» flashplayer__6207_i912291826_il2164.exe
Overview
Analysis
File Details

flashplayer__6207_i912291826_il2164.exe

Install Path Ltd

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application flashplayer__6207_i912291826_il2164.exe by Install Path has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The installer is marketed through download protals and search ads as the free Adobe Flash Player but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

Publisher:

Install Path Ltd (signed and verified)

Version:

1.1.1.72

MD5:

ba83e30a68fa9b8b8f10fedfb50a9af5

SHA-1:

282345abf1b9131a4ae43f8d4cd6cbb85c3619c7

SHA-256:

e802719b91817321a4b6559a8f00efcaa65676b5b015cdff9e82b1b0c39a12d2

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/23/2024 8:14:12 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Amonetize (M)

16.9.21.8

File size:

338 KB (346,072 bytes)

Product version:

1.1.1.72

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Amonetize Downloader

Language:

English (United States)

Common path:

C:\users\{user}\downloads\flashplayer__6207_i912291826_il2164.exe

Digital Signature

Signed by:

Install Path Ltd

Authority:

COMODO CA Limited

Valid from:

4/29/2014 8:00:00 PM

Valid to:

4/29/2016 7:59:59 PM

Subject:

CN=Install Path Ltd, OU=Install Path Ltd, O=Install Path Ltd, STREET=5 Jabotinsky, L=Ramat Gan, S=(select one), PostalCode=5252006, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

11218EE2EBDA2A9FF91D21033208850D

File PE Metadata

Compilation timestamp:

6/19/2014 5:02:12 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:8kgO14op8CFTWHE1bQtyStLrBaQLmF6eMwq1RmwEHqyl4UNKiG1CpHyJ:8kgO1vmITWAbQtyStLVaQFcwIqyj4U

Entry address:

0x281D4

Entry point:

E8, 34, A0, 00, 00, E9, 89, FE, FF, FF, CC, CC, 53, 56, 8B, 44, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 14, 8B, 44, 24, 10, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 0C, F7, F1, 8B, D3, EB, 41, 8B, C8, 8B, 5C, 24, 14, 8B, 54, 24, 10, 8B, 44, 24, 0C, D1, E9, D1, DB, D1, EA, D1, D8, 0B, C9, 75, F4, F7, F3, 8B, F0, F7, 64, 24, 18, 8B, C8, 8B, 44, 24, 14, F7, E6, 03, D1, 72, 0E, 3B, 54, 24, 10, 77, 08, 72, 07, 3B, 44, 24, 0C, 76, 01, 4E, 33, D2, 8B, C6, 5E, 5B, C2, 10, 00, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00... 
[+]

Entropy:

6.4853

Code size:

237 KB (242,688 bytes)

Remove flashplayer__6207_i912291826_il2164.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.