flashplayer__6741_i569799895_il3.exe

The application flashplayer__6741_i569799895_il3.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer, however the file is not signed with an authenticode signature from a trusted source. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The installer is marketed through download protals and search ads as the free Adobe Flash Player but will also install additional software offers which include adware, PUPs and browser toolbars.
Version:
1.1.5.89

MD5:
769a7e8b4ec24f29e00d8d739c052cf1

SHA-1:
f0c48da4f075f1a5a4506ab0b0169f2cd5bf9ba5

SHA-256:
035b62853a4c307c0b676cd8f5e54fe5e5940389c3816ce46f2817ac4ca1db6e

Scanner detections:
11 / 68

Status:
Potentially unwanted

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/24/2024 6:38:45 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Amonetiz
14.04.16

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.143.248

avast!
Win32:Amonetize-AK [PUP]
2014.9-140416

AVG
Generic_r
2015.0.3502

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.14416

Dr.Web
Adware.Downware.2467
9.0.1.0106

ESET NOD32
Win32/Amonetize.AJ (variant)
8.9687

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Amonetize
14.0.0.4005

Malwarebytes
PUP.Optional.Amonetize.A
v2014.04.16.09

Rising Antivirus
PE:Malware.Adware!6.17D8
23.00.65.14414

Sophos
Amonetize
4.98

File size:
342.5 KB (350,720 bytes)

Product version:
1.1.5.89

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\flashplayer__6741_i569799895_il3.exe

File PE Metadata
Compilation timestamp:
4/16/2014 2:55:28 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:GPnPUSIT8sAenLdPIMBitbB08jeNRWYSWqYSl23uoN0qLyEBZ/Amy:GPnPUxT8EnLdPBitxTW/Sl2eoN0YBim

Entry address:
0x29951

Entry point:
E8, D6, 97, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, 53, 56, 8B, 44, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 14, 8B, 44, 24, 10, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 0C, F7, F1, 8B, D3, EB, 41, 8B, C8, 8B, 5C, 24, 14, 8B, 54, 24, 10, 8B, 44, 24, 0C, D1, E9, D1, DB, D1, EA, D1, D8, 0B, C9, 75, F4, F7, F3, 8B, F0, F7, 64, 24, 18, 8B, C8, 8B, 44, 24, 14, F7, E6, 03, D1, 72, 0E, 3B, 54, 24, 10, 77, 08, 72, 07, 3B, 44, 24, 0C, 76, 01, 4E, 33, D2, 8B, C6, 5E, 5B, C2, 10, 00, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F...
 
[+]

Code size:
244 KB (249,856 bytes)

The file flashplayer__6741_i569799895_il3.exe has been seen being distributed by the following 17 URLs.

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=ZjdXVpZD1iNjgwYzE2ZS05YjQwLTRmNGItOTlhOS0wMjk4MTViMDdjYTc

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=Z5dXVpZD04ODFkYmI1NS1jOTY0LTRmM2UtODJjZi1lYzc2ZDJjMzk5MzE

http://www.holddownload.com/download.php?version=1.1.5.89&prefix=FlashPlayerSetup&campid=6741&instid[appname]=FlashPlayer&instid[appsetupurl]=https://launchpad.net/lightspark/trunk/lightspark-0.5.3/ download/Lightspark-0.5.3-win32.exe&instid[appimageurl]=http://www.tsxnrey.com/i/White Smoke Inc/.../150x150_v1Logo.jpg&prefix=FlashPlayer&ti1=7041624721397685253&capp=FlashPlayer

http://www.newhdplugin.net/direct-download.html?version=1.1.5.89&ci=6802&capp=FlashPlayer&ti1=ZjdXVpZD1jMDlhNjBlOC0yZDYzLTRjYzUtOGNkMy03YjMyNzNmMDhjOGY

Remove flashplayer__6741_i569799895_il3.exe - Powered by Reason Core Security