home

flashplayersetup__10154_i1432863422_il1.exe

AMGRUP LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application flashplayersetup__10154_i1432863422_il1.exe by AMGRUP has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The installer is marketed through download protals and search ads as the free Adobe Flash Player but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
AMGRUP LLC  (signed and verified)

Version:
1.1.5.55

MD5:
9a1376ec2f4ed84a45d3ede4d1c10cf5

SHA-1:
660cbcdc24000f9d3820007b4d8104856d1cb552

SHA-256:
8959c675362822d7c7c05d8dc3776322a3b6a7ced3a5daecc4b75a164cee593e

Scanner detections:
16 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/27/2024 2:41:34 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2015.01.04

Avira AntiVirus
Adware/Amonetize.575168.18
7.11.199.74

AVG
Generic
2016.0.3232

Dr.Web
Trojan.Amonetize.341
9.0.1.011

ESET NOD32
Win32/Amonetize.CK (variant)
9.10959

Fortinet FortiGate
Riskware/Amonetize
1/11/2015

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.2657

Malwarebytes
PUP.Optional.Amonetize
v2015.01.11.02

McAfee
Artemis!9A1376EC2F4E
5600.6888

NANO AntiVirus
Riskware.Win32.Amonetize.dlfklg
0.30.0.64448

Panda Antivirus
Trj/CI.A
15.01.11.02

Reason Heuristics
PUP.Installer.AMGRUP.h
15.1.11.14

Trend Micro House Call
Suspicious_GEN.F47V1227
7.2.11

VIPRE Antivirus
Trojan.Win32.Generic
36336

Zillya! Antivirus
Adware.Amonetize.Win32.1872
2.0.0.2025

File size:
561.7 KB (575,168 bytes)

Product version:
1.1.5.55

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\flashplayersetup__10154_i1432863422_il1.exe

Digital Signature
Signed by:
AMGRUP LLC

Authority:
Thawte, Inc.

Valid from:
12/1/2014 5:00:00 PM

Valid to:
12/2/2015 4:59:59 PM

Subject:
CN=AMGRUP LLC, O=AMGRUP LLC, L=Kiev, S=Kiev, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7BEE5C2171C644AF5B917C9D0C4DC006

File PE Metadata
Compilation timestamp:
12/19/2014 3:07:19 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:ZyxggGN4sOJuGEyeCLO7OShgr9PJQvUMIL5iEF/w:Uxg14JJQ7CLIOSWr9PJG0F/w

Entry address:
0xAF83

Entry point:
E8, 21, 3E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, C4, 5B, 39, 00, FF, 15, A4, E0, 38, 00, 85, C0, 75, 18, 56, E8, 57, 2D, 00, 00, 8B, F0, FF, 15, 84, E0, 38, 00, 50, E8, 07, 2D, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, C1, ED, FF, FF, C7, 06, C0, EB, 38, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, C0, EB, 38, 00, E9, 05, EE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, C0, EB, 38, 00, E8, F2, ED, FF, FF...
 
[+]

Entropy:
7.6596

Code size:
115.5 KB (118,272 bytes)

The file flashplayersetup__10154_i1432863422_il1.exe has been seen being distributed by the following URL.

http://www.slow-tsunami-file.com/.../VLCMediaPlayerSetup__6071_i1432953073_il697.exe

Remove flashplayersetup__10154_i1432863422_il1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.