final cut x for windows downloader__3687_i1428527922_il17443.exe

The application final cut x for windows downloader__3687_i1428527922_il17443.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.slow-download.com.
MD5:
b02478a263576cc440f546d778eb4a60

SHA-1:
3f968f40783709da148c942bc21ba58a5561679b

SHA-256:
7e0a360a8472f2c55fa09e3e1cde91a306a38e53e0f202ab3b77c4bdd76bec22

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 6:47:05 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Amonetize-HT [PUP]
160215-2

Dr.Web
Trojan.Amonetize.341
9.0.1.05190

Reason Heuristics
Adware.Amonetize.AT (M)
16.3.5.19

File size:
43.5 KB (44,512 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\final cut x for windows downloader__3687_i1428527922_il17443.exe

File PE Metadata
Compilation timestamp:
12/19/2014 2:07:19 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
768:hjG1G/jF2ABeLJfxyL1GUmcYBcptBV1AwbDgBkjMd41GVnopjA:9GgLFR6JYxGUmVgVvg2jMOompM

Entry address:
0xAF83

Entry point:
E8, 21, 3E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, C4, 5B, 39, 00, FF, 15, A4, E0, 38, 00, 85, C0, 75, 18, 56, E8, 57, 2D, 00, 00, 8B, F0, FF, 15, 84, E0, 38, 00, 50, E8, 07, 2D, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, C1, ED, FF, FF, C7, 06, C0, EB, 38, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, C0, EB, 38, 00, E9, 05, EE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, C0, EB, 38, 00, E8, F2, ED, FF, FF...
 
[+]

Entropy:
6.2968

Code size:
115.5 KB (118,272 bytes)

The file final cut x for windows downloader__3687_i1428527922_il17443.exe has been seen being distributed by the following URL.