Antivirus
Trojan.Win32.Generic
28414

File size:
148.6 KB (152,192 bytes)

Product version:
2.1.12

Copyright:
Copyright( c ) All Rights Reserved.

Original file name:
Install.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\fast file downloader__3338_i404923439_il179177.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
7/23/2013 3:00:00 AM

Valid to:
7/24/2014 2:59:59 AM

Subject:
CN=Shetef Solutions & Consulting (1998) Ltd., O=Shetef Solutions & Consulting (1998) Ltd., L=Rannana, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7C23DBB97FAFBB9D28D413F836202024

File PE Metadata
Compilation timestamp:
3/4/2014 5:32:37 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:ULuJQxdpWHOCvgP7pKTyeQhywDezqm7Y+/dCqC8UpNs9n8:AMWpiegTdQAwEvM+/oUUbsd8

Entry address:
0x59970

Entry point:
60, BE, 00, A0, 43, 00, 8D, BE, 00, 70, FC, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA]

Code size:
128 KB (131,072 bytes)

The file fast file downloader__3338_i404923439_il179177.exe has been seen being distributed by the following 8 URLs.

http://ams1.ib.adnxs.com/click?kBK7treb8T-QEru2t5vxPwAAAAAAAPg_kBK7treb8T-QEru2t5vxP2oLOzukhlFN_VpdrKWAGilnTRZTAAAAAGawHwB2AgAAdgIAAAIAAABopLwA1ioFAAAAAQBVU0QAVVNEACwB-gBG0AAAN9cAAgQCAQIAAIoA0SVfKwAAAAA./cnd=!xwYjPgiLybgBEOjI8gUY1tUUIAM./referrer=http://cdn.sharedaddomain.com/slider_anchored_300x250_284.htm?cat=309,7870,7870&clientId=251fbf03-a7a9-4d88-8137-9bd3cbfe9567&l=http://www.webfactory.fiat.fr/&r=https://www.google.fr/&st=webfactory&kw=Fiat, Fiat 500, Fiat 500L, Punto, Panda, Distributeur, concession fiat, réseau, stock, véhicule neuf, véhicule de démonstration, Fiat 500L Living, Fiat 500L Trekking, Qubo, Doblo, Sedici, Freemont, Bravo, déstockage, voiture pas chère, véhicule d’occasion, voiture neuve, voiture de démonstration, voiture d’occasion/clickenc=http://www.hdplugindownload.