flashplayersetup__3720_i1326157361_il40.exe

Amonetize ltd.

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application flashplayersetup__3720_i1326157361_il40.exe by Amonetize ltd has been detected as adware by 26 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.solicitdownload.com.
Publisher:
Amonetize ltd.  (signed and verified)

Version:
1.1.1.12

MD5:
505f29cdcccbb0e6699988d8f91c3631

SHA-1:
b24a7ce36608e8df41ff1fb0c80b55f7543b5806

SHA-256:
26ce294abb40f08643e92d0371340247319fdf13e718e86d3337d9c414b4631c

Scanner detections:
26 / 68

Status:
Adware

Explanation:
This setup file is a re-distribution of the original program that bundles various adware offers during installation including toolbars and browser search extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 8:08:38 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Amonetize.18
6127378

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetize
2014.12.15

Avira AntiVirus
ADWARE/Adware.Gen
7.11.195.144

avast!
Win32:Amonetize-EF [PUP]
141214-1

AVG
Downloader.Generic14
2015.0.3260

Bitdefender
Gen:Variant.Application.Bundler.Amonetize.18
1.0.20.1745

Dr.Web
Adware.Downware.8564
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.Amonetize.18
9.0.0.4668

ESET NOD32
Win32/Amonetize.BR potentially unwanted application
7.0.302.0

F-Prot
W32/A-2cc77b1b
v6.4.7.1.166

F-Secure
Riskware.Gen:Variant.Application.Bundler
5.13.68

G Data
Gen:Variant.Application.Bundler.Amonetize.18
14.12.24

IKARUS anti.virus
AdWare.Amonetize
t3scan.1.8.5.0

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
15.0.0.543

Malwarebytes
PUP.Optional.Amonetize
v2014.12.15.03

McAfee
Program.PUP-FQT
16.8.708.2

MicroWorld eScan
Gen:Variant.Application.Bundler.Amonetize.18
15.0.0.1047

NANO AntiVirus
Riskware.Win32.Amonetize.dffaha
0.28.6.63850

Norman
Gen:Variant.Application.Bundler.Amonetize.18
04.12.2014 14:30:06

Panda Antivirus
Generic Suspicious
14.12.15.03

Reason Heuristics
PUP.Installer.Amonetizeltd.h
14.12.15.3

Trend Micro House Call
TROJ_GEN.R02SB01JA14
7.2.349

Vba32 AntiVirus
AdWare.Amonetize
3.12.26.3

VIPRE Antivirus
Threat.4785227
35418

Zillya! Antivirus
Adware.Amonetize.Win32.1260
2.0.0.2006

File size:
405.3 KB (415,008 bytes)

Product version:
1.1.1.12

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\flashplayersetup__3720_i1326157361_il40.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
9/15/2014 8:00:00 PM

Valid to:
11/15/2015 6:59:59 PM

Subject:
CN=Amonetize ltd., OU=Amonetize ltd., O=Amonetize ltd., L=Raanana, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4552F20FB38C60DF270F59C4A71B833F

File PE Metadata
Compilation timestamp:
9/10/2014 10:59:43 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:Wa5Mqqub6lskGCEurlTA2xhDUynfFGj446+xmB1rEh5LD02OmpWs2k:3Mqp6ikqgRpxhJFGjNgjyQ2OkWsx

Entry address:
0x17610

Entry point:
E8, 8B, 84, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, 94, AF, 3C, 00, 00, 75, 18, E8, A9, 7D, 00, 00, 6A, 1E, E8, F3, 7B, 00, 00, 68, FF, 00, 00, 00, E8, C3, F4, FF, FF, 59, 59, 8B, 45, 08, 85, C0, 75, 01, 40, 50, 6A, 00, FF, 35, 94, AF, 3C, 00, FF, 15, 60, 21, 3C, 00, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 94, AF, 3C, 00, 00, 75, 18, E8, 5F, 7D, 00, 00, 6A, 1E, E8, A9, 7B, 00, 00, 68, FF, 00, 00, 00, E8, 79, F4, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3...
 
[+]

Entropy:
7.2762

Code size:
192.5 KB (197,120 bytes)

The file flashplayersetup__3720_i1326157361_il40.exe has been seen being distributed by the following URL.

Remove flashplayersetup__3720_i1326157361_il40.exe - Powered by Reason Core Security