flashplayersetup__4651_i157472008_il540.exe

Installer

Amonetize ltd.

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application flashplayersetup__4651_i157472008_il540.exe by Amonetize ltd has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. With this installer, users are expecting to download the free Adobe Flash Player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Amônétízé Ltd  (signed by Amonetize ltd.)

Product:
Installer

Version:
1.1.5.89

MD5:
eee8b735513ccaf32ff24b5f3a6b7735

SHA-1:
a0dcc6f0b8363de0ae62065a3c77efc1598b5f0f

Scanner detections:
20 / 68

Status:
Adware

Explanation:
This setup file is a re-distribution of the original program that bundles various adware offers during installation including toolbars and browser search extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/24/2024 1:35:04 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Shopper.S
835

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.01.24

Bitdefender
Adware.Shopper.S
1.0.20.1475

Bkav FE
W32.Clod11d.Trojan
1.3.0.4923

Dr.Web
Adware.Downware.1729
9.0.1.0295

Emsisoft Anti-Malware
Adware.Shopper.S
8.14.10.22.02

ESET NOD32
Win32/Amonetize (variant)
8.9330

Fortinet FortiGate
Adware/Fam.NB
10/22/2014

F-Secure
Adware.Shopper.S
11.2014-22-10_4

G Data
Adware.Shopper
14.10.24

IKARUS anti.virus
AdWare.Shopper
t3scan.2.2.29

Malwarebytes
PUP.Optional.InstallMonetizer
v2014.10.22.02

McAfee
Adware-Amonetize!EEE8B735513C
5600.6969

MicroWorld eScan
Adware.Shopper.S
15.0.0.885

nProtect
Adware.Shopper.S
14.01.23.02

Panda Antivirus
Suspicious file
14.10.22.02

Reason Heuristics
PUP.Installer.Amonetizeltd.h
14.10.22.14

Sophos
Amonetize
4.97

Trend Micro House Call
TROJ_GEN.F47V1125
7.2.295

VIPRE Antivirus
Amonetize
25728

File size:
330 KB (337,960 bytes)

Product version:
2.1.12

Copyright:
(c) Amônétízé Ltd, 2012,2013. All rights reserved.

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\flashplayersetup__4651_i157472008_il540.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
3/19/2013 2:00:00 AM

Valid to:
6/19/2015 2:59:59 AM

Subject:
CN=Amonetize ltd., O=Amonetize ltd., L=Raanana, S=Alberta, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
235E7B2F1D4E0152189F6381E2BA8C97

File PE Metadata
Compilation timestamp:
11/25/2013 12:33:04 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:mYsvBwCAWIWezde6B+Wk2yvXBaMrPeZy4pPaUn0fxkXr8ZlEAXNrX7Fp9HSp2P:Vs5wXWqZk2yvRaMbNAy7ZkXrMXp0p2P

Entry address:
0x26C83

Entry point:
E8, 74, 96, 00, 00, E9, 89, FE, FF, FF, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00, 00, 00, 8B, D1, 83, E1, 7F, C1, EA, 07, 74, 65, EB, 06, 8D, 9B, 00, 00, 00, 00, 66, 0F, 6F, 06, 66, 0F, 6F, 4E, 10, 66, 0F, 6F, 56, 20, 66, 0F, 6F, 5E, 30, 66, 0F, 7F, 07, 66, 0F, 7F, 4F, 10, 66, 0F, 7F, 57, 20, 66, 0F, 7F, 5F, 30, 66, 0F, 6F, 66, 40, 66, 0F, 6F, 6E, 50, 66, 0F, 6F, 76, 60, 66, 0F, 6F, 7E, 70, 66, 0F, 7F, 67, 40, 66, 0F, 7F, 6F, 50, 66, 0F, 7F, 77, 60, 66, 0F, 7F, 7F, 70, 8D, B6, 80, 00, 00, 00, 8D, BF...
 
[+]

Entropy:
6.4521

Code size:
229.5 KB (235,008 bytes)

The file flashplayersetup__4651_i157472008_il540.exe has been seen being distributed by the following 4 URLs.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.soledownload.com  (54.225.181.84:80)

TCP (HTTP):
Connects to www.activemonetizer.com  (23.23.96.46:80)

 
http://www.activemonetizer.com/index.php?Net2=v2.0.50727&Net4=&OSversion=NT5.1SP3&Slv=&Sysid=B212537525&Sysid1=B212537525&X64=N&admin=Y&browser=IEXPLORE.EXE&chver=&exe=ikjut__12321414&offver=&lang_DfltUser=04

Remove flashplayersetup__4651_i157472008_il540.exe - Powered by Reason Core Security