» firefox.am__8584_il13170.exe
Overview
Analysis
File Details
Downloads (3)

firefox.am__8584_il13170.exe

DOZ-DEKORUM LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application firefox.am__8584_il13170.exe by DOZ-DEKORUM has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The installer is marketed through download protals and search ads as the free Mozilla Firefox web browser but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

Publisher:

DOZ-DEKORUM LLC (signed and verified)

Version:

1.1.5.26

MD5:

6f51176a138bc117b8c76e0e5e8ecf9d

SHA-1:

356b35977dad7fcb68def23e24f9fb5c376e2ee0

SHA-256:

ec4c7da0405754bfaff40ee8da5fc3b8c6d3cfc5e4f415c44aaf8cc934b96005

Scanner detections:

23 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/23/2025 10:56:42 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Amonetize

7.1.1

AhnLab V3 Security

PUP/Win32.Amonetize

2014.11.17

Avira AntiVirus

ADWARE/Adware.Gen4

7.11.186.112

avast!

Win32:Amonetize-FH [PUP]

2014.9-141116

AVG

Generic

2015.0.3288

Baidu Antivirus

Adware.Win32.Amonetize

4.0.3.141116

Comodo Security

ApplicUnwnt

20101

Dr.Web

Adware.Downware.8860

9.0.1.0320

ESET NOD32

Win32/Amonetize.BW (variant)

8.10732

Fortinet FortiGate

Riskware/Amonetize

11/16/2014

IKARUS anti.virus

PUA.Amonetize

t3scan.1.8.3.0

Malwarebytes

PUP.Optional.Amonetize

v2014.11.16.09

McAfee

Artemis!6F51176A138B

5600.6944

NANO AntiVirus

Riskware.Win32.Downware.dgzodg

0.28.6.63362

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Installer.DOZDEKORUM.X

14.11.16.21

Rising Antivirus

PE:Trojan.Win32.Generic.178A2D76!394931574

23.00.65.141114

Sophos

Generic PUA DF

4.98

Trend Micro House Call

TROJ_GEN.R00UC0OK714

7.2.320

Trend Micro

TROJ_GEN.R00UC0OK714

10.465.16

Vba32 AntiVirus

AdWare.Amonetize

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

34840

Zillya! Antivirus

Adware.Amonetize.Win32.1442

2.0.0.1983

File size:

551.7 KB (564,952 bytes)

Product version:

1.1.5.26

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Amonetize Downloader

Language:

English (United States)

Common path:

C:\users\{user}\downloads\firefox.am__8584_il13170.exe

Digital Signature

Signed by:

DOZ-DEKORUM LLC

Authority:

Thawte, Inc.

Valid from:

10/1/2014 5:00:00 PM

Valid to:

10/2/2015 4:59:59 PM

Subject:

CN=DOZ-DEKORUM LLC, O=DOZ-DEKORUM LLC, L=Kyiv, S=Kyiv, C=UA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

73707838536CAA87D56478B5309E9717

File PE Metadata

Compilation timestamp:

10/13/2014 3:21:50 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:h8rSVLtRMm8AZJHAPFTjU7qrG9Hl4DxPy827m0:qrSVAAPHAdTjU7qa9FGy8B

Entry address:

0x11D8A

Entry point:

E8, E8, 69, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, 9C, 5E, 3A, 00, 00, 75, 18, E8, C7, 5E, 00, 00, 6A, 1E, E8, 11, 5D, 00, 00, 68, FF, 00, 00, 00, E8, 7C, F3, FF, FF, 59, 59, 8B, 45, 08, 85, C0, 75, 01, 40, 50, 6A, 00, FF, 35, 9C, 5E, 3A, 00, FF, 15, EC, A0, 39, 00, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 9C, 5E, 3A, 00, 00, 75, 18, E8, 7D, 5E, 00, 00, 6A, 1E, E8, C7, 5C, 00, 00, 68, FF, 00, 00, 00, E8, 32, F3, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3... 
[+]

Entropy:

7.4240

Code size:

163 KB (166,912 bytes)

The file firefox.am__8584_il13170.exe has been seen being distributed by the following 3 URLs.

http://www.nicerdownload.com/download.php?version=1.1.5.26&campid=3687&instid[appname]=Fashionista Clean Version Downloader&instid[appsetupurl]=http://fastmediadownloads.com/download/Prompt-Downloader-1498195315.exe&instid[cmdline]=&instid[appimageurl]=http://.../logo.png&prefix=Fashionista Clean Version Downloader&instid[interrupted]=http://.../?cancel&ti1=1498195315&instid[thankyoupage]=http://.../?success

http://www.nicerdownload.com/download.php?version=1.1.5.26&campid=3687&instid[appname]=Introduction To Industrial And Organizational Psyc Downloader&instid[appsetupurl]=http://fastmediadownloads.com/download/Prompt-Downloader-1109164247.exe&instid[cmdline]=&instid[appimageurl]=http://.../logo.png&prefix=Introduction To Industrial And Downloader&instid[interrupted]=http://.../?cancel&ti1=1109164247&instid[thankyoupage]=http://.../?success

http://www.nicerdownload.com/download.php?version=1.1.5.26&campid=3687&instid[appname]=Introduction To Industrial And Organizational Psyc Downloader&instid[appsetupurl]=http://fastmediadownloads.com/download/Prompt-Downloader-1286917118.exe&instid[cmdline]=&instid[appimageurl]=http://.../logo.png&prefix=Introduction To Industrial And Downloader&instid[interrupted]=http://.../?cancel&ti1=1286917118&instid[thankyoupage]=http://.../?success

Remove firefox.am__8584_il13170.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.