home

firefox idm cc add ons for version 37, 38, 39, 40, 41, 42, 43__6910_il2800.exe

LLC `FOTO-TSENTR `

The application firefox idm cc add ons for version 37, 38, 39, 40, 41, 42, 43__6910_il2800.exe by LLC `FOTO-TSENTR ` has been detected as a potentially unwanted program by 15 anti-malware scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from dc616.4shared.com.
Publisher:
LLC `FOTO-TSENTR `  (signed and verified)

MD5:
564f006e54c9b60e39b97a8ebaa6c191

SHA-1:
bec44e74ccf44b76d9d54d290d0d9b9dfca79389

SHA-256:
5c124d331d84273409852a836b7a43d641312f4fe9858b45e0d9992aecb0b470

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 8:37:27 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Amonetize.BG
513

AhnLab V3 Security
PUP/Win32.Amonetize
2015.09.10

Avira AntiVirus
ADWARE/Amonetize.Gen
8.3.2.2

Arcabit
Application.Bundler.Amonetize.BG
1.0.0.525

AVG
Downloader
2016.0.2991

Bitdefender
Application.Bundler.Amonetize.BG
1.0.20.1265

Dr.Web
Trojan.Amonetize.6690
9.0.1.0253

ESET NOD32
Win32/Amonetize.II potentially unwanted (variant)
9.12232

F-Secure
Application.Bundler.Amonetize
11.2015-10-09_5

G Data
Application.Bundler.Amonetize.BG
15.9.25

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.1448

Malwarebytes
PUP.Optional.Amonetize
v2015.09.10.11

MicroWorld eScan
Application.Bundler.Amonetize.BG
16.0.0.759

Reason Heuristics
Threat.Win.Reputation.IMP
15.9.11.21

VIPRE Antivirus
Amonetize
43638

File size:
756.2 KB (774,320 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\programs\firefox idm cc add ons for version 37, 38, 39, 40, 41, 42, 43__6910_il2800.exe

Digital Signature
Signed by:
LLC `FOTO-TSENTR `

Authority:
COMODO CA Limited

Valid from:
7/10/2015 5:00:00 AM

Valid to:
7/10/2016 4:59:59 AM

Subject:
CN=LLC `FOTO-TSENTR `, O=LLC `FOTO-TSENTR `, STREET="Bud. 13-A kv. 1, Bolshaya Morskaya", L=Mykolayiv, S=Mykolayivska, PostalCode=54001, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4EA3FDADC06CB2C406A598621402321B

File PE Metadata
Compilation timestamp:
9/10/2015 4:11:21 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:+0gHj3aQMURDT+8h3v1UxxDDApc5oiKp7I1nuSgFgwtEUkGdATGdPwkGfJ8Gp4+O:+0sqQfDqsUzIt1ynuwUkGuwKJ8G6EqAs

Entry address:
0xF6A0

Entry point:
E8, 4F, 4F, 00, 00, E9, 2F, FE, FF, FF, 55, 8B, EC, A1, 64, 6D, 43, 00, 85, C0, 75, 1D, E8, AA, 3D, 00, 00, 6A, 1E, E8, 00, 3E, 00, 00, 68, FF, 00, 00, 00, E8, F6, 33, 00, 00, A1, 64, 6D, 43, 00, 59, 59, 8B, 4D, 08, 85, C9, 75, 01, 41, 51, 6A, 00, 50, E9, C2, E6, FF, FF, 5D, C3, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 77, 6E, 53, 57, A1, 64, 6D, 43, 00, 85, C0, 75, 1D, E8, 63, 3D, 00, 00, 6A, 1E, E8, B9, 3D, 00, 00, 68, FF, 00, 00, 00, E8, AF, 33, 00, 00, A1, 64, 6D, 43, 00, 59, 59, 85, F6, 74, 04, 8B, CE...
 
[+]

Entropy:
7.6119

Code size:
164 KB (167,936 bytes)

The file firefox idm cc add ons for version 37, 38, 39, 40, 41, 42, 43__6910_il2800.exe has been seen being distributed by the following URL.

http://dc616.4shared.com/download/.../Microsoft_Office_2016_Free_Dow.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.