flashplayer__4369_i567267783_il13.exe

The application flashplayer__4369_i567267783_il13.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer, however the file is not signed with an authenticode signature from a trusted source. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The installer is marketed through download protals and search ads as the free Adobe Flash Player but will also install additional software offers which include adware, PUPs and browser toolbars.
Version:
1.1.6.20

MD5:
b759a09f0b627579c41b46e778301403

SHA-1:
939b267f7212c0ee365f22c101fd2032e81234f2

SHA-256:
6ea163a2318e4d83b28b23b18a33dee7d49b805c2ea5f430a551b8d51daaa8d6

Scanner detections:
11 / 68

Status:
Potentially unwanted

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/27/2024 5:29:52 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.143.174

avast!
Win32:Amonetize-AK [PUP]
2014.9-140415

AVG
Generic_r
2015.0.3503

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.14415

Dr.Web
Adware.Downware.2467
9.0.1.0105

ESET NOD32
Win32/Amonetize.AJ (variant)
8.9681

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Amonetize
14.0.0.4012

Malwarebytes
PUP.Optional.Amonetize.A
v2014.04.15.02

Qihoo 360 Security
Win32/Virus.Adware.389
1.0.0.1015

Rising Antivirus
PE:Malware.Adware!6.17D8
23.00.65.14413

Sophos
Amonetize
4.98

File size:
342.5 KB (350,720 bytes)

Product version:
1.1.6.20

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\flashplayer__4369_i567267783_il13.exe

File PE Metadata
Compilation timestamp:
4/15/2014 6:01:04 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:JPVPMa5xdqmQm2IQLndFULnB8VxXVfyeJA0YSWqYSl2+8YLrfqL/MBgty:JPVPMcrqBjIQLn/ULB8VO2W/Sl2vYvfk

Entry address:
0x29951

Entry point:
E8, D6, 97, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, 53, 56, 8B, 44, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 14, 8B, 44, 24, 10, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 0C, F7, F1, 8B, D3, EB, 41, 8B, C8, 8B, 5C, 24, 14, 8B, 54, 24, 10, 8B, 44, 24, 0C, D1, E9, D1, DB, D1, EA, D1, D8, 0B, C9, 75, F4, F7, F3, 8B, F0, F7, 64, 24, 18, 8B, C8, 8B, 44, 24, 14, F7, E6, 03, D1, 72, 0E, 3B, 54, 24, 10, 77, 08, 72, 07, 3B, 44, 24, 0C, 76, 01, 4E, 33, D2, 8B, C6, 5E, 5B, C2, 10, 00, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F...
 
[+]

Entropy:
6.4461

Code size:
244 KB (249,856 bytes)

The file flashplayer__4369_i567267783_il13.exe has been seen being distributed by the following 2 URLs.

Remove flashplayer__4369_i567267783_il13.exe - Powered by Reason Core Security