» flashplayer__10154_i1418287139_il172.exe
Overview
Analysis
File Details
Downloads (2)

flashplayer__10154_i1418287139_il172.exe

ITL-GROUP LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application flashplayer__10154_i1418287139_il172.exe by ITL-GROUP has been detected as adware by 31 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The installer is marketed through download protals and search ads as the free Adobe Flash Player but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

Publisher:

ITL-GROUP LLC (signed and verified)

Version:

1.1.5.55

MD5:

82e44c463ee1ed835eda80e1292cc1a8

SHA-1:

ae06eaf345c601db307ca7f9c382693a10bb7c22

SHA-256:

5d949c21b3ef964e79886c0b68f0867d57e00e2a4932b03623ff8549eccce794

Scanner detections:

31 / 68

Status:

Adware

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

1/13/2025 5:07:54 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Virtob.Gen.12

788

AhnLab V3 Security

PUP/Win32.Amonetiz

2014.12.06

Avira AntiVirus

ADWARE/Adware.Gen4

7.11.193.42

avast!

Win32:Malware-gen

2014.9-141207

AVG

Generic

2015.0.3268

Bitdefender

Win32.Virtob.Gen.12

1.0.20.1710

Bkav FE

W32.HfsAutoA

1.3.0.6267

Emsisoft Anti-Malware

Win32.Virtob.Gen.12

8.14.12.08.11

ESET NOD32

Win32/Amonetize.CH (variant)

8.10835

Fortinet FortiGate

Adware/Amonetize

12/7/2014

F-Prot

W32/Virut.E.gen

v6.4.6.5.141

F-Secure

Win32.Virtob.Gen.12

11.2014-08-12_2

G Data

Win32.Virtob.Gen.12

14.12.24

IKARUS anti.virus

Virus.Win32.Virut

t3scan.1.8.5.0

K7 AntiVirus

Unwanted-Program

13.186.14254

Kaspersky

not-a-virus:AdWare.Win32.Amonetize

14.0.0.2833

Malwarebytes

PUP.Optional.Amonetize

v2014.12.08.11

McAfee

Artemis!82E44C463EE1

5600.6924

Microsoft Security Essentials

Threat.Undefined

1.189.1447.0

MicroWorld eScan

Win32.Virtob.Gen.12

15.0.0.1026

Norman

Win32.Virtob.Gen.12

11.20141208

nProtect

Virus/W32.Virut.Gen

14.12.05.01

Panda Antivirus

Generic Suspicious

14.12.07.11

Quick Heal

W32.Virut.G

12.14.14.00

Reason Heuristics

PUP.Installer.ITLGROUP.e

14.12.7.11

Sophos

Generic PUA KO

4.98

Trend Micro House Call

PE_VIRUX.R

7.2.342

Trend Micro

PE_VIRUX.R

10.465.08

Vba32 AntiVirus

Virus.Virut.14

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

35470

Zillya! Antivirus

Virus.Virut.Win32.1938

2.0.0.1999

File size:

590.2 KB (604,392 bytes)

Product version:

1.1.5.55

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Amonetize Downloader

Language:

English (United States)

Common path:

C:\users\{user}\downloads\flashplayer__10154_i1418287139_il172.exe

Digital Signature

Signed by:

ITL-GROUP LLC

Authority:

Thawte, Inc.

Valid from:

10/20/2014 1:00:00 AM

Valid to:

10/21/2015 12:59:59 AM

Subject:

CN=ITL-GROUP LLC, O=ITL-GROUP LLC, L=Selyshche Doslidne, S=Selyshche Doslidne, C=UA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

080AA229F6377F023DF6C8F878AC3719

File PE Metadata

Compilation timestamp:

12/1/2014 10:34:18 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:D+QO2iSuC4JXQZRghZkDumdf3NxTCqRFjULz6hsB80FQ:DTO2L7EDvmdf3NxTC0OmhSNFQ

Entry address:

0xDA44

Entry point:

E8, 78, 78, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 7C, FF, 38, 00, FF, 15, C4, 70, 38, 00, 85, C0, 75, 18, 56, E8, 8D, 2F, 00, 00, 8B, F0, FF, 15, 24, 70, 38, 00, 50, E8, 3D, 2F, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, B0, E2, FF, FF, C7, 06, 1C, 7C, 38, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 1C, 7C, 38, 00, E9, F4, E2, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 1C, 7C, 38, 00, E8, E1, E2, FF, FF... 
[+]

Entropy:

7.5988

Code size:

150.5 KB (154,112 bytes)

The file flashplayer__10154_i1418287139_il172.exe has been seen being distributed by the following 2 URLs.

http://www.myplayerhd.net/dd2.html?version=1.1.5.55&ci=10422&capp=FlashPlayer&prefix=FlashPlayer

http://www.mmdhost.info/click

Remove flashplayer__10154_i1418287139_il172.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.